Jump to content

martind

Members
  • Content Count

    31
  • Joined

  • Last visited

Community Reputation

0 Neutral

About martind

  • Rank
    Member
  1. martind

    ***Email **** Important Update

    Hi, Looks like webmail is down again. [Edit by turetzsr: Merged into this post from a separate Topic named "Webmail Down Again 2 November at 2230UTC." User advised via PM.]
  2. martind

    SpamCop doesn't like users?

    apologies for my intemperate message above. I was frustrated by the lack of information and understanding about whom to contact when experiencing a problem. i've used the SpamCop e-mail service for some years now and always found it reliable and easy to use. This has been my first experience of a failure. That said - reading the messages above - i'm still confused about who exactly owns/does what? I now appreciate that different parties are involved with different parts of the service (provision of e-mail boxes, reporting of spam etc.) but I'm still confused about who is responsible for providing the e-mail service that I use. Is it Cisco, Iron Port or CESMail? When we pay for a mailbox who are we paying? And who do we turn to when we need support? I appreciate that failures happen but it would be good to know where we should look when they occur to check for news and information about the failure? And while I'm asking so many questions I guess it would be good to know who runs these forums (CESMail, Iron Port, Cisco or maybe someone else!) With thanks ... (especially to whomsoever fixed the e-mail problem yesterday!)
  3. martind

    SpamCop doesn't like users?

    Well, I guess I have to agree with you that "SpamCop don't like users". I've been using Spamcop since 2004 as my primary e-mail service but today I discover that I cannot login and pick up my email. Failures happen, servers go down, but there is no excuse for not posting an annoucement on your website that you have technical problems and how long you think the service might be down for. SpamCop --> IronPort --> Cisco Great products and a reliable service -->Innovative security products --> ???? Has something changed! I'm happy to pay for an e-mail service and to contribute to the fight against spam but I expect some support in return.
  4. martind

    Spammer using my domain for "From" addresses

    Thanks for this. Yes, I have the facility at each of the domain names to only forward named mail [such as myname[at]domainname.com] to SC and separately trash anything else [such as any-other-name-apart-from-my-name[at]domainname.com]. If I do this though won't I lose any visibility of when people are abusing our domain name? If so, does this matter - should I just filter as you suggest and not worry if people are fraudulently using our domain name and trying to ensure that such abuse is reported? Thanks for this. I didn't realise that and guess I will have to stop doing it! However, if I don't report them doesn't that mean that any abuse of our domain name as a cover for sending spam will go unreported?
  5. martind

    Spammer using my domain for "From" addresses

    [this is a fairly lengthy posting about spam problems where our domain name is being fraudulently used as a cover for sending spam. If this is of interest please read on and share your views, if not ... please pass on] I thought I'd record my continued experience of dealing with mis-directed bounces [see thread above] where my domain name has been forged as part of the 'from' address, and my attempts at reducing misuse of our domain name as a cover for sending spam. Any comments or feedback would be much appreciated! [background: I work on my own running a small business. I have a couple of domain names I own that our hosted for me. E-Mail received at these domains is forwarded to my SC e-mail box. I pick up all my mail from my SC box. I do not publish or use my SC e-mail address directly. I use a couple of e-mail addresses for different kinds of work e.g. abc[at]domainname1.com & efg[at]domainname2.com. All mail sent to domainname1.com or domainname2.com ends up in my SC mailbox. I could 'trash' any misaddressed messages at the host directly and only forward messages to my SC box that are correctly addressed but choose not do this. Why? Because someone might mistype my address and having all messages forward [e.g. anyname[at]domainname1.com] allows me to see if spammers are misusing our domain name. Perhaps this reasoning is wrong?] Since the earlier conversation above I've pursued two separate strategies ... 1. For December 2006 and first half of Jan 2007: I deleted misdirected bounces hoping that the 'spammer(s)' would eventually move on and stop using our domain. The number of 'back reported' [misdirected bounces] I received where our domain name had been forged remained pretty constant [about 100 per day] 2. From mid-Jan 2007 until now: I have been reporting all misdirected bounces using SC's standard spam reporting - direct from my SC webmail account. I have also been taking each returned message [attached, or included, as part of the misdirected bounce message], manually analysing the headers using SC (at www.spamcop.net) [as if I were the intended recipient of the original spam message] and reporting them through SC using a separate SC account that I have set up just for that purpose. In addition for some of the domains that analysis has revealed as a major source I have sent manual reports to the domain administrators directly. My hope was that this reporting would reduce misuse of our domain and encourage spammers to stop misusing our domain name. This reporting has had little or no impact on the number of 'misdirected bounces' we receive - if anything the number may have increased slightly. More recently, as I have become more aggressive in my SC reporting I have noted changes in the spam messages being reported by the misdirected bounces. The number of different domains from which spam seems to be originating, using our domain name, has increased. And the spam messages [using 'from' addresses such as 'anything[at]ourdomainname'] are being sent to multiple recipients at a domain causing multiple 'misdirected bounces' for each spam message. The message from the spammer(s) seems to be 'stop reporting these spam messages or I'll make life more difficult for you, and I'll carry on using your domain name for as long as I like!' Am I being paranoid? All the above is to say that I'm confused and would welcome advice. My aim is twofold: to protect our domain name from misuse, and do my [little] bit helping report/reduce spam. Some thoughts and questions: Presumably not all spam messages sent using our domain name end up as 'misdirected bounces' since some receiving mailservers will correctly recognise them as spam messages and that the 'from' address has been forged and won't send a bounce back to the forged 'from' address? If so then the number of spam messages being sent making fraudulent use of our domain name will be much greater? I wonder by how much 10, 100, 1000? If I just report the 'misdirected bounce' as spam then all I'm doing is reporting the mailserver that mishandled the bounce? The original ISP/Source of the spam message will get no feedback that their system has been used to send spam? As such the spammer, by using a forged 'from' address, avoids being identified as a source of spam? What to do? Any ideas much appreciated!
  6. martind

    Spammer using my domain for "From" addresses

    Hi - addition to above. Think I must be doing some wrong here - any advice much appreciated. Here's what I do: 1. Open up bounce message copy original bounced message from 'start' to 'end'. 2. Paste into my manual SpamCop report form on web. 3. Press process spam. SpamCop replies with analysis and report and saying 'nothing done' and 'recipient not associated wth your MailHosts'. If I set up a new SpamCop reporting account and carryout the same reporting sequence then SpamCop processes the spam e-mail ok and generates the appropriate messages for sending you'd expect. It seems as if because my mailbox is at SpamCop I can't report the source spam message that generated the bounce as I wasn't the designated recipient for the original spam message? Is that correct or do I need to make some adjustment to my MailHost settings? Hope this is not a dumb question - thanks in anticipation ...
  7. martind

    Spammer using my domain for "From" addresses

    Thanks for this ... not sure quite what you mean When you say turn off the catch all account, what does that mean? I use SpamCop as my primary e-mail account. Some of the bounces end up in my Inbox and some get 'recognised' by SpamCop and posted to my 'Held' mail folder. Is this the best way of operating? Not sure this is relevant as I'm using SpamCop as my primary e-mail box. I do have the option of SC DNSBL set so presumably this is what is trapping a lot of the bounces to my 'Held' mail folder? I've not found that reporting bounces (from either my Inbox folder or Held folder) has any impact on the rate at which I'm receiving bounces? What do you reckon - is it worth continuing to report them via SpamCop or should I just focus on analysing the headers and manually reporting the original messages. Thanks for your responses - 'fraid I'm just an end-user and not an expert at this...
  8. martind

    Spammer using my domain for "From" addresses

    Hi, Many thanks for your responses and reposting my message. So having read the links my understanding is: 1. There isn't anything you can do to reduce the volume of such messages you receive; and, 2. It's quite complicated, labour intensive and probably not worthwhile reporting such messages as it won't have any impact on reducing the rate at which you receive them. So in summary ... relax, and enjoy, and count yourself lucky you only receive 100 a day! Kind regards ...
  9. martind

    Spammer using my domain for "From" addresses

    Hi, I'm looking for advice and guidance on how best to use SpamCop for dealing with misdirected bounces of spam messages where the 'from' address of the original message has been forged using 'mydomain'. Apologies if this has been answered/discussed elsewhere. Over the past few months I've experienced a growing volume (from 0 to about 100 a day) of bounces from mail server administrators of spam messages because the sender of the spam has used our domain name as part of a forged 'from' address. The recipient mail server (intended end user in cases where a 'challenge/response' bounces) has correctly identified the message as spam but incorrectly identified our domain as the source. That is, in bouncing the message they have not fully analysed the header information to identify that our domain is NOT the original source of the spam message. At present, in most cases, we're simply deleting these messages to avoid the churn of spam reports being sent around. In others they may sometimes get reported through SpamCops mechanism although we try to avoid doing this. Here are my questions ... 1. Reducing the Number of Bounce Messages Received : My goal is to reduce the number of these bounce messages we receive. I guess this means reducing the number of spammers who use misuse our domain name to forge the 'from' address in the spam they send? Is there anyway of doing this or is just something you have to accept? 2. Using SpamCop to report the true source of the Original spam Message: If I use SpamCop to report the bounce message as spam all I'm doing is reporting the bounce mailserver as a source of spam. If I analyse the header information of the original spam and use this to report the spam, SpamCop won't allow me to do this as I wasn't the intended recipient of the original spam message. What's the best/recommended way of using SpamCop for reporting the original source of the spam message? Hope these questions make sense. And thanks in anticipation of any answers. Kind regards ...
  10. hi - having problems popping to my spamcop e-mail account when connecting to internet via my gprs mobile phone. connection to spamcop webmail works ok. standard internet connection works ok. telephone provider advises some pop3 e-mail accounts don't work because of port blocking and/or firewall preventing mobile access. does this apply to spamcop? any help in overcoming this problem appreciated. i'm told that sometimes if ip number for pop3 server this can work. with thanks in anticipation of your response
  11. martind

    White List - Filter Rules

    ok - thanks - I'll do that and let you know the outcome. I'll have to wait until the next one since I've deleted that message.
  12. martind

    White List - Filter Rules

    I've had other spam messages reaching my Inbox with the 'tests=none' header that do have a message body. Any ideas what might cause this? Should I post an example of such a message in the forum or report it in some special way?
  13. martind

    White List - Filter Rules

    many thanks Steve - beginning to understand how SpamCop does its stuff now!
  14. martind

    White List - Filter Rules

    Example Message 2 - this one made it to my In Box Headers ... X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade1 X-spam-Level: X-spam-Status: hits=0.0 tests=none version=2.63 X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 195.60.31.40 82.160.40.66 looks like this one has 'tests=none'. Does that mean it was able to evade any incoming SpamCop tests?
  15. martind

    White List - Filter Rules

    Example Message 1 - Headers. This one made it to my In Box ... X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6 X-spam-Level: * X-spam-Status: hits=1.5 tests=DATE_IN_PAST_06_12,HTML_40_50, HTML_FONTCOLOR_BLUE,HTML_FONTCOLOR_RED,HTML_FONT_BIG,HTML_MESSAGE, MIME_HTML_ONLY version=2.63 X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 195.60.31.40 200.75.98.183 200.75.98.183 Not sure what this means
×