Probably the second if your machine is properly protected.

Hi,

I also had the same problem a few months ago. They are from spammers using random email addresses from your domain as the sender and the receiver does not exists, so they bounce back to you.
The only solution I had then was to disable my catch-all address. From that moment on they stopped.
They do not use your server to send the emails by the way, it is only the sender address from your domain that they fake.

Thanks, that's what I figured but I just wanted to make sure.

I've gotten some of these, with virus payloads, and I think in those cases they actually faked the bounce--it was sent directly to an address at my domain with all the bounce information faked.

In those cases, I think they are trying to get people to believe that the virus payload will solve a problem that doesn't exist. Yet.

The only solution I had then was to disable my catch-all address. From that moment on they stopped.

They're probably still being sent you just won't get the bounce back.

This can be a serious problem. Some ISPs anti-spam programs may put your email addess on a banned list. Also if an ISP uses a proprietory anti-spam program, the banned list can affect several ISPs.

I had a mountain of stuff sent using my email address, which I only knew about when I started getting the bounced messages. But within a week or so I had many of my own emails bounced back to me because they were seen as spam by the recipient's ISP. It eventually forced me to use another email address.

The initial problem of someone sending email using your email address may lie with your ISP to some extent, e.g., they might have an open server. My ISP eventually admitted they had had lots of similar complaints and they were "working on it". But once your email address has been judged to be a source of spam there's nothing you can do about it.

Make sure you have an SPF record in your DNS, and make sure it is as restrictrive as possible.

This may not solve the problem, but it will minimize the potential for falsifying your return address.

an SPF record in your DNS

Thanks for the information, but what's that?

an SPF record in your DNS

Thanks for the information, but what's that?

Did you try a search?

Comes up as the first search result:

[openspf.org...]

No, I didn't try a search, because sometimes a simple explanation from another WebmasterWorld member is much more useful than wading through unfamiliar web sites. I'll try that site and come back here if I don't understand something.

I am having the exact same problem as Crak Pot describes and that is what brought me to this site...I am getting dozens of the bounce back messages too...sure I can block seeing those messages, but the bigger problem is the black eye that my two domains are getting. One of them is a personal travelogue site, but the other is a business site and I don't want it tainted.

I went to the link about the SPF, but am not sure what it all means yet. Are they trying to sell me something? I will go back to it and read more. As the previous poster said, sometimes it is easier to understand a simple explanation from a sophisticated user.

I went to the link about the SPF, but am not sure what it all means yet. Are they trying to sell me something?

Nope. It's a volunteer-run website to promote the adoption of SPF in order to help combat spam.

The basic idea is that you use a special DNS record to publish exactly which email servers you send your mail from. ISPs can voluntarily use this information to block mail claiming to be from your domain that is sent through a different server.

It's certainly not a universal or complete fix, but it can help.

[edited by: jtara at 9:18 pm (utc) on Oct. 19, 2006]

Okay, I went back and read some more...

Quote" If you know your users are well-behaved and always send mail through your servers, you don't need to do anything. (Law firms with their voluminous disclaimers should already be in this category. So should ISPs that provide SMTP AUTH.)

Otherwise, you should set up SMTP AUTH access for your users. Many ISPs already support this; yours may be one of them.

If you're a user, make sure that when you send mail it goes through your ISP's mail servers. You may need to enable Authenticated SMTP if you regularly connect to the Internet from outside your ISP's network.

We have prepared separate instructions for websites that generate email and for outsourced email service providers who send mail on contract. " Endquote

I think I fall into this category...it is my domain name, I am the only user of the domain that sends email with an email address of myemailname@mydomainname.com and I am well behaved. My domains are hosted by Yahoo...

So how do I do what it says above?

Jtara, thanks for the response. How do I know what my servers are so I can put them on the list?

OK. I get the general idea. I guess I have to set this up through my web hosting company, yes?

Hmmm. I wonder if crak_bot has checked the IP in the headers and not just the domain name. This seems to be an issue no one in the forums about problems like this has touched upon (instead just assuming it is a DNS spoof and not actually being sent via the IP itself).

My problem seems to be that spammers are actually submitting spam directly from my IP! Not my domain name (although some do).

When we get the spam the headers show they were actually sent directly from our IP.

I think they are using forms that point to a given php mail procees page >>action="../somefolder/somesendformpage.php"<< which is also usually a "your mail was sent confirmation" page.

I've received a few form submissions from my site that are very strange and obviously scripts with a link to a blank url included - even though my validation prohibited script tags.

I have since discovered that they circumvent the standard encode chars UTF-8 or ISO-8859-1 by using symbols for the standard tags (eg: the latin versions of "<" and ">" is &lt; and &gt; - And each language may have a different char set of inturpreting the < and > tags). So it slips through any simple html deny I write.

crak_bot, have you checked the headers of any spam mail you DO receive to see if they are coming from your actual IP?

Usually these will are very obvious, automatically generated subjects and include an attachment. The sent name does not necessarily even come from your own domain name. The pattern I've seen is the actual "from" domain is hidden and and is just a one word or first and last name like: from: "somethere" or from: Jim Stone.

The subject is also generally either one word or a rediculous string of words like: subject: "and he weigh" or "status".