How to report when domain is targeted

[sparkz]

In the past I wasn't so concerned about spam as my filtering software gets nearly 100% of it. However, recently a individual SPAMer has started hitting my personal domain (they all point to the same web site registered by someone in China). Trying to guess addresses within it. Consequently, filtering software or not it's becoming a real pain as it's bringing my system to a standstill at times and even crashing it on one occasion. I've had thousands in one day!

When things get really desperate I can turn on the delete function at my ISP but I tend to loose some legitimate emails with this option. I tend to go for the filter at my end because if I loose an email I can scan the garbage if one goes missing.

I'm not too sure how I should be reporting these emails. They come in groups with the same message but different recipient. Should I just be submitting one of each? I'm not even sure reporting is going to make any difference but I feel I have to try something.

Thanks

Mark

[Farelf]

Hi Mark,

If they have different recipients (and/or different message IDs) they're different spam, there's no problem with reporting them all (they're not "duplicates", no matter how similar they might be).

As for the aspect that some of the "recipients" are just guessed addresses, not real, I'm not absolutely sure, being just an individual reporter, but there's nothing in the rules prohibiting it (On what type of email should I (not) use SpamCop) and I certainly get the idea other admins report for their domains in similar cases.

As you say, reporting may do no good, we can never be sure. There again there may be different numeric IP addresses, your reporting volume relative to their output might help get them onto the SCBL (thereby benefitting others), all sorts of possibilities. Since you're already under attack, the prospect of "retribution" (by them for you reporting them) would not seem to be a factor at any rate.

Good hunting!

[Derek T]

spam as my filtering software gets nearly 100% of it. However, recently a individual SPAMer

Just a small point of etiquette/nomenclature spam is a delicious chopped ham and pork product and is a registered trademark. spam is far less tasty! The manufacturers of the former get quite upset (uderstandably) at people confusing the two

I am not a SpamCop employee, just a very happy user, but have you considered forwarding ALL your mail to a paid spamcop account (US$30 a year) and then POPing (or IMAPing) your mail from there? Many of us do. That way the spam ends up in a 'heldmail' folder and is very easily reported while the genuine mail gets through. The number of false positives drops rapidly as you build your personal whitelist. The advantages of this over filtering on content is are (i) you never POP the spam onto your own machine and (ii) SpamCop uses real-time blacklists of spamming server IP's and so is able to react very quickly to ongoing spews.

hth

Derek

[sparkz]

Just a small point of etiquette/nomenclature spam is a delicious chopped ham and pork product and is a registered trademark. spam is far less tasty!

I always thought that spam was an acronym, hence the uppercase. Guess not?

Thanks for your replies guys.

Yes, I am considering the SpamCop Email system. I must look into it more. I don't know if the high volume of spam I've been getting of late would cause a problem. The day day I had over 1000! On a good day I get around 100. Problem is I'd want to keep the rejected emails to reclaim ones which have slipped through. Also, I wonder when I go away on holiday if keeping so many emails would be a problem. I have a very large email box at my current provider. I thing I like about my current system is that it's so easy to search through the rubbish to reclaim incorrectly identified emails.

Mark

[Ray]

I'm suffering from the same situation. Basically 3 diffierent pitches being sent to any_name_from_a_to_z <at> mydomain.com. Hundreds of them through open proxies, links hosted in CN and KR. offersatwork.biz, clicknsaving.com, eloanlenders.com, crvalues.com, finalsavings.com, mrmort.com and more.

Added this edit... valuedclientmtg.com, esbalenders.com, ournewhomeloan.com and I'm sure more to come

I've had this happen in a very different way in the past, spammer uses bunch_o_names <at> my domain.com as the reply-to addy.

String of explitives describing the perping scum excluded.

I'm reporting as many as possible but many of the 200+ I received overnight got trashed. I don't have the time.

[StevenUnderwood]

Basically, it is no longer a good idea to accept all emails to your domain. If you only accept the valid email addresses, you would have that much less spam to deal with.

If you have quick reporting capability, you could do that to report the source at least. Replace submai with quick in your submit email address and follow the instructions to get it enabled. You could also have your domain email forward to spamcop for reporting purposes.

[Spambo]

I always thought that spam was an acronym, hence the uppercase. Guess not?

spam™ is an acronym, IIRC for Spiced Ham, but it is also a trademark for a meat product manufactured by the Hormel Foods Corporation and they have asked that the word describing junk email NOT be written in all capital letters. www.spam.com

[Ray]

Basically, it is no longer a good idea to accept all emails to your domain. If you only accept the valid email addresses, you would have that much less spam to deal with.

Yea I know. But for a number of reasons I like to know about all the mail coming to this domain.

If you have quick reporting capability, you could do that to report the source at least.

That sounds like the best way to go. it's pretty obvious the hosts of the spamvertised sites aren't going to do anything quickly if at all.

I'm still getting 10-20 an hour from what appears to be the same source (on top of the regular stuff).

[sparkz]

Basically, it is no longer a good idea to accept all emails to your domain.  If you only accept the valid email addresses, you would have that much less spam to deal with.

I know what you mean but apart from family addresses I use it for passing unique addresses to third parties. On a number of occasions this has been useful although more with sourcing viruses than spam I must admit.

Mark

[StevenUnderwood]

Basically, it is no longer a good idea to accept all emails to your domain.  If you only accept the valid email addresses, you would have that much less spam to deal with.

I know what you mean but apart from family addresses I use it for passing unique addresses to third parties. On a number of occasions this has been useful although more with sourcing viruses than spam I must admit.

Mark

It is a little more work, but you can still create a uniqe address to accept each time you give one out. That way you are less likely to suffer a dictionary type attack which could overwhelm your machine or internet connection.

[Ray]

I'm starting to wonder if this behavior isn't part of some strange spammer vs. spammer joe job.

I'm continuing to get in the same kind of stuff in the way described previously but a whole new set of spamvertised URLs. All of them appear to be mortgage spew.

Also someone (possibly the same moron) is using a similar list for the same domain under my control for the reply-to address being sent to a large number of AOL addys resulting in bounces. As far as I can gather also mortgage spew.

I've got to wonder just what the perpetrator thinks this is going to accomplish?

[sparkz]

A PC which had my email address on it got infected with a trojan virus. I could tell where it came from because of the unique address I had used. The virus got sent out in some instances with my name as the sender (because it got bounced back to me). Before long I was getting regular bounces for spam as well which I hardly ever used to get.

The domain bashing seems to have abated but I'm still getting a fair bit of regular spam. Around 125 per day at present. Most of which, likes Ray's, going by the content is from a few sources. In my case I've got those miracle pills, cable tv, debt elimination, mortgages (you're not the only licky one) when seem to come more or less every hour on the dot.

It also seem that the originating network are concerned about spamming because any number of complaints don't have any affect. The worse is a particular network in China it seems.

I'm thinking about moving to another email forwarding service which allows more control over the filtering - like blocking ranges of ip addresses which in my case would sort out half of the spam in one fell swoop. The spam detection type I find too risky because in the past I've lost legitimate emails - usually online purchase types. Quite often you don't know exactly where this is coming from and so can't setup a white list entry in advance.

Mark