Jump to content

Spammers Using My Email Return Address?


jacksdad
 Share

Recommended Posts

I have sometimes gotten "mail delivery failure" notices for emails I never sent, but I just delete them. This morning, I got 186 failure notices. They were for a spam message. I think a spammer has forged my email address in the return... What can I do?

 

1. I don't want to get blamed for this by TCH.

2. I don't want to sort through all these emails to delete them, and possibly delete a legit email.

3. I don't want the recipients getting mad at me for spam.

 

BTW, SpamAssassin is a priceless (and free here at TCH). It filters out 10-50 spams a day for me. I don't want to use it to filter these though, in case I send a real email and for some reason it doesn't go through.

 

so the question is, what do you do if a spammer is forging your email address as a return? or do I have an unsecured relay (I don't know what that is, but I remember reading something about it once)...

 

help!

Link to comment
Share on other sites

The relay is TCH's responsbility, unless you have an unmanaged dedicated server? =)

 

As far as stopping people from spoofing - impossible. All one has to do is go to their email client and change the reply-to and/or from. It doesn't mean it's coming anywhere near TCH's servers other than bounces, you can check the headers and report them but its really useless to do. :dance:

Link to comment
Share on other sites

Only 10-50 spams a day. Wish that's all I received. I get that in an hour.

 

What I have done is created another email account for the messages Spam Assassin is tagging and forward them to that account.

 

I had it turned off for a while because it was not catching any good email but turned it back on yesterday because of a mailing I did and I wanted to catch all replies to it. Of course it hasn't caught any replies yet only spam. This morning I had over 200 since 4pm yesterday. And I just checked again, last check 8:30am this morning and there were another 75.

 

Create the account in cPanel and then create an email filter where the X-Spam header begins with, enter "Yes" in the option box and enter the account to forward it to. That should at least save you some time finding your good email amongst the trash.

Link to comment
Share on other sites

Lisa and Bruce,

 

Thanks for the quick answers...

 

I think I am the victim of spoofing. So there is nothing I can do to stop it in the future????

 

I use spam assassin to automatically delete all messages to some of my old compromised addresses. Unfortunately, the address in question was compromised but is on my business card, so I can't just delete all the messages to it (i do filter it though). I also don't want to auto delete all messages that say "mail delivery failure", etc, because sometimes they are legit and I need to know my message never got through.

 

I guess I just hope this spoof was a one time thing, and that the spammer keeps changing the spoofed address...

 

thanks again

Link to comment
Share on other sites

Yes, I understand this problem is NOT related to TCH in any way, but is because a spammer somehow got one of my email addresses (there are so many ways they can do this, the slimy B*A*S*T*A*R***s).

 

I just wanted to make sure you guys wouldn't think my account is spamming, and also hoped that there was something I could do to stop spammers from spoofing my email address.

 

I'll say it again, SpamAssassin is worth its weight in gold, and is a free feature at TCH.

Link to comment
Share on other sites

I just wanted to make sure you guys wouldn't think my account is spamming, and also hoped that there was something I could do to stop spammers from spoofing my email address.

Wouldn't really ever be a problem. We would look at the headers (difficult to forge) not the from address (easy to forge) on any spam complaints.

 

The SMTP protocol that mail uses really needs to be updated to counter these types of problems eventually.

Edited by TCH-MikeJ
Link to comment
Share on other sites

Recently, I've been receiving delivery notification: undeliverable about a spam message that uses my e-mail address in it's From-field as well. Like I've been sending those spam e-mails Mad!!!

 

As I understand from the above, I can't do anything about this :dance: However, is it somehow possible that Spamassasin recognizes these invalid bounce e-mails as spam, because they are starting to fill up my inbox?

Link to comment
Share on other sites

I got one of my domains swiped last week for this use as well, so I've been getting about 50 "bounce" messages a day with random email addresses (because I use a catchall address, a practice which may have to end on that domain). Before this I almost never got spam because of the compartmentalization of how I use addresses (facilitated by the catchall address). I won't go into that, but I am a little curious why the first spams I got were at an address I only gave to TCH last year and never to anyone else.

 

Anyway, it hardly matters now. They've decided they like my domain. I'm sure that there are 100x as many spam email "from" me getting through to unsuspecting victims.

 

In terms of doing something about it, all is not lost, however. There are several movements afoot to assist with authenticating authorized senders. A good start is to check out this site:

 

Sender Policy Framework

 

I do not know whether or not TCH's in-house DNS allows the addition of TXT records, but if so (I host my DNS separately), it's worth using the wizard here to create a pertinent record for any domain you own, because more providers are adopting this or similar standards and it's already helping cut down spam and successful forgery.

 

I added one yesterday for the hijacked domain, but I have no idea if it will do any good. It can't hurt. :)

Link to comment
Share on other sites

If you are using a catchall then the very creation of the domain name will get you spams - you don't have to give it to anyone. The spammers see a new domain pop up in the listings and poof, they have a ready-made scape goat for their spammy garbage.

Link to comment
Share on other sites

Oh believe me I've seen THAT happen -- like on a domain that I have never used email (or anything else) on, but for some reason had a catchall address for.

 

As it happens, though, the domain that was hijacked has existed since 1996. So....that's not what happened in this case.

 

Frankly, as careful as I am, I am amazed I avoided this sort of thing on that domain for 8 years.

Link to comment
Share on other sites

Rob's right, there's nothing you can do. If you filter them you miss legitimate bounce messages. The bottom line is that the email system needs to be rebuilt to avoid this kind of abuse but that's a major undertaking that many are not willing to undertake.

Link to comment
Share on other sites

OK, so I'll just have to delete the spam related bounce messages by hand. Guess I will be able to live with this ;)

 

Only one more concern:

Is there a chance that this way my mailadres will get on a blacklist or something similar? If so, will you be notified or not?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...