Email Spammers
#1
Wahay!! I've lost my Virginity!!
Thread Starter
Join Date: Mar 2006
Location: Warwickshire UK
Posts: 92
Likes: 0
Received 0 Likes
on
0 Posts
Email Spammers
I just got an "undeliverable" message for an email I didn't send.
Someone is faking my website admin addy and sending out spam.
Is there anyway I can stop this from happening?
Someone is faking my website admin addy and sending out spam.
Is there anyway I can stop this from happening?
#2
PassionFord Post Troll
do you have a "catch all" option setup for your domain addy?
ie "anything"@womenshealthandpleasure.com
If so set it only to recieve specific addresses such as sales@ or info@ or contact@
Might be something else, but that's what happened to me before.
ie "anything"@womenshealthandpleasure.com
If so set it only to recieve specific addresses such as sales@ or info@ or contact@
Might be something else, but that's what happened to me before.
#3
Wahay!! I've lost my Virginity!!
Thread Starter
Join Date: Mar 2006
Location: Warwickshire UK
Posts: 92
Likes: 0
Received 0 Likes
on
0 Posts
well, not on that domain.
stuff is being sent that appears to be sent from me@mydomain.com
and when it gets sent to an undeliverable addy it get's returned to me.
but if the recipients addy is real then obviously it's going through.
So there's going to be people out there thinking I am sending this rubbish out when I'm not.
So setting my domain to only accept certain incoming isn't going to help at all because the issue is outgoing mail that didn't originate from me.
stuff is being sent that appears to be sent from me@mydomain.com
and when it gets sent to an undeliverable addy it get's returned to me.
but if the recipients addy is real then obviously it's going through.
So there's going to be people out there thinking I am sending this rubbish out when I'm not.
So setting my domain to only accept certain incoming isn't going to help at all because the issue is outgoing mail that didn't originate from me.
#4
Advanced PassionFord User
Join Date: Apr 2004
Location: Naaaaarch
Posts: 2,385
Likes: 0
Received 0 Likes
on
0 Posts
There's not a great deal you can do unfortunately
If you have access to the DNS server's zone files for your domain you could add an SPF record which might help. If not, speak to whoever looks after your domain and ask them to set it up for you. They'll need a list of email servers (SMTP) that you use to send mail which you might need to ask your ISP for as they'll have several.
If you have access to the DNS server's zone files for your domain you could add an SPF record which might help. If not, speak to whoever looks after your domain and ask them to set it up for you. They'll need a list of email servers (SMTP) that you use to send mail which you might need to ask your ISP for as they'll have several.
#7
does your website has a contact us form ? (probably a formail script) if so its probably this which has been exploited.
Other than that your server does not require authentication for SMTP services..
I would resolve it as quickly as possible before your domains email address gets blacklisted by spamhaus or a similar RDB spam listing
Statements that there is very little you can do is far from the truth with reagrds to sending unsolicited mail as there is usually an obvious reason regarding what makes this possible contact your host and ask them to review the server logs.
returned emails will also have information in the headers which will show the address used to send the mail which should give you an indication if its a script exploit.
The most common things as stated are exploited sendmail scripts and unauthenticated SMTP servers.
See this every day, and legaly its your responsibility to resolve.
Other than that your server does not require authentication for SMTP services..
I would resolve it as quickly as possible before your domains email address gets blacklisted by spamhaus or a similar RDB spam listing
Statements that there is very little you can do is far from the truth with reagrds to sending unsolicited mail as there is usually an obvious reason regarding what makes this possible contact your host and ask them to review the server logs.
returned emails will also have information in the headers which will show the address used to send the mail which should give you an indication if its a script exploit.
The most common things as stated are exploited sendmail scripts and unauthenticated SMTP servers.
See this every day, and legaly its your responsibility to resolve.
Trending Topics
#8
*** Sierra RS Custard ***
iTrader: (3)
Originally Posted by UnseenMenace
does your website has a contact us form ? (probably a formail script) which has probably been exploited.
Other than that your server does not require authentication for SMTP services..
I would resolve it as quickly as possible before your email address gets blacklisted by spamhaus or a similar RDB
Statements that there is very little you can do is far from the truth with reagrds to sending unsolicited mail as there is usually an obvious reason that this is being done when examined.
The most common things as stated are exploited sendmail scripts and unauthenticated SMTP servers.
See this every day
Other than that your server does not require authentication for SMTP services..
I would resolve it as quickly as possible before your email address gets blacklisted by spamhaus or a similar RDB
Statements that there is very little you can do is far from the truth with reagrds to sending unsolicited mail as there is usually an obvious reason that this is being done when examined.
The most common things as stated are exploited sendmail scripts and unauthenticated SMTP servers.
See this every day
Thats all assuming it actually came from his server at some point.
Nothing to stop you sending mail from one address on a totally unrelated machine.
Ie telnet into port 25 on whatever machine you are using, type "god@heaven.inthe.sky" as the "From" field and thats what the mail will be sent as, the header information would of course show up a different originating machine to the one implied, but that wouldnt stop an email service from bouncing back to the "faked" sender surely?
Ie it might be NOTHING to do with his machine at all, in which case there really is nothing he can do.
#9
Originally Posted by Chip-3Door
Thats all assuming it actually came from his server at some point.
Nothing to stop you sending mail from one address on a totally unrelated machine.
Ie telnet into port 25 on whatever machine you are using, type "god@heaven.inthe.sky" as the "From" field and thats what the mail will be sent as, the header information would of course show up a different originating machine to the one implied, but that wouldnt stop an email service from bouncing back to the "faked" sender surely?
Ie it might be NOTHING to do with his machine at all, in which case there really is nothing he can do.
Nothing to stop you sending mail from one address on a totally unrelated machine.
Ie telnet into port 25 on whatever machine you are using, type "god@heaven.inthe.sky" as the "From" field and thats what the mail will be sent as, the header information would of course show up a different originating machine to the one implied, but that wouldnt stop an email service from bouncing back to the "faked" sender surely?
Ie it might be NOTHING to do with his machine at all, in which case there really is nothing he can do.
This however can be resolved by creating SMTP authentication... the most common reason I see for spamming from domains working for a hosting company is people downloading poorly written formail scripts and using these rather than personally coding them.
Admittedly there is very little you can do about mail spoofing but first you have to clarify if this is the case, unsolicited mail coming from your domain is the responsibility of whoever manages the domain.
If your on shared hosting I would contact the hosting company and ask them to examine the logs... if your on a VPS or dedicated I would do this yourself.
Whatever the case it does need investigating. Your paying for a hosting service and I would expect the company to take this seriously and look into it
#10
*** Sierra RS Custard ***
iTrader: (3)
Originally Posted by UnseenMenace
Originally Posted by Chip-3Door
Thats all assuming it actually came from his server at some point.
Nothing to stop you sending mail from one address on a totally unrelated machine.
Ie telnet into port 25 on whatever machine you are using, type "god@heaven.inthe.sky" as the "From" field and thats what the mail will be sent as, the header information would of course show up a different originating machine to the one implied, but that wouldnt stop an email service from bouncing back to the "faked" sender surely?
Ie it might be NOTHING to do with his machine at all, in which case there really is nothing he can do.
Nothing to stop you sending mail from one address on a totally unrelated machine.
Ie telnet into port 25 on whatever machine you are using, type "god@heaven.inthe.sky" as the "From" field and thats what the mail will be sent as, the header information would of course show up a different originating machine to the one implied, but that wouldnt stop an email service from bouncing back to the "faked" sender surely?
Ie it might be NOTHING to do with his machine at all, in which case there really is nothing he can do.
I would assume that the IP address of that machine would quickly be blacklisted.
This however can be resolved by creating SMTP authentication... the most common reason I see for spamming from domains working for a hosting company is people downloading poorly written formail scripts and using these rather than personally coding them.
Admittedly there is very little you can do about mail spoofing but first you have to clarify if this is the case
unsolicited mail coming from your domain is the responsibility of whoever manages the domain.
If your on shared hosting I would contact the hosting company and ask them to examine the logs... if your on a VPS or dedicated I would do this yourself.
Whatever the case it does need investigating. Your paying for a hosting service and I would expect the company to take this seriously and look into it
If your on shared hosting I would contact the hosting company and ask them to examine the logs... if your on a VPS or dedicated I would do this yourself.
Whatever the case it does need investigating. Your paying for a hosting service and I would expect the company to take this seriously and look into it
#12
Wahay!! I've lost my Virginity!!
Thread Starter
Join Date: Mar 2006
Location: Warwickshire UK
Posts: 92
Likes: 0
Received 0 Likes
on
0 Posts
I'm not "hosted". I own my own server, and admin it from home - it's sat right here next to my pc.
there is no contact form on the domain that is being "spoofed".
I do have a contact form on another domain and so far that has no problems. In fact it's only the one domain (out of 6) that appears to be being spoofed (or whatever).
The emails are not originating from my server, nor my pc, nor from within my network.
basically, the last one was a foreign "seek hoes tonight" type site sending out mailings and the "sender" addy is set as me.
So, as nothing is coming from my network and is not being generated by misuse of a script on my site - I don't see what I am able to do.
there is no contact form on the domain that is being "spoofed".
I do have a contact form on another domain and so far that has no problems. In fact it's only the one domain (out of 6) that appears to be being spoofed (or whatever).
The emails are not originating from my server, nor my pc, nor from within my network.
basically, the last one was a foreign "seek hoes tonight" type site sending out mailings and the "sender" addy is set as me.
So, as nothing is coming from my network and is not being generated by misuse of a script on my site - I don't see what I am able to do.
#14
Wahay!! I've lost my Virginity!!
Thread Starter
Join Date: Mar 2006
Location: Warwickshire UK
Posts: 92
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by UnseenMenace
Only thing you can do is set up a SPF record
#15
Originally Posted by Kia_Breizzze
Originally Posted by UnseenMenace
Only thing you can do is set up a SPF record
It stops you from getting blacklisted
#16
Wahay!! I've lost my Virginity!!
Thread Starter
Join Date: Mar 2006
Location: Warwickshire UK
Posts: 92
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by UnseenMenace
Originally Posted by Kia_Breizzze
Originally Posted by UnseenMenace
Only thing you can do is set up a SPF record
It stops you from getting blacklisted
They are sending from their own domain and altering the header to look as if it originated from me.
Thread
Thread Starter
Forum
Replies
Last Post