Page 1 of 2 12 LastLast
Results 1 to 25 of 33
  1. #1
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Singapore
    Posts
    1,597
    Help! Someone's sending emails using my domain
    How do I stop this. Someone's been sending emails using email addresses that end with my domain name. My junk mail is full of bounced mail notifications.

    This is the second domain that has been hit already. How do I identify the scammers and get them to stop?

  2. #2
    Kung Fu Master Eathan's Avatar
    Join Date
    January 18th, 2005
    Posts
    1,833
    I had the same problem recently, was getting hundreds of bounces a day. Unfortunately, most of them were actually being sent through SBC who seem absolutely useless at dealing with spammers.

    Long story short, please let me know if you figure out a way to stop it...
    Eathan Mertz

    Black Cat Mining - Gold Prospecting & Rockhounding Equipment

  3. #3
    general fuq mrbshouse's Avatar
    Join Date
    January 18th, 2005
    Location
    Argieville
    Posts
    1,381
    First things first

    Change server passwords,
    modify the number of emails that can be sent per hour 20 an hour should work unless you have a newsletter or something (if in a VPS account you can do that yourself, otherwise contact your server support)

    your going to need to look at the info supplied by the bounce. It may have the original ip address that the email was sent from, and if that matches your server you will need to find out how they accessed your server. If it does not and is simply a forged header there is not much you can do, aside from going after the money people....who profits from this spam? If it's an affilaite deal try to have that affiliate canned ;-)

    good luck and post one of the bounces if you can...email header and all

  4. #4
    Affiliate Manager adambha's Avatar
    Join Date
    October 20th, 2006
    Posts
    301
    Setup SPF (Sender Policy Framework) Your web host *should* be willing to set this up, it's pretty simple.

    Basically, it's a DNS-level setting that specifies specific IP addresses (servers, really) that are allowed to send email with your domain name in the return-path (From:, Reply-to:, etc.)

    With this setting, if people forge emails from your domain, they will still bounce back to you, but at least they aren't being delivered with your name all over it.

    The only 'catch' is that the *receiving* server has to check the SPF setting in order to reject it. If the receiving server ignores SPF, it'll deliver it without issue.

    Anyway, check in with your host and ask them to set it up for you, it literally takes about 30 seconds...

  5. #5
    .
    Join Date
    January 18th, 2005
    Posts
    2,973
    Spammers have been forging spam to appear to come from my domains (and email addresses, and name) for more than ten years.

    In the "early days," it was almost a badge of honor -- the spammers were recognizing us as people who impacted them because we complained about their spam, so they felt it was worth taking revenge on us. Now, it's pretty much random, and spammers just rotate through zillions of return addresses to try to stay one step ahead of spam filters.

    As noted, try setting up SPF to reduce some of the problems. But in the end, you are pretty much screwed -- if spammers have decided to put your return address or to forge your server's identity, then there is very little you can do to stop them.

    A year or so ago, I turned off all my spam filters, and discovered that I was getting THOUSANDS of emails per day (including spam and bounce messages). I immediately turned the spam filters back on. My spam filters flag about 99% of bounce messages -- including some "legitimate" bounce messages, which I occasionally discover when trying to figure out why someone hasn't replied to my emails.

    For one of my domains (which never had any mail server set up, but which was apparently attractive to spammers targeting educators), I just surrendered: I posted a notice on the home page advising people that they should add the domain to their spam "blacklists" because any email reflecting that domain as the return address was definitely spam. The site itself is unaffected -- it is a very modest niche directory site, and site traffic continues to grow modestly, but I don't accept any incoming email for that domain.

  6. #6
    Beachy Bill's Avatar
    Join Date
    November 20th, 2005
    Posts
    8,266
    Quote Originally Posted by Eathan
    ...Long story short, please let me know if you figure out a way to stop it...
    Unfortunately, anything short of a tactical nuclear device will have little or no effect. If you look within the email header code you will probably find that the "real" source of the email is someplace far overseas.

    By coincidence, while I typed the first sentence I received one of those "stock tip" email messages that are disguised as an image. The sender appeared to be a normal company email with a domain registered to a legitimate company in Abensberg, Germany. However, the real "sending" server is in --> Krung Thep Mahanakhon - Bangkok -- and text on the site appears to be written in Arabic.

    One of the latest attempts around spam filters seems to be based on using images that contain text. There are even code routines that vary the actual image size slightly so sophisticated filters won't "catch" a million of the same size image and declare it spam. I'm sure you have all seem those myriad stock tips disguised as images.

    As long as there is profit in spam it will continue.

    Bas*ards!
    Bill / Marketing Blog @ 12PM - Current project: Resurrecting my "baby" at South Baltimore..
    Cute Personal Checks and Business Checks
    If you are too busy to laugh you are too busy.

  7. #7
    MasterMike HardwareGeek's Avatar
    Join Date
    January 18th, 2005
    Posts
    3,810
    chances are they aren't using your email address to send the email messages. They are probably using your email as the reply to email.

  8. #8
    ABW Ambassador
    Join Date
    January 4th, 2006
    Location
    USA
    Posts
    2,477
    I had the same problem a few months ago. Seems like somebody use my domain to send spam emails to others and tons of them get bounced "back" to my "catch all" email account. They all had different names such as dhdygv@mysite.com, 12yhgb@mysite.com...I had no idea how they did that.

    I called my host company about this issue. They said I need to submit each of those returned emails to them so they can track where the spammer came from, I did a few, and relized that with houndres of the returned mails, it almost became impossible. I called again. They said he better chance for me is to turn off "catch all" email option. I did and it works. Thank god.

    Hope this help.

  9. #9
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Singapore
    Posts
    1,597
    The spammers seem to target my higher traffic site.. almost as if they're trying to get my sites banned or something. I'll contact my webhost for help. Let you know the outcome.

  10. #10
    MasterMike HardwareGeek's Avatar
    Join Date
    January 18th, 2005
    Posts
    3,810
    Quote Originally Posted by atonca
    I had the same problem a few months ago. Seems like somebody use my domain to send spam emails to others and tons of them get bounced "back" to my "catch all" email account. They all had different names such as dhdygv@mysite.com, 12yhgb@mysite.com...I had no idea how they did that.

    I called my host company about this issue. They said I need to submit each of those returned emails to them so they can track where the spammer came from, I did a few, and relized that with houndres of the returned mails, it almost became impossible. I called again. They said he better chance for me is to turn off "catch all" email option. I did and it works. Thank god.

    Hope this help.
    Because they wren't sending email from your domain, they were just setting the reply to field to your email.

    In order for a spammer to actually use your email to send spam they need an account on your server etc.

    Nothing you can really do buy ignore it

  11. #11
    Merchant & ABW Ambassador
    Join Date
    May 31st, 2006
    Location
    Houston TX
    Posts
    4,731
    Quote Originally Posted by womanht
    The spammers seem to target my higher traffic site.. almost as if they're trying to get my sites banned or something. I'll contact my webhost for help. Let you know the outcome.
    That will get your domain blacklisted.
    If you keep an inhouse newsletter list, you can get proactive and start contacting ISP and trying to get your domain or IP whitelisted. Lots of legwork though

  12. #12
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Singapore
    Posts
    1,597
    Everytime I have a site with decent traffic, someone would either
    1. Copy my content
    2. Spam using an email that fakes my domain
    3. lots of other things I don't want to mention as they might give some slugs ideas.

    Is there any way to turn the tables on these scumbags?

  13. #13
    ABW Ambassador Vrindavan's Avatar
    Join Date
    February 25th, 2003
    Posts
    1,902
    for cpanel, where can i disable "catch all" ?

    or specify only a certain exact email addresses can go through

    the filter do not have "if not equal to , then delete" option

  14. #14
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    I've been getting a ton of these the last few days, too.

    Make sure you understand the difference between spam being sent "from your server" and spam being sent "with your email address forged" (like what's happening with you). Those are two very different things.

    Spam being sent "from your server" will get you banned by your host if you don't address it quickly (and even then it still might). If this ever happens, cut it off quick and get in touch with the abuse department for your host. Some potential causes of that:

    1) Having your email server set up for open relays.
    2) Having an email form that is open to exploits.
    3) Someone hacking into your server.

    Spam being sent "with your email address forged" is frustrating, but there's not much you can do about it. You can set up SPF, as Adam suggested, and that'll reduce it some (and you'll get even more bounces). You can turn off the catch-all, like atonca suggested. That will keep you from getting some of the bounce messages, but it doesn't do anything about the spam. If it gets really bad, you can put a note up on your web site like Mark did. I've done this in the past, too. I would only suggest doing this if the volume is high enough that you start getting complaints. You can track down the spammer, but it takes a lot of work and they're continually moving to other servers so it's just not effective.

    Having your email address forged should never get you banned, blacklisted, or suspended. Every host out there should be able to easily tell the difference between where a message really came from (Received: IP address) and where it says it came from (From).
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  15. #15
    .
    Join Date
    January 18th, 2005
    Posts
    2,973
    Earlier, I wrote: > "My spam filters flag about 99% of bounce messages -- including some "legitimate" bounce messages, which I occasionally discover when trying to figure out why someone hasn't replied to my emails." <

    This morning, I found that I had more than 20 "bounce" messages that got past my (three layers of) spam filters in the past 8 hours -- all of which were forged spam. Thanks to this discussion thread, I realize that it's time to adjust those spam filters again.

  16. #16
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    If anyone knows of an easy way to eliminate bounce messages from forged spam, please post. I don't really care to see it. My spam filters catch many, but not all.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  17. #17
    Affiliate Manager
    Join Date
    January 17th, 2007
    Location
    NY
    Posts
    191
    Im guessing a fix for this would be to use a dedicated server instead of shared.

  18. #18
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    Nope, your server has nothing to do with it. The forged emails don't come from your server.
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  19. #19
    Affiliate Manager
    Join Date
    January 17th, 2007
    Location
    NY
    Posts
    191
    I thought shared servers were more susceptible to this.....maybe im wrong.

  20. #20
    Full Member felit0's Avatar
    Join Date
    January 18th, 2005
    Location
    Miami, FL
    Posts
    245
    Quote Originally Posted by Vrindavan
    for cpanel, where can i disable "catch all" ?

    or specify only a certain exact email addresses can go through

    the filter do not have "if not equal to , then delete" option
    Within cPanel set your default email address to :blackhole:

    Also Michael Coley is right. Forged email headers will not get your domain blacklisted. Domains generally don't get blacklisted, rather the IP used to send the Spam will get blacklisted.

    If you look closely at the email headers within the bounced message it was sent from a different IP. This is a clear indication of a "forged" email header.

  21. #21
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    744
    Quote Originally Posted by MichaelColey
    Make sure you understand the difference between spam being sent "from your server" and spam being sent "with your email address forged" (like what's happening with you). Those are two very different things.
    Really helpful explanation - thank you!

    I've been wondering about the variety of "returned mail" messages I get in my catch-all. I didn't know if any of them were actually spam messages with nasty attachments that were meant to look like I sent an email that was returned.

  22. #22
    Affiliate Manager adambha's Avatar
    Join Date
    October 20th, 2006
    Posts
    301
    Quote Originally Posted by MichaelColey
    If anyone knows of an easy way to eliminate bounce messages from forged spam, please post.
    Almost all bounce mail is going to come from MAILER-DAEMON @ somedomain . com (or occasionally postmaster)

    Now, I'm a fan of procmail as it is an actual MDA with full regex matching, but I'm sure there are other tools that serve the same purpose.

    Anyway, whatever you use, just setup two rules. First, look to see if it is from MAILER-DAEMON, then check to see if the To: is one on your 'white list' of usernames. If it's from MAILER-DAEMON to a white-listed username, deliver it, anything else, drop it.

    This will only show bounced messages that you personally send. Okay, if they used your actual username in the spam, this won't catch it, but in my experience this has never happened, it's always crAzyusER28r5 @ mydomain...

  23. #23
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Singapore
    Posts
    1,597
    Nothing to do with dedicate or not. Sites on my dedicated server have been hit as well.

    Is there a way to identify who is doing this?

  24. #24
    ABW Ambassador netnow22's Avatar
    Join Date
    January 18th, 2005
    Location
    Columbia, SC
    Posts
    748
    LAetly for my sites, one is programmed in asp.net and the other cgi. On all my input forms without a security code, i recieve about 30 inquires a day that are totally spammed. Why would someone create a script to complete all the forms, which is totally uses?

  25. #25
    ABW Ambassador
    Join Date
    February 28th, 2005
    Posts
    574
    i have two domains facing the same issue... its going on the past few days... hopefully some time it will stop...

    so i will just be patient about it

+ Reply to Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. CJ no longer sending out program acceptance emails?
    By La_Valette in forum Commission Junction - CJ
    Replies: 9
    Last Post: July 26th, 2008, 09:37 AM
  2. form not sending - from unauthorized domain
    By oscar in forum Programming / Datafeeds / Tools
    Replies: 4
    Last Post: June 21st, 2004, 05:19 AM
  3. Turning consumer emails into affiliate emails
    By DDs in forum Rakuten LinkShare - LS
    Replies: 2
    Last Post: April 29th, 2004, 10:19 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •