Help!, Someone is sending spam via my e-mail address.

Forum Moderators: phranque

Message Too Old, No Replies

Help!, Someone is sending spam via my e-mail address.

What can I do?

zoltan

1:43 pm on Sep 22, 2004 (gmt 0)

I noticed today, that I receive many bounced e-mails through one of my e-mail addresses. After reviewing the headers I found out that someone is using:
Return-Path: <my@email.com>
From: "Someone's Newsletter" <my@email.com>.
The e-mails are not sent out from my webserver, they are only sing my returnpath and from address.

Can my e-mail address be placed on various spam/black lists because of this incident?

From what I see the e-mails are originated from many different servers (maybe open relays). Is there any way, to block someone using my mail address, or to find out what servers are the e-mails really coming from?

Any suggestion is welcome!

[edited by: Woz at 4:23 am (utc) on Sep. 23, 2004]
[edit reason] No specifics please, see TOS#13 [/edit]

Dreamquick

2:13 pm on Sep 22, 2004 (gmt 0)

Aside from bounces and people who take every email at face value I don't really think you personally have a lot to worry about if it's not coming from your server - all the serious blacklists are already designed to deal with this scenario.

As for stopping it ... the problem of getting "joe-jobbed" (email with a spoofed from address) will never go away totally, but systems like SPF (Sender Permitted From) might help in the future when they become more widely adopted.

- Tony

zoltan

2:30 pm on Sep 22, 2004 (gmt 0)

Thanks for your help!

zoltan

4:41 pm on Sep 23, 2004 (gmt 0)

Hmm... the problem is that I keep getting those bounced emails. Will that never stop?

drbrain

4:54 pm on Sep 23, 2004 (gmt 0)

You can filter all messages from MAILER-DAEMON that don't come from your server to the trash.

Matt Probert

4:59 pm on Sep 23, 2004 (gmt 0)

This is a common problem. Viruses, trojans, automatic spamming software all obtain email addresess from address books on infected PCs and from email address lists and use these addresses as both return and from addresses in their emails.

Most system operators are aware of this, and realise that *you* haven't sent the emails - heck I even receive them claiming to come from non-existant accounts on our own server!

Matt

webdude

6:16 pm on Sep 23, 2004 (gmt 0)

I have several email servers that I run for about 8 different companies. I get calls weekly on this exact subject.

I can confirm that you are not alone. I get emails returned to me that I never sent on a daily basis. It;s best to ignore them.

Spoofing an email address is a lot easier then spoofing an IP address. RBLs (Realtime Black Lists), that i think you are referring to, are for email servers, not individual users. Usually to get listed in one, you need to be reported and the ip of the mail server must have either an open relay or a history of lots os spam.

I am not sure, but I am unaware of a black list for individual email accounts. I would think the list would be way to large to administer and the fact that spoofing email addresses is so easy, it would become pretty useless.