tastewar Posted September 22, 2003 Share Posted September 22, 2003 For the past few months now, I've been using a default email account in my domain to collect mail for all unknown addresses. I had thought this would be a great way to track down spam -- anything addressed to yahoo@domain.com would have to have been originated by someone who had gotten a hold of my yahoo address. Anything addressed to amazon@domain.com, other than stuff I wanted, would indicate that amazon hadn't treated my email address with the respect it deserved. Since Saturday night, 9:49 p.m. EDT, I have received over 150 "returned" emails (you know the delivery failure notices), suggesting sender addresses that I've never used, like arminbchadha_iv. I don't have any formail type pages on my web, so I don't think these are legitimate in any way. However, this also doesn't smell like sobig, because I thought sobig used email addresses in people's address books. These can't be in anyone's address book because they've never been used. It seems like someone/something is putting together random (but from a list) account names with my domain name and using that as the sender's address. Can anything be done about this? I can't think of an effective filtering strategy here, as I'd probably like to receive some failure notices. Help?! Quote Link to comment Share on other sites More sharing options...
surefire Posted September 22, 2003 Share Posted September 22, 2003 I think your best bet would be to submit a help ticket and include the header information from one or two of the suspect emails. The tech support folks at TCH are brilliant and they might be able to look into this for you. Quote Link to comment Share on other sites More sharing options...
tastewar Posted September 22, 2003 Author Share Posted September 22, 2003 Will do. I doubt the headers will be much use, though, since they're presumably valid bounces. It was the (now lost to the ages) original mail that was the cause of the problem. Quote Link to comment Share on other sites More sharing options...
TCH-Rob Posted September 22, 2003 Share Posted September 22, 2003 I have seen this before. In the case I had seen it wasnt an issue with form mail or a virus. The offending email was comming from a spammer that was using fake email addresses with a domain that they didnt own to hide the fact of where it was comming from. I do not know if that is the case here but we should be able to tell from the full header where it is comming from and see what to do from there. Quote Link to comment Share on other sites More sharing options...
Deverill Posted September 23, 2003 Share Posted September 23, 2003 Similar to what Rob said, it could be someone you know innocently causing them. For instance, if I have your and Rob's email address in my Outlook address book and I get one of the email spreading viruses like sobig, it could create an email that looks like it's from tastewar to Critical Mass and if his system bounces it as having a virus or something then the bounce would come back to you, not me who actually sent it. These spammers are using viruses to spread spam and the virus writers are using spam to spread their viruses! Evil little men with evil little hearts. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.