Jump to content
klappa

Massive spam increase

Recommended Posts

Two weeks ago i had no spam if very rarely, maybe one or two at most per month if that even. Now i get two dozens spams or phishing mails from the same spambot network which are hacking sites to plant their php scripts to redirect unaware victims to. I have been using this mail for a couple of years now and somehow suddenly some careless sh**head of site administrator have gotten their site or forum hacked where my mail been on to.

There's no way i could report every one of those spams manually using Spamcop since they are so frequent. Mailing the registrars about the hacked domains is useless to in this case.

What should i do?

Share this post


Link to post
Share on other sites

Same here.
Been blowing through Gmail's spam filters even :wacko:

Share this post


Link to post
Share on other sites

This is one of the rare occasions I'd trot out Yahoo's standard response: "The easiest way of reporting spam is to use the 'Report spam' button." (Usually I'm muttering and cussing when I get that response, often in response to trying to report spam by forwarding some spam as an attachment from Thunderbird.)

Share this post


Link to post
Share on other sites

I have lots of domains and when I deal with any organisation/person  I create a mailbox specifically for them (Anothercompany@adomain.com) so when I get spammed I know where the leak is and I just delete the account and let them bounce. If I have to continue communicating with them I create another mailbox. I can say that that some people get really snotty when you can categorically say they got hacked (1and1 hosting...) 

Share this post


Link to post
Share on other sites
On den 3 augusti 2016 at 7:54 AM, Geek said:

Same here.
Been blowing through Gmail's spam filters even :wacko:

Feel for you!

18 hours ago, lisati said:

This is one of the rare occasions I'd trot out Yahoo's standard response: "The easiest way of reporting spam is to use the 'Report spam' button." (Usually I'm muttering and cussing when I get that response, often in response to trying to report spam by forwarding some spam as an attachment from Thunderbird.)

Same here. They don't do jack sh**.

9 hours ago, spinner said:

I have lots of domains and when I deal with any organisation/person  I create a mailbox specifically for them (Anothercompany@adomain.com) so when I get spammed I know where the leak is and I just delete the account and let them bounce. If I have to continue communicating with them I create another mailbox. I can say that that some people get really snotty when you can categorically say they got hacked (1and1 hosting...) 

The problem is i don't own these domains. I use an e-mail service which doesn't have that function.

Edited by klappa

Share this post


Link to post
Share on other sites
On 8/3/2016 at 11:26 PM, spinner said:

I have lots of domains and when I deal with any organisation/person  I create a mailbox specifically for them (Anothercompany@adomain.com) so when I get spammed I know where the leak is and I just delete the account and let them bounce. If I have to continue communicating with them I create another mailbox. I can say that that some people get really snotty when you can categorically say they got hacked (1and1 hosting...) 

Glad to know I'm not the only one that does this! However, I do it by manually editing /etc/aliases on a Linux server. I'm guessing you found an easier way. Do you use any particular service provider that makes it easy to create/delete mailboxes? And do you end up having to check each account individually or do they get combined somehow? Thanks!

Share this post


Link to post
Share on other sites

I use sneakemail DOT com to create unique, disposable email forwarding addresses. The received email messages are tagged so you easily tell which email address was used.

If you have a Linux server, you could accomplish the same thing. I've been intending to do that myself.

Share this post


Link to post
Share on other sites

That might work. If you delete an address, does mail bounce so the sender knows they didn't reach you?

Share this post


Link to post
Share on other sites

The hosting I've got has a ridiculous number of mailboxes as part of the package and depending on how often I'm thinking I'll need to communicate with some person/business I will either.

1 create a mailbox and add it into my mail client (thunderbird).

2 Create a mailbox with a forward to a general account and use webmail for replies.

3 Use a domain that hasn't been spam flooded and can be used with a catch all (*@adomain.tld).

4 create a subdomain with a catch all and at the first sign of spam delete it.(acompany@subdomain.domain.tld)

I have no Idea whether the sender receives a bounce or not but I don't care as usually the sender or reply to is a fake anyway, A person I want to communicate with I will notify of alternatives from a different address.

I had an account that I was using with imap and  a catch all - somehow the spammers hoovered up all the addresses that I'd sent or received for that domain so I had to turn off the catch all and delete the mailboxes then notify the people I still wanted to communicate with of a new address. 

Hopefully that covers it - except the one about the spammers picking up my spamcop submit address so when they do a run of spam I get a load of error reports because they're actually sending spam direct to my reporting address (please spamcop put a link in the error report for me to say it was spam and process it).

Share this post


Link to post
Share on other sites

As an added note I believe that "mail delivery failed" is no longer a desired response from mail servers as the spammers were using it as a "backsplatter" technique by sending spam to a known nonexistent address on an obliging server but with the intended recipients as the the senders people would get the failed as though it was from themselves. (that felt a bit like mental gymnastics)

Share this post


Link to post
Share on other sites

Thanks for your detailed responses. You have a good point about backscatter. I realized, to my horror, that my server could be doing exactly that.

Fortunately, it's not, at least when testing using my mail client. Instead of generating a bounce, my server refuses to even accept the message and "rejected RCPT <address>: Unrouteable address" shows up in my /var/log/exim4/rejectlog. I know testing from one mail client may not cover every scenario, but at least I know it's not as wide open as I feared. If anyone knows of other scenarios I should test, I'd love to hear about it. 

One note for anyone else running exim4 (at least whatever version came with my Debian server): If your server is configured to relay mail for an IP address, connections from that IP address can generate backscatter instead of performing the behavior mentioned in the previous paragraph, but then you shouldn't be relaying mail for an IP address unless you really trust it not to use your server to send inappropriate mail.

One final note on backscatter, there's a pretty good article (IMHO) on Wikipedia [Backscatter (email)] if anyone is interested in reading more, and it even links back to our own FAQ.

Back to the topic of mailboxes, creating a mailbox with a forward sounds good. In my particular case, it looks like my hosting provider only allows 5 mailboxes, but then it's free so I can't complain. This certainly gives me some options to consider if I need to make changes in the future though, and that's much appreciated, as I'm almost allergic to spam.

Share this post


Link to post
Share on other sites

With GMail, you can simply add "+whatever" onto your username to create unlimited, instant aliases.  I set up something similar on my mail server hosted at Site5 using filters on the catchall address.  Technically these alias emails come in under the catchall, then filters sort them into users' mailboxes.  But it still ends up that I can create a "new" email address on the fly and it will end up in my own mailbox.

The aliases themselves don't do anything to stop spam, but they make it easy to identify the source and filter it if it becomes a problem.

Share this post


Link to post
Share on other sites

There's backscatter and there's backscatter. When I was running my own email server a couple of years ago, I found that it's usually safer (and easier) to reject an unwanted email during the SMTP interaction between servers and before the message is completely handed over to your server. That way, the responsibility for properly disposing of unwanted emails (possibly with forged sender credentials) remains with the server that tried to deliver it to yours, and you don't have to worry about the trustworthiness of any addresses you might consider as an appropriate recipient of bounce messages.

Edited by lisati

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×