Help! Spammer Claiming to be Me!

[tanstaafl]

Got a problem here that I’m not sure what (if anything) I can do about it. I own the domain mountaindiver.com; it’s a site I use mainly for hiking trail and diving site reviews.

A few days ago someone, somewhere sent out a mass porn spam but set the Reply-To field in their e-mail as an address within the mountaindiver.com domain! Needless to say, I have now received more complaints and remove messages than I know what to do with.

My web host and I have done a bit of research and have found that the messages actually originated from a yahoo.com account. We have contacted Yahoo and they have killed the account but it appears that it was a throw-away account anyway and it doesn’t look like we have any way to determine who was responsible.

Can I or should I complain to or go after the web site that was being advertised by the spam? I really don’t want to give them any encouragement to pull the same stunt again but I don’t want them to think that my domain is a safe one to use to redirect their mail to either.

Also, should I reply to the people who have e-mailed me complaining or asking to be removed and tell them what has happened? Or, would I simply be compounding the problem?

Any advice would be appreciated.

(Mods: I couldn’t decide if this should go here or IMHO. Please move if you think I’m in the wrong place.)

[ScottHaneda]

Well, I just happen to be a mail server admin, so I can tell you a little about this, and a odd coincidence as well.

I am a small ISP, and take great efforts on a daily basis to prevent spam from coming to my users. Generally, I look at the spam that comes in to me, and I try to generalize it and create filtering rules on the mailserver that do not allow them to come to myself, or any users at all. Here is where it gets interesting, there is one domain, that literally gets hit with thousands and thousands of spams per day. They are called dictionary attacks, and the spammer will take a dictionary of common email user names, and send them out to tom@domain.com and dick@domain.com and harry@domain.com etc etc. There is not a whole lot I can do about this, aside from blocking the IP address of the sending mail server. This is pointless, becuase they use throw away dialup ISP accounts, and I can not even begin to keep up with them. Aside from that, luckily, the user of this one domain, has a less than common user name, so he is not affected. On the downside, the spammer ties up my server all day long with these attacks.

The coincidence is that the domain is very similar to yours, lets just say it has the word ‘mountain’ in it as well. So, there is something about these mountain.com domains that a group of spammers out there like for some reason or another. I have managed to track it here and there, and it seems this is a sophistaicated network that is used for this, but, after a little research, I can tell you that in my case, the senders are in China. You may have read rescently that many USA based ISP’s are simply blocking china from being able to send email to any US servers at all. I am about to do the same, just block the whole subnet of china and be done with it.

So there is the background on the matter. A few bits of advice, in the future, you can not waste your time notifying yahoo or any ISP about the matter, as the spammer has come and gone and you are merely wasting your time. Next, if you are going to continue using the domain for email, I would suggst you not use a email address that is so common, change it to firstname.lastname@mountain.com, or something that is a little less accidental to be used. As far as complaining to the website that was ‘spamvertised’, that depends, if you desire to spend a few hours getting transfered around on a phone talking to people who have no idea what email even is, then go for it, be a nice guy. More than likely, they do not know they did anything wrong, they just hired a email marketing company and thought that it was a ok thing to be doing. I am more than certain that they have gottne enough complaints by now that if there is any chance they will stop, they will. And finally, I would not reply to any of the people that asked you to remove them from the email list. Some will take any further contact as yet another unsolited email, and this time, it coming from you for real, would report you to their ISP, and you may have to deal with the repercussions. So, in short, ignore it all, it should pass in time, and change your email address, and you should be good to go.

[Urban_Ranger]

I thought the big Web-based e-mail sites are blocking massive mailings? They can just limit the total numbers of recipients on the TO: field to say, 30 or so, which won’t be too limiting to most users but will heavily discourage spammers.

[Urban_Ranger]

*Originally posted by ScottHaneda *
I can tell you that in my case, the senders are in China. You may have read rescently that many USA based ISP’s are simply blocking china from being able to send email to any US servers at all. I am about to do the same, just block the whole subnet of china and be done with it.

That’s not necessarily true. No spammers who’s worth his salt will expose his true identity so easily. If they can, they will channel their e-mail through an open relay to cover their tracks.

[mnemosyne]

*Originally posted by Urban Ranger *
**I thought the big Web-based e-mail sites are blocking massive mailings? They can just limit the total numbers of recipients on the TO: field to say, 30 or so, which won’t be too limiting to most users but will heavily discourage spammers. **

If that is true, all it does is give them a few more minutes work, apparently. I constantly get spam emails to an account I have access to at school (oddly enough, its the account of a CLUB on campus - how the hell did that email address get out to anyone but club members?!?!). The spam we get is usually sent to about 30 or so accounts, all with VERY similar email addresses. Kind of like the dictionary spam described above, I guess. Occasional;y I get the same spam on my account, with a TO: list of other email addresses kind of like mine. All they do is divide into groups of 30, and send multiple times.

[ftg]

Originally posted by ScottHaneda
I can tell you that in my case, the senders are in China. You may have read rescently that many USA based ISP’s are simply blocking china from being able to send email to any US servers at all. I am about to do the same, just block the whole subnet of china and be done with it.

*Originally posted by Urban Ranger *
That’s not necessarily true. No spammers who’s worth his salt will expose his true identity so easily. If they can, they will channel their e-mail through an open relay to cover their tracks.

Umm, China has the largest number of open relays by far, hence spam is passing thru China, but not generally originating there. So blocking email from China is becoming quite standardized. The Chinese government is now catching on to the problems this is causing and is trying to figure out how to “suggest” to their local idiots that they shut off the relaying. slashdot has several articles on this.

[Jonathan_Chance]

Isn’t this what the various Real Time Black Hole lists are for? You may not be able to detect the actual people who’ve been sending the spam but you can determine which ISPs and mail servers allow open relaying. Have mail admins start blocking mail from those servers and things should change.

Um, maybe.