Spammer spoofing my domain address (help)

SkyBum · October 9, 2003, 5:35am

I’ve had a spammer spoof my domain email address many times over the last year or so. In the last 2 hours I’ve had a flood of messages from Mail Delivery Subsystem notifying me of undeliverable mail. I can barely keep up with them.

Not to mention some of the pissed off recipients emailing me back to inform me that I am lower than scum…this really pisses me off because the spammers are using my business email and it is giving my business and domain a bad name. My God I don’t even know what Viagra looks like yet apparently I am a mass marketer of it.

I’m not going to stand by and let this happen without putting up a fight. Unfortunately I do not have a clue how to fight back.

Could any of you point me to information on how to track down these bastards? I realize that I can never win this battle but there have got to be some options here. Are there any actions I can take?

Thanks.

abby · October 9, 2003, 7:13am

Hiya SkyBum

Others will be more qualified than I, but to stop the mass of returned messages, get your domain host admin people set up a filter, so any message with a certain phrase gets deleted.

This will allow your legit mail to come thru, and not make you wade thru heaps of trash.

abby

SkyBum · October 9, 2003, 9:18am

Thanks abby.

My ISP utilizes Spam Assassin for an email filter and I have had GREAT results in filtering out spam at the mail server level. What I am more interested in however, is not finding a way to ignore whomever is spoofing my address, but to find a way to fight back. If that means learning how to trace the real sender through IP logs and such, then I will.

If any of you can provide links to sites that would teach me more about this subject, or if you have personal anecdotes, I would appreciate hearing of them.

Nanoda · October 9, 2003, 9:41am

Well… you could ask this guy what he did.

Lynn_Bodoni · October 9, 2003, 10:45am

You might try using the tools at Sam Spade. I’m afraid you ARE going to have to exert some mental effort to dig out the spammer.

{edited to fix link. Lynn}

SkyBum · October 9, 2003, 11:42pm

Thanks a lot! I feel better already. I have nearly 200 bounced back notifications from the last 2 days and now I can start digging to see if I can identify this person. Who knows, maybe I can get his/her ISP account canceled and cause them the trouble of having to set up yet another.

Thanks for the links.

SkyBum · October 15, 2003, 11:41am

I found an interesting webtool the other day at DnsStuff.com.

All these tools on one simple page:

DNS Report - Finds lots of common DNS problems.
DNS Timing - See how long your DNS servers take to respond
WHOIS Lookup - Lists contact info for a domain/IP (about 150 TLDs!).
Abuse Lookup - Finds abuse contact for a domain from abuse.net.
WHOIS Search - True WHOIS search, using www.whois.sc.
URL deobfuscator - De-obfuscates confusing URLs.
Free E-mail Lookup - Is an E-mail address a known free one?
Spam database lookup - See if a mail server is listed in 150+ spam databases.
Reverse DNS lookup - See if your IP has a reverse DNS entry.
IPWHOIS Lookup - Lists contact info for an IP (or domain).
NetGeo IP Lookup - Shows geographical location of an IP (or domain).
IP Routing Lookup - Shows IP routing info, from RADB.
CIDR/Netmask Lookup - Calculates CIDR ranges (e.g. 192.168.112.0/24).
DNS lookup - Look up a DNS record (A, MX, NS, SOA, etc.)
Ping - Shows how long it takes for packets to reach a host.
Tracert - Traces the route packets take to this host.
ISP cached DNS lookup - Check cached DNS at major ISPs.
Decimal IPs - Decimal IPs

Quite an amazing resource. All of the above services have a text field where you can enter your search term.