mdscott Posted August 11, 2005 Posted August 11, 2005 Over the past few days I have received well over a hundred messages from non-existing accounts in my domain [Help@scottsonline.org; Security@scottsonline.org; etc.] relating all sorts of fictitious security or access related issues and seeking verification by opening an attached .zip or .exe file. Any easy way to seek the culprit -- which I assume is external to TCH. Michael Scott Quote
TCH-Andy Posted August 11, 2005 Posted August 11, 2005 Welcome to the forums You would need to look at the email headers, and check the IP address that it came from. If you are not sure - post the headers here Quote
TCH-Dick Posted August 11, 2005 Posted August 11, 2005 I wouldn't waste any time trying to figure out where it came from. Its usually sent from some poor saps PC that has no clue its being done. However, in cPanel under Mail, look for Default Address and click it. Make sure it has :fail: set for your domain. This will cause all email without an account to be bounced/discarded. Quote
mdscott Posted August 11, 2005 Author Posted August 11, 2005 I do have a "catch-all" mailbox that gets any incomming message which do not have a valid address -- these all have a valid "To" address but all have non-existent "From". mds Quote
TCH-Thomas Posted August 11, 2005 Posted August 11, 2005 What I think Dick means is that there are viruses etc that can fake the "from" field. It can be that someone have you in their addressbook and if they are infected, this kind of things can happen without them knowing it. I have had this problem many times, first time I received a mail from a claudia@my tch hosted domain.com. The problem was that I neither know a Claudia or have set up an address claudia@...com, so then we figured out someone had me in their addressbook and they were causing it without knowing. As Dick said, don´t waste time with checking it out, but however, what you can do is to make sure to remind your friends to have clean computers. and... Welcome to the forum. Quote
TCH-Rob Posted August 11, 2005 Posted August 11, 2005 Unfortunately there is not much that can be done about it. This is becoming part of a domain owners life. Quote
cajunman4life Posted August 11, 2005 Posted August 11, 2005 Of course you could have everyone just memorize your address, and tell them not to put it in an address book... or use FreeBSD! Sorry couldn't resist. Quote
mdscott Posted August 11, 2005 Author Posted August 11, 2005 Sigh, what I expected. For what its worth here are examples of headers: Content-Type: multipart/mixed; boundary="----=_NextPart_000_0008_E72F51E2.75D460C4" Date: Tue, 9 Aug 2005 18:00:59 -0700 [08/09/2005 09:00:59 PM EDT] Delivery-date: Tue, 09 Aug 2005 20:59:51 -0400 Envelope-to: michael@*******.org From: service@********.org MIME-Version: 1.0 Received: from [71.111.168.17] (helo=*******.org) by server24.totalchoicehosting.com with esmtp (Exim 4.44) id 1E2ewf-0005CV-SR for michael@*********.org; Tue, 09 Aug 2005 20:59:51 -0400 Return-path: <service@*******.org> ====== Content-Type: multipart/mixed; boundary="----=_NextPart_000_0000_E084EF61.CDBC4406" Date: Wed, 10 Aug 2005 04:22:22 -0700 [08/10/2005 07:22:22 AM EDT] Delivery-date: Wed, 10 Aug 2005 07:21:06 -0400 Envelope-to: michael@*********.org From: admin@********.org MIME-Version: 1.0 Received: from [71.111.168.17] (helo=********.org) by server24.totalchoicehosting.com with esmtp (Exim 4.44) id 1E2ods-0007t2-Uf for michael@********.org; Wed, 10 Aug 2005 07:21:06 -0400 Return-path: <admin@*******.org> ====== mds ps; Thanks for the welcomes -- my lack of participation is a testament as to how trouble free TCH is for the small casual user!! Edit: TCH-Bruce I've removed your domain name so you don't get more spam! Quote
TCH-Don Posted August 11, 2005 Posted August 11, 2005 Welcome to the fourms Michael and the life of a domain name owner Quote
mdscott Posted August 12, 2005 Author Posted August 12, 2005 (edited) and the life of a domain name owner <{POST_SNAPBACK}> I realize that we have led a charmed and uneventful life... and since I am the guy who gives out the addresses it is easy to tell when they are fake. mds Edited August 12, 2005 by mdscott Quote
TCH-Don Posted August 12, 2005 Posted August 12, 2005 I get way too many of these every day I filter most but you can't guess what they will use Quote
TCH-Andy Posted August 12, 2005 Posted August 12, 2005 Your spam is coming from 71.111.168.17, someone near Portland, Oregon - who uses verizon..... if that helps. Quote
stevevan Posted August 12, 2005 Posted August 12, 2005 Welcome to the forums and life on the Internet. You can't stop it completely, but you can minimize the amount by setting up filters properly. Quote
mdscott Posted August 12, 2005 Author Posted August 12, 2005 Your spam is coming from 71.111.168.17, someone near Portland, Oregon - who uses verizon..... if that helps. <{POST_SNAPBACK}> Hmm... Time to put on the detective hat -- thanks mds Quote
kayaker Posted August 18, 2005 Posted August 18, 2005 The same thing just happened to my daughter. She received spam from her own email address to her email address! It was all about Microsoft and spamming issues. Very odd. I could have her give me the whole header, but from reading the replies to this topic I can see that it's not of much use. I just hope that other people aren't being flooded with emails "from" her and thinking she's sending them. Karen Quote
TCH-Andy Posted August 18, 2005 Posted August 18, 2005 The "norm" with that spam is to set the "from" address and the "to" address the same. Hence your daughter will get it from herself - but if I were to receive it, it would say I had sent it. So nobody else should get that spam "from" her. The best thing is to just delete it - or set up a filter to block it. Quote
kahill Posted August 19, 2005 Posted August 19, 2005 The same thing just happened to my daughter. She received spam from her own email address to her email address! It was all about Microsoft and spamming issues. Very odd. I could have her give me the whole header, but from reading the replies to this topic I can see that it's not of much use. I just hope that other people aren't being flooded with emails "from" her and thinking she's sending them. Karen <{POST_SNAPBACK}> Well, I've been getting the same thing (From myself TO: myself in headers) and it is the same Microsoft spam. The bad thing is - I've just been notified that my domain is showing up on SPAMCOP and I assume all of my CLIENTS are now blacklisted cause they are on the same server....... This is an SOS issue! Quote
TCH-Rob Posted August 19, 2005 Posted August 19, 2005 Check the headers, most of the time you will see that the IP address is not the same as yours when you get email like that. Most companies that use blacklists go by the sending IP address and not the email address that it says it is coming from. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.