Jump to content

Spammer using my domain for "From" addresses


justmoon

Recommended Posts

Hey everyone,

A few weeks ago I started to get lots of "Mail delivery failed" emails. Turns out that a spammer using IPs from ttnet.net.tr is using my Domain (justmoon.de) for his forged From: headers.

Right now I'm reporting all of those bounced emails, if it is possible to reconstruct the original mail.

Is there anything else I can do to stop this madness?

Thanks,

Stefan Thomas

Here is an example:

Return-Path: <xrx[at]justmoon.de>
Received: from omlttz ([88.240.178.108])
	by mx06.lax.untd.com with SMTP id AABCVYU8YARMBZ5A
	for <aguilar[at]vb.00it.com> (sender <xrx[at]justmoon.de>);
	Sun, 22 Oct 2006 03:45:42 -0700 (PDT)
Received: from [88.240.163.208] (helo=88.240.163.208)
	by omlttz with smtp (Exim 4.10)
	id 1Gbats-0004RN-8U; Sun, 22 Oct 2006 13:49:52 +0300
Message-ID: <453B4BD4.5090605[at]justmoon.de>
Date: Sun, 22 Oct 2006 13:45:40 +0300
From: Frida Harrell <xrx[at]justmoon.de>
User-Agent: Thunderbird 1.0.2 (Windows/20050317)
MIME-Version: 1.0
To: aguilar[at]vb.00it.com
Subject: covetous carbonated
Content-Type: multipart/related;
 boundary="------------060707080706080700070608"
X-Antivirus: avast! (VPS 0642-5, 20.10.2006), Outbound message
X-Antivirus-Status: Clean

This is a multi-part message in MIME format.
--------------060707080706080700070608
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
 <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<img alt="" src="cid:part1.09000109.06030904[at]justmoon.de" height="347"
 width="656"><br>
John the Stutterer was in to promote his adult film career but ended up
leaving after being insulted by his co-star. Staind also performed one
of their own songs after the karaoke contest.<br>
Howard went off on reporter John Mainelli for printing lies about his
career in his latest column.<br>
Her husband also came in with her.<br>
Howie Mandel was also in to promote a couple of things.<br>
Norm Macdonald failed to show up for his appearance.<br>
Eric the Midget called in with some new demands for his flight with
balloons. Howard also talked more about the inaccurate stories that have
been in the paper about him lately. Bubba the Love Sponge and Dee Snider
both came in to settle their feud. John the Stutterer was in to promote
his adult film career but ended up leaving after being insulted by his
co-star.<br>
Stern took a  vacation day to attend an event for his daughter. Comedian
Greg Fitzsimmons also sat in on the show. Her husband also came in with
her. Howard went off on reporter John Mainelli for printing lies about
his career in his latest column. Howard played some Gary Garver
celebrity interviews.<br>
Norm Macdonald failed to show up for his appearance. Stern took a 
vacation day to attend an event for his daughter.<br>
The Bloodhound Gang and porn star Mary Carey visited the show at the
same time.<br>
Howard went off on reporter John Mainelli for printing lies about his
career in his latest column.<br>
Mark Farner from Grand Funk Railroad also visited the show. Scott the
Engineer got a free room at the Borgata in Atlantic City thanks to one
of the Wack Packers so Howard spent some time goofing on him about
that.<br>
Sarah Silverman visited and her boyfriend Jimmy Kimmel called in to get
a few plugs for stuff he had coming up.<br>
Howard played some Gary Garver celebrity interviews.<br>
Norm Macdonald failed to show up for his appearance. The guys picked a
new Wack Pack Member from a group that entered a contest. Stern took a 
vacation day to attend an event for his daughter.<br>
Eric the Midget called in with some new demands for his flight with
balloons.<br>
They had plenty to talk about even though their planned segment where a
transsexual was going to lose her virginity kind of fell apart when the
volunteer failed to show. visited the show to promote his latest
movie.<br>
Comedian Craig Gass also visited and told some stories about his crazy
career.<br>
<br>
</body>
</html>

--------------060707080706080700070608
Content-Type: image/gif;
 name="blue jay.gif"
Content-Transfer-Encoding: base64
Content-ID: <part1.09000109.06030904[at]justmoon.de>
Content-Disposition: inline;
 filename="blue jay.gif"

[...snip...]

--------------060707080706080700070608--

Link to comment
Share on other sites

Right now I'm reporting all of those bounced emails, if it is possible to reconstruct the original mail.

Is there anything else I can do to stop this madness?

Hi Stefan. Um ... it is not permissible to "reconstruct" anything if you're doing that to send SC reports. That defies the "Material alteration" ban - see the SC FAQ.

By all means report the clueless people sending this stuff to you, but manually report the "spam" if you want to get back to those who may be able to control the spam source in Turkey or wherever (sure, using the SC parser and "reconstructed" spam).

Some suggest a little extra effort with the DNS sending you the bogus NDRs - for instance see some of the later commentary in http://forum.spamcop.net/forums/index.php?...ost&p=40286

Link to comment
Share on other sites

Is there anything else I can do to stop this madness?

Sadly, no.

The spammer has borrowed your identity but the good news is that just as quickly you'll find that they will borrow another's.

Most sufferers of this problem have learned that you are best just riding out the flood and deleting the messages that your receive as a result.

Andrew

Link to comment
Share on other sites

Hi Stefan. Um ... it is not permissible to "reconstruct" anything if you're doing that to send SC reports. That defies the "Material alteration" ban - see the SC FAQ.

Yes, sorry, English is not my native language. I mean cutting off the Mail Delivery Failed part and taking only the Original Message Follows part which leaves you with exactly what the mailserver of the recipient got.

Ok, so I'll just sit it out then. Damn I hate spammers.

Link to comment
Share on other sites

Yes, sorry, English is not my native language. I mean cutting off the Mail Delivery Failed part and taking only the Original Message Follows part which leaves you with exactly what the mailserver of the recipient got.

That's what was being described as "no, don't do this" .... What the last change in "the rules" allowed was the reporting of these bad bounces .. the reason being is that the ISP that bounced it to a forged address should not have accepted that e-mail to begin with.

Link to comment
Share on other sites

Yes, sorry, English is not my native language. I mean cutting off the Mail Delivery Failed part and taking only the Original Message Follows part which leaves you with exactly what the mailserver of the recipient got.

Ok, so I'll just sit it out then. Damn I hate spammers.

So do we all (well, at least most of us).

An advice to get rid of this flood: Those NDRs should be sent by the postmaster role account, you could try to use this as filter criteria.

And Wazoo is right: Don't cut off the "non delivery" part. Anybody who sends backscatter (i.e. accepts mail firsts, then blows back to innocent third parties like you) is almost as bad as the spammer itself.

Heck, even the *number 1* ISP in my country is blacklisted since he's unable to configure his mailservers correctly.

For more info about this problem, you may want to read:

http://www.spamcop.net/fom-serve/cache/329.html

Link to comment
Share on other sites

  • 5 weeks later...

Hi,

I'm looking for advice and guidance on how best to use SpamCop for dealing with misdirected bounces of spam messages where the 'from' address of the original message has been forged using 'mydomain'. Apologies if this has been answered/discussed elsewhere.

Over the past few months I've experienced a growing volume (from 0 to about 100 a day) of bounces from mail server administrators of spam messages because the sender of the spam has used our domain name as part of a forged 'from' address. The recipient mail server (intended end user in cases where a 'challenge/response' bounces) has correctly identified the message as spam but incorrectly identified our domain as the source. That is, in bouncing the message they have not fully analysed the header information to identify that our domain is NOT the original source of the spam message.

At present, in most cases, we're simply deleting these messages to avoid the churn of spam reports being sent around. In others they may sometimes get reported through SpamCops mechanism although we try to avoid doing this.

Here are my questions ...

1. Reducing the Number of Bounce Messages Received : My goal is to reduce the number of these bounce messages we receive. I guess this means reducing the number of spammers who use misuse our domain name to forge the 'from' address in the spam they send? Is there anyway of doing this or is just something you have to accept?

2. Using SpamCop to report the true source of the Original spam Message: If I use SpamCop to report the bounce message as spam all I'm doing is reporting the bounce mailserver as a source of spam. If I analyse the header information of the original spam and use this to report the spam, SpamCop won't allow me to do this as I wasn't the intended recipient of the original spam message. What's the best/recommended way of using SpamCop for reporting the original source of the spam message?

Hope these questions make sense. And thanks in anticipation of any answers. Kind regards ...

Link to comment
Share on other sites

I'm looking for advice and guidance on how best to use SpamCop for dealing with misdirected bounces of spam messages where the 'from' address of the original message has been forged using 'mydomain'. Apologies if this has been answered/discussed elsewhere.

Sorry, but the appearances would be that you didn't look all that hard.

I just picked one of the most recent Topics/Discussions that covered the same ground you asked about to merge" your query into. There are ton loads of others to choose from to see the same basic answers.

PM sent to advise of the 'handling' of this 'new' post.

Link to comment
Share on other sites

... Apologies if this has been answered/discussed elsewhere. ...
You didn't see My email address being forged for sending out spam or Complaining re. Earthlink's C/R spam Challenges? A quick review of those might be helpful.
...1. Reducing the Number of Bounce Messages Received : My goal is to reduce the number of these bounce messages we receive. I guess this means reducing the number of spammers who use misuse our domain name to forge the 'from' address in the spam they send? Is there anyway of doing this or is just something you have to accept?
The general consensus seems to be they move on before they make themselves too irrisistable as a target for the wroth of the righteous domain owner. As in the first of the links above, if you have the ability to inspect and reject at the SMTP level, be sure to use a 55n "permanent failure" code.
2. Using SpamCop to report the true source of the Original spam Message: If I use SpamCop to report the bounce message as spam all I'm doing is reporting the bounce mailserver as a source of spam. If I analyse the header information of the original spam and use this to report the spam, SpamCop won't allow me to do this as I wasn't the intended recipient of the original spam message. What's the best/recommended way of using SpamCop for reporting the original source of the spam message?
You can use the SC tools to obtain the detail for a manual report. You can also send a SC report to the clueless ISPs doing the bouncing (or a manual report - SC may chose not to treat postmasters as spam sources though they certainly are in this circumstance) - somewhat along the lines tried by elvey in the second link, perhaps. There's no easy path, many would say, "Just wait it out," but something a little more proactive would be my own preference.
Link to comment
Share on other sites

Hi,

Many thanks for your responses and reposting my message.

So having read the links my understanding is:

1. There isn't anything you can do to reduce the volume of such messages you receive;

and,

2. It's quite complicated, labour intensive and probably not worthwhile reporting such messages as it won't have any impact on reducing the rate at which you receive them.

So in summary ... relax, and enjoy, and count yourself lucky you only receive 100 a day!

Kind regards ...

Link to comment
Share on other sites

Hi,

Many thanks for your responses and reposting my message.

So having read the links my understanding is:

1. There isn't anything you can do to reduce the volume of such messages you receive;

and,

2. It's quite complicated, labour intensive and probably not worthwhile reporting such messages as it won't have any impact on reducing the rate at which you receive them.

So in summary ... relax, and enjoy, and count yourself lucky you only receive 100 a day!

Kind regards ...

1. Depends if you have a catch all account or not. If so, turning that off will greatly reduce the numbers.

2. If you use the SC DNSBL, then reporting them could help reduce them further as you could then be rejecting the messages. I usually manually report the first group I receive from a domain explaining the situation, then report any future ones I receive, just to reinforce the statements. Luckily, I have not had any major cases, but Postini may be handling the bulk for me.

Link to comment
Share on other sites

So having read the links my understanding is:

1. There isn't anything you can do to reduce the volume of such messages you receive;

and,

2. It's quite complicated, labour intensive and probably not worthwhile reporting such messages as it won't have any impact on reducing the rate at which you receive them.

So in summary ... relax, and enjoy, and count yourself lucky you only receive 100 a day!

No where is it stated that you control the server in question. If you do, there are a number of things you can do. Reporting them would also apply that data to the SpamCopDNSBL, which is one of those items that could help reduce that traffic.

Link to comment
Share on other sites

Thanks for this ... not sure quite what you mean

1. Depends if you have a catch all account or not. If so, turning that off will greatly reduce the numbers.

When you say turn off the catch all account, what does that mean? I use SpamCop as my primary e-mail account. Some of the bounces end up in my Inbox and some get 'recognised' by SpamCop and posted to my 'Held' mail folder. Is this the best way of operating?

2. If you use the SC DNSBL, then reporting them could help reduce them further as you could then be rejecting the messages. I usually manually report the first group I receive from a domain explaining the situation, then report any future ones I receive, just to reinforce the statements. Luckily, I have not had any major cases, but Postini may be handling the bulk for me.

Not sure this is relevant as I'm using SpamCop as my primary e-mail box. I do have the option of SC DNSBL set so presumably this is what is trapping a lot of the bounces to my 'Held' mail folder? I've not found that reporting bounces (from either my Inbox folder or Held folder) has any impact on the rate at which I'm receiving bounces? What do you reckon - is it worth continuing to report them via SpamCop or should I just focus on analysing the headers and manually reporting the original messages.

Thanks for your responses - 'fraid I'm just an end-user and not an expert at this...

Link to comment
Share on other sites

Hi - addition to above. Think I must be doing some wrong here - any advice much appreciated. Here's what I do:

1. Open up bounce message copy original bounced message from 'start' to 'end'.

2. Paste into my manual SpamCop report form on web.

3. Press process spam. SpamCop replies with analysis and report and saying 'nothing done' and 'recipient not associated wth your MailHosts'.

If I set up a new SpamCop reporting account and carryout the same reporting sequence then SpamCop processes the spam e-mail ok and generates the appropriate messages for sending you'd expect.

It seems as if because my mailbox is at SpamCop I can't report the source spam message that generated the bounce as I wasn't the designated recipient for the original spam message? Is that correct or do I need to make some adjustment to my MailHost settings?

Hope this is not a dumb question - thanks in anticipation ...

Link to comment
Share on other sites

It seems as if because my mailbox is at SpamCop I can't report the source spam message that generated the bounce as I wasn't the designated recipient for the original spam message? Is that correct or do I need to make some adjustment to my MailHost settings?

You are not permitted to send reports using spamcop for messages that were not sent to you. You can report the bounce itself, but since you were not the recipient of the original spam, you have no way to know if the last received header is correct, or if it is simply a spam made to look like a bounce to fool filters.

Do people email you directly at you[at]spamcop.net, or are you forwarding from another domain to spamcop? If you are forwarding, do you receive only mail to you[at]yourdomain.com, or will you receive mail sent to anybody[at]yourdomain.com (no matter what is put in anybody)? If that were the case, then it would be a "catch-all" account because it catches all the email sent to your domain regardless of recipient. These were a pretty good idea years ago, but the spammers have pretty much ruined it. If you have your domain set up in that manner, I would strongly suggest disabling the catch-all, as it is likely the source of 90% of your bounce spam.

Link to comment
Share on other sites

When you say turn off the catch all account, what does that mean? I use SpamCop as my primary e-mail account. Some of the bounces end up in my Inbox and some get 'recognised' by SpamCop and posted to my 'Held' mail folder. Is this the best way of operating?

Sorry. I misunderstood that all these bounces were going to your specific email address. Often, a person will come in here that has all undefined addresses on their domain pointing to a specific address which is being bombarded with bounces. If these are being sent directly to your spamcop.net account, there is little you can do about them.

Not sure this is relevant as I'm using SpamCop as my primary e-mail box. I do have the option of SC DNSBL set so presumably this is what is trapping a lot of the bounces to my 'Held' mail folder? I've not found that reporting bounces (from either my Inbox folder or Held folder) has any impact on the rate at which I'm receiving bounces? What do you reckon - is it worth continuing to report them via SpamCop or should I just focus on analysing the headers and manually reporting the original messages.

Most people do not consider mail being delivered to their Held Mail folder as "being delivered". If it is not taking up too much of your time, them continue reporting. Or only report a small fraction.

Hi - addition to above. Think I must be doing some wrong here - any advice much appreciated. Here's what I do:

1. Open up bounce message copy original bounced message from 'start' to 'end'.

2. Paste into my manual SpamCop report form on web.

3. Press process spam. SpamCop replies with analysis and report and saying 'nothing done' and 'recipient not associated wth your MailHosts'.

If I set up a new SpamCop reporting account and carryout the same reporting sequence then SpamCop processes the spam e-mail ok and generates the appropriate messages for sending you'd expect.

It seems as if because my mailbox is at SpamCop I can't report the source spam message that generated the bounce as I wasn't the designated recipient for the original spam message? Is that correct or do I need to make some adjustment to my MailHost settings?

Hope this is not a dumb question - thanks in anticipation ...

No dumb questions... only dumb answers ;)

You are correct that because the original message was not directed to you, it is not your spam to report. You can always report the bodies manually.

You are allowed to report the actual bounce messages themselves. That is what I was referring to above. The domains sending you the bounce messages are the ones filling your inbox.

Reporting from your SpamCop account is as simple as selecting the messages and hitting the "report as spam" link. No additional steps are necessary, and often are not allowed for submitting reports.

Link to comment
Share on other sites

  • 2 months later...

[this is a fairly lengthy posting about spam problems where our domain name is being fraudulently used as a cover for sending spam. If this is of interest please read on and share your views, if not ... please pass on]

I thought I'd record my continued experience of dealing with mis-directed bounces [see thread above] where my domain name has been forged as part of the 'from' address, and my attempts at reducing misuse of our domain name as a cover for sending spam. Any comments or feedback would be much appreciated!

[background: I work on my own running a small business. I have a couple of domain names I own that our hosted for me. E-Mail received at these domains is forwarded to my SC e-mail box. I pick up all my mail from my SC box. I do not publish or use my SC e-mail address directly. I use a couple of e-mail addresses for different kinds of work e.g. abc[at]domainname1.com & efg[at]domainname2.com. All mail sent to domainname1.com or domainname2.com ends up in my SC mailbox. I could 'trash' any misaddressed messages at the host directly and only forward messages to my SC box that are correctly addressed but choose not do this. Why? Because someone might mistype my address and having all messages forward [e.g. anyname[at]domainname1.com] allows me to see if spammers are misusing our domain name. Perhaps this reasoning is wrong?]

Since the earlier conversation above I've pursued two separate strategies ...

1. For December 2006 and first half of Jan 2007: I deleted misdirected bounces hoping that the 'spammer(s)' would eventually move on and stop using our domain. The number of 'back reported' [misdirected bounces] I received where our domain name had been forged remained pretty constant [about 100 per day]

2. From mid-Jan 2007 until now: I have been reporting all misdirected bounces using SC's standard spam reporting - direct from my SC webmail account. I have also been taking each returned message [attached, or included, as part of the misdirected bounce message], manually analysing the headers using SC (at www.spamcop.net) [as if I were the intended recipient of the original spam message] and reporting them through SC using a separate SC account that I have set up just for that purpose. In addition for some of the domains that analysis has revealed as a major source I have sent manual reports to the domain administrators directly. My hope was that this reporting would reduce misuse of our domain and encourage spammers to stop misusing our domain name. This reporting has had little or no impact on the number of 'misdirected bounces' we receive - if anything the number may have increased slightly. More recently, as I have become more aggressive in my SC reporting I have noted changes in the spam messages being reported by the misdirected bounces. The number of different domains from which spam seems to be originating, using our domain name, has increased. And the spam messages [using 'from' addresses such as 'anything[at]ourdomainname'] are being sent to multiple recipients at a domain causing multiple 'misdirected bounces' for each spam message. The message from the spammer(s) seems to be 'stop reporting these spam messages or I'll make life more difficult for you, and I'll carry on using your domain name for as long as I like!' Am I being paranoid?

All the above is to say that I'm confused and would welcome advice. My aim is twofold: to protect our domain name from misuse, and do my [little] bit helping report/reduce spam.

Some thoughts and questions:

  1. Presumably not all spam messages sent using our domain name end up as 'misdirected bounces' since some receiving mailservers will correctly recognise them as spam messages and that the 'from' address has been forged and won't send a bounce back to the forged 'from' address? If so then the number of spam messages being sent making fraudulent use of our domain name will be much greater? I wonder by how much 10, 100, 1000?
  2. If I just report the 'misdirected bounce' as spam then all I'm doing is reporting the mailserver that mishandled the bounce? The original ISP/Source of the spam message will get no feedback that their system has been used to send spam? As such the spammer, by using a forged 'from' address, avoids being identified as a source of spam?

What to do? :blink: Any ideas much appreciated!

Link to comment
Share on other sites

Don't have time for a real thorough response, but here's what I've got at the moment...

I'm currently experiencing exactly the same thing as you, but on a smaller scale, because I don't allow a "catch all address" at any of my domains (and you shouldn't either....make your addresses easy to type and people won't have problems with them).

My wife's address just got used in the "from" for a spam run sent all over the world, and she reported to me that she was getting NDRs in her SpamCop email account inbox. So, after determining that the messages were being sent from a variety of dynamic IPs in South America (Argentina, Brazil, Colombia, etc.), I decided to simply add some filters to her SC webmail login and have her login there several times a day to let the system automatically scrape stuff coming from "postmaster" and "MAILER" addresses (including "MAILER-DAEMON") into her Held mail, where I can get at it, but it doesn't bother her. I was sure to activate these two "Filter Options":

Apply filter rules upon logging on?

Apply filter rules whenever INBOX is displayed?

During the spam run, I noticed that more and more of the NDRs were getting filtered into Held by the other filtering methods (mostly SpamAssassin) available to SC email account holders. In fact, I think the run is pretty much over, and out of 63 NDRs in Held mail, 48 of them were put there before we even noticed them, and the others by the webmail filters.

Most of the spams contained a URL pointing to the domain "theloveisonline.com" which the SC reporting system can no longer resolve because the nameservers have been disabled, I think. I was too busy this week to do any further detective work.

So...regarging what you can do...the first thing is to stop using a "catch all" address at any domains you own.

DT

Link to comment
Share on other sites

I have also been taking each returned message [attached, or included, as part of the misdirected bounce message], manually analysing the headers using SC (at www.spamcop.net) [as if I were the intended recipient of the original spam message] and reporting them through SC using a separate SC account that I have set up just for that purpose.

I think you'll find that this is an absolute breach of the Spamcop rules. As I understand it, you may only report the messages you have received yourself. So reporting the misdirected bounce is acceptable but extracting the original spam and using SpamCop to report that spam is not permitted. You may, of course, use SpamCop to identify the source and then manually report the information but you may not use SpamCop to submit the reports as you describe.

Andrew

Link to comment
Share on other sites

<spam>

Some thoughts and questions:

  1. <snip>
  2. If I just report the 'misdirected bounce' as spam then all I'm doing is reporting the mailserver that mishandled the bounce? The original ISP/Source of the spam message will get no feedback that their system has been used to send spam? As such the spammer, by using a forged 'from' address, avoids being identified as a source of spam?

What to do? :blink: Any ideas much appreciated!

Hi!

...This is what SpamCop seems to expect you to do, per the rules ("spam within other messages"). It is up to the original receiver of the spam to report the abuse, not you. :) <g> However, if you wish to be proactive, you can submit a manual report, as Andrew suggested immediately above.

Link to comment
Share on other sites

So...regarging what you can do...the first thing is to stop using a "catch all" address at any domains you own. DT

Thanks for this. Yes, I have the facility at each of the domain names to only forward named mail [such as myname[at]domainname.com] to SC and separately trash anything else [such as any-other-name-apart-from-my-name[at]domainname.com]. If I do this though won't I lose any visibility of when people are abusing our domain name? If so, does this matter - should I just filter as you suggest and not worry if people are fraudulently using our domain name and trying to ensure that such abuse is reported?

I think you'll find that this is an absolute breach of the Spamcop rules.

Thanks for this. I didn't realise that and guess I will have to stop doing it! However, if I don't report them doesn't that mean that any abuse of our domain name as a cover for sending spam will go unreported?

Link to comment
Share on other sites

If I do this (turning off catch-all addresses) though won't I lose any visibility of when people are abusing our domain name?

Yes, probably so, but you'll also have more time for the more important things in life. :-)

If so, does this matter - should I just filter as you suggest and not worry if people are fraudulently using our domain name and trying to ensure that such abuse is reported?

Unless you're getting angry emails from recipients of the spamming, or there are other problems, such as the spam being published online, exposing your email addresses (do some Google and Google Groups searches to find out), then I'd not waste much time on it, because it will likely be the digital equivalent of "tilting with windmills." It's up to you. If you want to try to do something about it, you'll have to be extremely persistent and assertive.

DT

Link to comment
Share on other sites

It is worth it, IMHO, to report the misdirected bounces because most of them come from people who are merely ignorant of the damage they are causing. Once they get blocked, they learn how to avoid hurting innocent people.

Spammers are going to spam. Perhaps, in time, if their spam is mostly blocked, their revenue will go down enough to not make it worthwhile. However, the phishes and scams are so profitable from just one or two hits that they are likely to continue so blocking and filtering will have to be the norm - just like locked doors and alarms are in our offline neighborhoods.

IMHO, blocking spammers is the most effective way of 'hurting' them.

Miss Betsy

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...