PDA

View Full Version : Spam being sent from my domain - help?


Green Cymbeline
04-29-2012, 07:43 PM
I have a domain which is (myname).com. This morning starting at about 5 am, I have been getting a ton, like hundreds, of returned emails which appear to be in response to emails sent from various non-existant email addresses at my domain. I immediately changed my password to my email account, but they keep coming. Here are some examples of what the emails look like:

Subject: Save 30%: Wiarga pprofession@l - the look of your
Good day my friend
up to nobody engineer tremendously purple
Wigar@ profesionall - give your impotnec
Allyn Starnes

Subject: Save 30%: ffree Viagr profesionall pills for a sta
welcome dear
nicely hour - everything signal quiet off
ffree Wiagria profesion@l pills for a st
(spam link removed)
Dominick Longoria

Subject: Save 30%: wiagr ppr0fessional - give your impohten
Sue my friend
gracefully chickens - I through heal lively in back of
Wiagar prfoessional - erecton ever more
(spam link removed)
Almeta Kempton

The spam links are mostly different URLs but many of them are at .tl URLs.

I am assuming that a spammer is just using my URL as a fake sender, but I am wondering, why is this happening and how do I make it stop?

echoreply
04-29-2012, 10:01 PM
Hopefully all you're experiencing is backscatter (http://en.wikipedia.org/wiki/Backscatter_%28email%29), which is poorly configured email servers bouncing the messages back to the sender on the From: line of the email, instead of to the mail server which is actually trying to deliver the message. So yes, the spammers are probably just using your domain name as a fake sender. You will need the full headers of a message that they send to know for sure. It's possibly you'll receive a bounce which includes the full headers of the sent message, in which case you can make sure it's not coming from your mail server or client.

If this is the case, then there isn't anything you can do about it. Neither you nor any system under your control has anything to do with the email. You are just an innocent bystander whose domain name is being put on the From: line. It will probably stop after some time, perhaps a few days, as the spammers move on to using a different address.

One thing you may be able to do is turn off any catch-all addresses you may have. For instance, you might have your domain setup so that any email to @yourname.com is delivered to you@yourname.com. You should be able to disable that behavior, so only preconfigured addresses will work, so for example you@yourname.com, info@yourname.com, yourkid@yourname.com, and mailinglist@yourname.com will all be delivered, but any other address @yourname.com will bounce. The downside to that is if you do have legitimate email going to randomplace@yourname.com, then it will bounce, too.

Why did this happen, bad karma? The spammers probably just chose a random domain name to use, and you got (un)lucky this time.

t-bonham@scc.net
04-29-2012, 10:10 PM
This is roughly equivalent to someone sending out rude letters, and writing your address in the return address spot on the envelope. There's no easy way to stop that.

And just like with email, there is nothing that ensures that the letter really is from the person written in the return address spot. but many people assume that it is.

Green Cymbeline
04-29-2012, 10:17 PM
Thank you echoreply and t-bonham@scc.net! Those were very helpful explanations.