Spam Messages

[jweltz]

I've been getting a lot of undeliverable message alerts in my catchall address lately. My main concern is that they are returned spam messages. These have been easy to deal with by just deleting them - until recently. I have received a couple "official" notices from various universities and IT depts informing me that they have originated from my website and will notify my ISP/Host if I do not stop. (one of which is the company I work for!) I chuckled and scoffed them for being idiots but it has made me think.

 

Looking at the messages that were returned with headers intact with the original message, they are not originating from my website but the sending address is [randomuser]@mydomain[dot]com. I managed to get some numbers from a friend in our IT dept at work. Basically, [user]@mywork[dot]com has received ~800 emails, labeled and logged as spam, in just the past week from [random]@mydomain[dot]com. This is a large company with nationwide presence so I know it's not somehting that happened locally.

 

Now for the question: Did I just win a spammer lottery that somehow made my domain address a good one to put in the from field of outgoing attacks or could there be something that is actually happening with my domain? If someone were to report my domain as an originator, would TCH be able to look at logs and see that my domain sends maybe 10 emails a week and a claim of hundreds would be false?

Edited October 24, 2006 by jweltz

[makaveli]

some of the time they simply use a reply to adress, so it simply looks like its from your domain i.e they may forge it from fjhds3d@yours.com

 

best policy if you do suspect an attack on your domain is check your email accounts via cpanel for any that you have not set up, and also in line with general computer security change your password often

 

if in doubt with any TCH related matter it's wise to drop by the Help Desk

 

hope this helps for now

[TCH-Thomas]

Makaveli is correct. It´s probably just spoofed addresses, but contact the help desk and they will make sure its spoofing and nothing else.

[TCH-Bruce]

Check the headers of the email messages bouncing back. You will see they did not originate from your domain's IP addess.

 

If you own a domain it's not if it's when it's going to happen to you.

 

I would change your catchall address to :fail: so that mail addressed to addresses not in your domain get discarded.

[stevevan]

Welcome to life on the 'net. Make sure you have the :fail: set as Bruce suggested. That will help cut down on a lot of the spam...not totally, but a lot.

[cheapwebsolutions]

Welcome to life on the 'net. Make sure you have the :fail: set as Bruce suggested. That will help cut down on a lot of the spam...not totally, but a lot.

 

 

My default is set to :fail: and I've still had 1300 emails stuck in my main Inbox just since February 1st. They are primarily (like 95%) returns that couldn't be delivered from BoxTrapper. Should I hope that these will be greatly reduced now that I finally had BoxTrapper turned off today?

Edited February 13, 2007 by cheapwebsolutions

[Mission]

My default is set to :fail: and I've still had 1300 emails stuck in my main Inbox just since February 1st. They are primarily (like 95%) returns that couldn't be delivered from BoxTrapper. Should I hope that these will be greatly reduced now that I finally had BoxTrapper turned off today?

 

I just logged into my account's main email box (the Webmail link in cpanel) and see that I've had 100 "undeliverable" email returned -- email that I also didn't send. I haven't used that account to send or receive mail since November of 2005. The default for my account is set to :fail:.

 

However, the "return" email addie is not my domain name, but the TCH server on which my site resides. The "undeliverable" emails started coming on Dec. 12, 2006. The header says Envelope-to: myusername@myservernumber.tchmachines.com .

[TCH-Andy]

emails to username@serverxx.tchmachines.com will be delivered to the "default" address - since this is the correct email address for that account (and will include info from cron jobs etc). It is just unrouted email that is sent to :fail: