"undeliverable Mail" Spam

[sylvest]

In the last couple of weeks I've been receiving loads of spam which purports to be a failure report of some kind from some mail server which says that I have tried to send an e-mail to an unknown user or similar. The address given is one that I've never seen before and have certainly never tried to send mail to. The mail is always addressed to some non-existent username (I guess a random sequence of letters) at my domain. These messages sometimes contain a block of base64 code (I guess some kind of malware), sometimes a scanned page of text, and sometimes they seem to contain no obvious payload.

• where is this sapm coming from?
  
• are other users experiencing the same?
  
• why isn't TCH's spam filtering (which is normally extremely good) filtering this out?
  
• what can I do to get rid of this spam?
  

I've received 32 of these messages so far today, and it's increasing rapidly. Need a fix urgently!

 

Thanks - Rowan

[TCH-Bruce]

Your email address is being spoofed and there is nothing you can do about it.

 

You can set your default email address in cPanel to :fail: and any email addressed to your domain that you have not set up an email address or forward for will get bounced and deleted.

[stevevan]

Welcome to life on the internet. As Bruce said, make sure your default address on your site is set to :fail:. Also, if you know the email to be spam, DON'T OPEN IT (especially if you're using Outlook or Outlook Express) as it may contain a virus. Simply delete it. Out of all my email accounts, I probably delete about 25-30 messages a day that I don't even open.

[sylvest]

Welcome to life on the internet.

I'm not new to the internet. At work (where I have no server-side anti-spam system) I receive 150 spams a day. Mercifully at home your filtering gets rid of the vast majority of it. But something has changed in the last couple of weeks. I'm not used to receiving large numbers of this particular type of spam. So either someone has come up with a new system for sending spam (in which case I would expect others to have noticed the same thing) or it's always been there but has only just found me.

I would prefer not to lose all the mail addressed to non-existent usernames on my domain, but I suppose if I add mailboxes for "postmaster", "webmaster" and anything else that I think people might genuinely use, I'm not likely to lose anything too valuable.

Anyway - thanks for your advice.

 

Rowan

[TCH-Don]

You don't have to add mail accounts for those

just create a forward for postmaster to one of your existing accounts.

[TCH-JimE]

I would prefer not to lose all the mail addressed to non-existent usernames on my domain, but I suppose if I add mailboxes for "postmaster", "webmaster" and anything else that I think people might genuinely use, I'm not likely to lose anything too valuable.

 

From my experience in web design, there should be a single way to contact you which is always the best, and this address should not be easily available, e.g. should be held in a php file which is called when a contact form is processed. Email that is not directley addressesed is always going to be 99.999999% spam.

 

Jim

[Samrc]

Unfortunately, even if you use a PHP form that does not give your email address to spam spiders, if someone sends you cute cards, or other things from sites that gather email addresses, that address can be sold to spammers.

 

I had a personal email address that was spam free for almost 6 years, never posted, never used on the web to sign up for anything. It has been captured because a friend filled in the address at a site to send me a goodie.... They had the best intentions, but now I am being flooded on that account.