Kia_Breizzze

I just got an "undeliverable" message for an email I didn't send.

Someone is faking my website admin addy and sending out spam.

Is there anyway I can stop this from happening?

Graham S1

do you have a "catch all" option setup for your domain addy?

ie "anything"@womenshealthandpleasure.com

If so set it only to recieve specific addresses such as sales@ or info@ or contact@

Might be something else, but that's what happened to me before.

Kia_Breizzze

well, not on that domain.
stuff is being sent that appears to be sent from me@mydomain.com

and when it gets sent to an undeliverable addy it get's returned to me.
but if the recipients addy is real then obviously it's going through.
So there's going to be people out there thinking I am sending this rubbish out when I'm not.

So setting my domain to only accept certain incoming isn't going to help at all because the issue is outgoing mail that didn't originate from me.

Jamz

There's not a great deal you can do unfortunately

If you have access to the DNS server's zone files for your domain you could add an SPF record which might help. If not, speak to whoever looks after your domain and ask them to set it up for you. They'll need a list of email servers (SMTP) that you use to send mail which you might need to ask your ISP for as they'll have several.

Kia_Breizzze

bugger.
oh well.
time to add an "we do not send unsolicited email" message to my websites I guess.

Eagle

iTrader: (2)

had mine hijacked years ago .... isp didn't want to know

Turbocabbie

does your website has a contact us form ? (probably a formail script) if so its probably this which has been exploited.
Other than that your server does not require authentication for SMTP services..

I would resolve it as quickly as possible before your domains email address gets blacklisted by spamhaus or a similar RDB spam listing

Statements that there is very little you can do is far from the truth with reagrds to sending unsolicited mail as there is usually an obvious reason regarding what makes this possible contact your host and ask them to review the server logs.
returned emails will also have information in the headers which will show the address used to send the mail which should give you an indication if its a script exploit.

The most common things as stated are exploited sendmail scripts and unauthenticated SMTP servers.

See this every day, and legaly its your responsibility to resolve.

Chip

iTrader: (3)

Thats all assuming it actually came from his server at some point.

Nothing to stop you sending mail from one address on a totally unrelated machine.

Ie telnet into port 25 on whatever machine you are using, type "god@heaven.inthe.sky" as the "From" field and thats what the mail will be sent as, the header information would of course show up a different originating machine to the one implied, but that wouldnt stop an email service from bouncing back to the "faked" sender surely?

Ie it might be NOTHING to do with his machine at all, in which case there really is nothing he can do.

Turbocabbie

A SMTP server which is configured to allow unauthenticated sending of mail under a domain behalf would be a spammers dream and displays a lazy admin. I would assume that the IP address of that machine would quickly be blacklisted.
This however can be resolved by creating SMTP authentication... the most common reason I see for spamming from domains working for a hosting company is people downloading poorly written formail scripts and using these rather than personally coding them.

Admittedly there is very little you can do about mail spoofing but first you have to clarify if this is the case, unsolicited mail coming from your domain is the responsibility of whoever manages the domain.

If your on shared hosting I would contact the hosting company and ask them to examine the logs... if your on a VPS or dedicated I would do this yourself.

Whatever the case it does need investigating. Your paying for a hosting service and I would expect the company to take this seriously and look into it

Chip

iTrader: (3)

Or intentional spammer

Indeed but not much hassle to get a new one

Agreed, far too many people installing open doors for people to walk to

Indeed. Thats my point, it depends on if its REALLY a mail from his box or just one using his address

All good points

Turbocabbie

bet its hosted by the company i work for and im going to get a phone call now

Kia_Breizzze

I'm not "hosted". I own my own server, and admin it from home - it's sat right here next to my pc.
there is no contact form on the domain that is being "spoofed".
I do have a contact form on another domain and so far that has no problems. In fact it's only the one domain (out of 6) that appears to be being spoofed (or whatever).

The emails are not originating from my server, nor my pc, nor from within my network.

basically, the last one was a foreign "seek hoes tonight" type site sending out mailings and the "sender" addy is set as me.
So, as nothing is coming from my network and is not being generated by misuse of a script on my site - I don't see what I am able to do.

Turbocabbie

Only thing you can do is set up a SPF record

Kia_Breizzze

but that won't change the messages that don't originate from me or my server will it.

Turbocabbie

yes because it is simply a framework for publishing information through DNS describing a list of ip addresses allowed to send emails from a specific domain.
It stops you from getting blacklisted

Kia_Breizzze

but they aren't sending from my domain.
They are sending from their own domain and altering the header to look as if it originated from me.

dojj

iTrader: (3)

i get loads of spam saying the same thing, undeliverable mail etc etc
it just goes in the bin
they want you to send stuff to the email addy to verifiy it's a legit address and then you get loads more spam