How can this address possibly be receiving spam? - Website Technology Issues forum at WebmasterWorld - WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

How can this address possibly be receiving spam?

Brand new server receiving spam to its internal hostname?

groovyhippo

11:58 am on May 19, 2003 (gmt 0)

10+ Year Member

I have just bought a brand new dedicated server with a large and respected hosting company. I spent a few days configuring the server in various ways before I moved my sites on to it.

One of the things I did was to change the hostname of the server (in etc/hosts) from the default server.hostingcompany.com to myserver.mydomain.com (just because I prefer to see my domain name rather than my hosting co's domain name there).

The only way myserver.mydomain.com is used for email is to receive the system-generated internal emails to root user on the server. I have never published or used this email address or domain anywhere - nor do I intend to.

But after only a few days I'm now getting a sizeable and growing amount of spam mail to name@myserver.mydomain.com. How can this be? How could anyone possibly know the existence of that domain? I can understand it if they were sending to the TLD name@mydomain.com, but not to the subdomain name@myserver.mydomain.com.

I'm aware of various measures I can take to combat this spam, so that's not my question. I just want to know how this address could have become common knowledge!

DaveN

2:39 pm on May 19, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I take it that on one has used that machine to browse the web or send email from.

DaveN

DaveAtIFG

3:00 pm on May 19, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Is the address in your domain name records? Perhaps your domain name registrar also sells email address lists.

chiyo

3:27 pm on May 19, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

We had this too when we started with a large provider, probably same as yours!

Our username was just 3 letters so our default address was ***@hostingcompany.com though we only really uses our virtual domains. We found that we got heaps of email to that default address and assumed that a spammer has sold heaps of email addresses with every possible combinations of 3 letters for the prefix and with the hosting company domain i.e. ***.hostingcompany.com

We just automatically delete all emails to that "Default" address. Spammers also do this for many domains they find on the web plus obvious ones like webmaster, info, enquiry, etc.

Maybe the default ***.hostingprovider.com is being redirected to your virtual domains?

[edited by: chiyo at 3:30 pm (utc) on May 19, 2003]

groovyhippo

3:29 pm on May 19, 2003 (gmt 0)

10+ Year Member

Nope, no-one has used the server to browse the web or send email. In fact, I'm the only person who has any access to the server, so that's tightly controlled.

The top-level part of the domain is mentioned in the domain name records as it is also used for my nameservers. I use ns1.mydomain.com and ns2.mydomain.com for all my domains.

But that can't explain it, as the spammers are using myserver.mydomain.com and that subdomain isn't mentioned in the domain name records at all.

Is there perhaps some way you can interrogate a server to reveal its hostname? Could I find out the hostname of the server running webmasterworld, for instance?

groovyhippo

3:37 pm on May 19, 2003 (gmt 0)

10+ Year Member

Chiyo, I think my situation is a little different from the one you've described, as I'm getting mail to a subdomain rather than just a username.

The mails are going to randomnames@subdomain.mydomain.com

Now, that new subdomain has nothing to do with the hosting company, has never been used before, and has never been published or used to email anyone.

So it can't be that spammers are guessing the address, as they'd have to guess both the bit before the @ symbol and also the next bit of the domain. Can't believe any of them are doing that!