Welcome to WebmasterWorld Guest from 35.175.120.174

Forum Moderators: phranque

Message Too Old, No Replies

People Spamming With My Domain

what can be done?

     
9:22 pm on Aug 8, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 27, 2003
posts:751
votes: 1


On some of my domains, I have all incoming email forwarded to a single email account. So anyname@mydomain.com will go to one inbox. It seems like some spammers out there are sending massive amounts of spam with the from address being somename@mydomain.com, and all the "failed to deliver" messages show up in my inbox. Hundreds of them!

Now, I believe these spams aren't going through my mail server. The headers seem to say that they're coming from somewhere else. But it's my domain they're putting in the from address.

First, does this hurt me in any way? Can I get put on spam lists even if the spams aren't coming from my mail server?

Second, is there anything I can do about this?

9:54 pm on Aug 8, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member quadrille is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 22, 2002
posts:3455
votes: 0


Change your email set up so that you only use the email addresses that actually matter.

Have all others go to delete without bounce.

11:20 pm on Aug 8, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 26, 2004
posts:1392
votes: 0


And run a spyware etc check on your own computer. YOU might be the one sending all that stuff out...
1:19 pm on Aug 9, 2007 (gmt 0)

Full Member

10+ Year Member

joined:July 13, 2007
posts:235
votes: 0


I used to use the same setup with one of my domains. I can vouch for him; it's definitely not his problem. I ran two antivirus scanners and an anti-spyware scanner full-time on every system that had access to send e-mail, and it didn't help a thing.

The only solutions are to either filter all e-mails that are returned or simply use specific single e-mail addresses forwarded to your account instead of forwarding all e-mail addresses on the domain to your account.

1:49 pm on Aug 9, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member quadrille is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 22, 2002
posts:3455
votes: 0


WesleyC: You cannot vouch for him, unless you've personally checked his computer and his email service!

While he might well have the same problem you did, you cannot know that. Nor can he :)

You are probably right: Probably, his 'name is being taken in vain'. And after a while, they'll move on to another email address.

It may also be his habit of enabling an infinite number of email addresses, which is asking for spam.

But it ain't necessarily so.

He'd be wise to double check; there is a chance - small - that it's a result of some kind of scumware. Wlauzon makes a good point.

It may even be that he's replied to a spammer or three - or used a spammer's 'opt out' page - which is actually, of course, an 'opt in' - a guarantee to be abused in every way a spammer can abuse you.

Different diseases often show similar symptoms!

2:23 pm on Aug 9, 2007 (gmt 0)

Junior Member

10+ Year Member

joined:June 8, 2007
posts:76
votes: 0


Had a similar problem. Loads of emails being sent from my account.

My machine was clean. The server that I used for email was infected!

This was not in my physical realm so had to leave it to the service provider to sort it out. They did after having complained to them and forwarded them some of the emails.

4:13 pm on Aug 9, 2007 (gmt 0)

New User

10+ Year Member

joined:Apr 16, 2006
posts:15
votes: 0


This recently happened to me & I spent a while worrying about it.

From what I can gather most spam databases are wise to this so you shouldn't get blacklisted - the originating IP as well as the domain are taken into account.

If you want to feel like you have done something to stop this, carefully look at the headers of some of the bounced messages & contact the ISP of the originator.

The problem is that the originator will have some form of malware that has picked on your domain at random (hopefully!) & is using it in fake mail headers. The ISP will be unlikely to do anything.

You could also consider using SPF to ensure that anyone, who really needs to, can validate your emails.

Like Quadrille said, just shove any emails with an unknown recipient into a blackhole and forget about it until somebody comes up with a saner email system.

12:32 am on Aug 10, 2007 (gmt 0)

New User

10+ Year Member

joined:Sept 21, 2005
posts:31
votes: 0


I sincerely hope you're right about spam databases being smart enough to know the difference about domains being "spoofed" like this.

I got several (and counting) just now returned undeliverable messages from an IP I tracked to Puerto Rico: 64.237.151.139

Puerto Rico Telephone Company
Ave Roosevelt 1513 7th Floor
P.O. Box 360998
San Juan, PR

I used to get hundreds of these daily as well. I don't think there's anything you can do about it so long as spammers can spoof the reply-to or from fields.

I'm not sure I understand the advantage for spammers who do this. What's the point? Does anyone know of a place where we can report abuse? The PRT website is in Spanish.

1:23 am on Aug 10, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member quadrille is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 22, 2002
posts:3455
votes: 0


If it is a spammer, in another country, there's virtually nothing you can do but wait until they move on (and they will).

The harder you try to stop them, the more they'll persist - just for spite.

If they are in your country, then you may be more effective.

9:42 am on Aug 10, 2007 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member piatkow is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 5, 2006
posts:3463
votes: 69


Happened to me on my personal email, certainly wasn't from my machine as I was on holiday at the time and it was switched off and unplugged. Examining the headers showed that it didn't look as if my ISP was compromised either.