Somebody using my domain to spam

Forum Moderators: phranque

Message Too Old, No Replies

Somebody using my domain to spam

What can I do about it?

jmorgan

2:26 pm on Oct 3, 2009 (gmt 0)

Somebody has decided, for whatever reason, to use one of my domains as the from address in their spam emails.

I know this because I keep getting bounced or blocked emails or out of office replies to my catch all inbox.

Needless to say, this is going to reflect badly on my domain when I have had nothing to do with this.

What would you suggest I do about this because frankly, I can't think of anything that would stop this person from continuing to abuse my domain name.

wyweb

3:04 pm on Oct 3, 2009 (gmt 0)

What would you suggest I do about this

Live with it.

jk3210

5:47 pm on Oct 3, 2009 (gmt 0)

Check your MySQL database that's associated with your domain, especially if you never use it. See if you can find an entry that's labeled something like "users" or "email_address" that's packed with a zillion email addresses.

If so, that MAY be where it's coming from.

Leosghost

6:15 pm on Oct 3, 2009 (gmt 0)

why use a "catch all" anyway ..just set up your system for the actual email addys that you have ..and black hole all other incoming ..

and then as wyweb says just live with it ..you cant help it nor do anything about ..

it it may very well be zombies using your addys as spoofed send and running everything they find in address books from all over the entire world via trojans phoning home to the boss ..

and being told "use all found addys , run spam" ..

happens all the time ..has been happening for years ..and as long as end users don't have to pass a competency or a "do you have triple digit IQ..prove it ..go to next step" or some such test to connect a computer to the tubes ..it will keep on happening ..

people doing stupid things that have unpleasant consequences for others...

it's like death and taxes ..

Hoople

12:53 am on Oct 6, 2009 (gmt 0)

Sounds like 'backscatter' or someone is 'joe job' ing you. You can get some relief by adding SPF records in your DNS and enabling a ant-spam gateway ahead of your email server.

Between SPF, Spamassasin and tarpitting/greylisting you can reduce general SPAM by double digit percentages. Backscatter and joe job tend to be multiple IP's and subject based filtering is sometimes more effective.

As always YMMV. Some big $$$$ anti-SPAM measures outperform open source solutions on certain types of SPAM.

jmorgan

10:55 pm on Oct 6, 2009 (gmt 0)

Hoople thanks for that. I've added a SPF record. Hopefully that should help a little.

wyweb

11:12 pm on Oct 6, 2009 (gmt 0)

You can do all of that, sure. You can't stop anyone from spoofing your domain in the return, any more than you can stop someone sending snailmail with your return address on it.

WebWonk

3:56 pm on Oct 8, 2009 (gmt 0)

Are you using a form mail on your website? I actually had to close the mailboxes temporarily. I eliminated the form mail and added a gmail account on the contact page. I created a spam poison page linked only through a small image of back ground color on the contact page with the gmail address (so my customers won't see it). I added an "ignore" command for that poison page to my robots.txt. Of course the spambot won't pay any attention to that, but the good bots will. I did nothing fancy with the gmail address which should draw spam like flies, but I get little to none. The spam bots appear to follow the link to the poison page and roast in the cyber furnace. It seems to have worked for me.

MrHard

10:09 pm on Oct 9, 2009 (gmt 0)

Competitor.