Forum Moderators: phranque
I have discovered, through a series of "bounced back", filtered emails I have received that a site/domain for which I am webmaster is being used by spammers.
I don't know all there is to know about reading email headers to determine origin but even if I did, I couldn't analyze these mails that are being returned to me as the "catch all" recipient for this domain as the expanded headers aren't being made
available to me.
My concern is that this domain will end up on so called black lists which will make future legitimate communications difficult and give the domain a bad name in general.
The return addresses are for example;
Dshubba@mydomain.com
motorcycle@mydomain.com
modify@mydomain.com
punitive@mydomain.com
tryouts@mydomain.com
...with "from" names such as "Tilted T. Randomize", "Exorcize I. Harmfulness"and "Parched H. Heehawed"
I'm in the dark about what to do about this, can anyone offer any assistance?
Ken
generally you won't get blacklisted for it as it is usually obvious that it is a false address.
It occured to me that while on one hand being set up as the "catch all" for this domain is good in case someone with a legitimate query sends to an unconfigured addy someone will in fact get it, the fact that the mail doesn't not back could lead someone, or a smart spam filter to believe the "spoofed" addy is real thereby creating the impression the spam did in fact come from this address.
I do hope these filters are sophisticated enough to be able to tell the spam did not come from the domain in the "From" field but I'm not sure that is the case.
Is a "catch all" configuration really a good thing?
Ken
Basically what it does is it when a spammer tries to send spams to a list of recipients on an ISP's server, the server will verify the connecting host whether it is authorized to send mail on behalf of your domain, if it is not, the ISP's server will not accept the mails.
It is simply adding a TXT entry in your authoritative DNS server with the approved mail servers.
I simply add the following entry in my DNS servers;
IN TXT v=spf1 a mx ~all
Then the spammer who is probably sleeping while his machine does the dirty work, will wake up the next day to realise that he has wasted one day of his spamming life because he try to joe-job you and the scheme backfired.
This sounds like powerful stuff but in the case of a virtual account I assume I do not have access to DNS servers. Would this be something tech support for the hosting company could/should be able to handle?
Thanks!
Ken
i thought a joe job was where the email was actually routed through the domain's actual mail server rather than just adding fake headers
... and in any case many people are not able to make changes to dns records (due to their hosting set up or where they bought the domain name)
If your hosting company takes care of the DNS issues, just write them an email and request that they add the entry into your authoritative nameservers.
A joe-job is when a spammer sends out emails and put your email address as the sender. This is normally done by connecting direct to the recipient's mail server via their DSL or dialup account and attempt to deliver it that way.
I do not know what is it is call if it is not joe-job. Care to advise?
