Jump to content

Someone is using my domain to spam me!


electrified

Recommended Posts

I recieved an email from someone using my own domain as their email address.

Here is a link to the report:

http://www.spamcop.net/sc?id=z369609839z11...4c661e7c0dd3b7z

I am concerned that my domain is now considered spam, because this person is using it, or because I have submitted it.

I have contacted my cable company regarding this issue since it is being done by someone in my area.

Could someone please assure me that my domain has not been screwed over?

Oren...

Link to comment
Share on other sites

IMHO, that is a virus that has been going around. Netsky possibly. I forget the names.

You probably should cancel that report because you are not allowed to report viruses through spamcop.

However, you can send the headers to the address found by spamcop with the subject as "Virus" and perhaps they will notify the sender that their computer is infected. You do not need to send the entire message - particularly the attachment. Just the headers down to where it names the attachment. Copy and paste them into a new email.

No ISP will be concerned about the From or To or even the return path containing your domain name since spammers and viruses routinely forged innocent names in those places. The only part relevant is the IP address.

Miss Betsy

Link to comment
Share on other sites

Email addresses are not used in the block list or for reporting as they are usually forged.

In this case it looks like one of rhe worms/virus infecting someones machine used your email address.

You will not have any problems and your email address will not be reported.

Link to comment
Share on other sites

The spam message:

Dear  user of Electrified.net,

Your e-mail account has been temporary disabled because  of  unauthorized  access.

For details see  the attached file.

Attached file protected with the password for security reasons. Password is 57111.

Best wishes,

    The Electrified.net  team                        http://www.electrified.net

is very similar to spams I have received with different messages following the same pattern, most recently from the notorious comcast. It always contains a virus attachment (automatically picked up by AVG). The domain name in the received header is always forged as mine in addition to the forged bogus email addresses like "support", etc..

The spam's use of your domain name may be generated directly off your own email address for the spam to you and not disseminated in other spams. The intent of the fraudulent messages is to get you to open the virus attachments.

Whether or not your domain name is forged in spams to others, your domain name in the headers will not cause your ISP to shut down your account because the IP address is not yours. Such forged names are common.

Report it directly to the abuse address for the IP address in the Received header, apparently:

host 66.235.6.81 = c66-235-6-81.sea2.cablespeed.com

rmartindale[at]gotrinity.com

Do not include the attachment -- many ISP's will bounce a complaint containing an attachment or virus.

If you don't get a response and the problem persists, report it upstream. I also block the IP address at the server and automatically bounce the spam/virus as undeliverable with a copy automatically forwarded to the relevant abuse address. Eventually they move on to another host and the whole process starts over.

Link to comment
Share on other sites

is very similar to spams I have received with different messages following the same pattern, most recently from the notorious comcast. It always contains a virus attachment (automatically picked up by AVG). The domain name in the received header is always forged as mine in addition to the forged bogus email addresses like "support", etc..

Although spam is defined as unsolicited, unwanted email, there are different kinds of spam classes. Viruses/worms are one class and are not reportable through spamcop.

Bounces that are emails sent to the return path are also spam, but are also not reportable through spamcop.

Both viruses and bounces can be reported to the abuse address found by spamcop if you do not know how to read headers yourself. The subject line should be "Virus/worm" NOT "spam" ISP's handle viruses and spam differently. Viruses come from a user who is infected unknowingly and the ISP generally gives help on how to clean his/her computer. Spammers are shut down. Also, I believe that abuse desks do not handle virus/worms, but forward them to another department. Some people advocate copying security[at] so that the proper department gets the notification directly.

Eventually they move on to another host and the whole process starts over.

Viruses do not move on to another host. They stop because the infected machine has been cleaned of the virus. Spammers do move to another host.

Viruses are not deliberately sent (except by the virus writer once). Viruses perpetuate because users open attachments and their computers become infected. The addresses that they use are collected from that computer. Your email address may be on lots of computers if you have lots of correspondents. And especially if your correspondents do a lot of forwarding and use your email address in the "group" People should use the bcc function, but many do not.

I will leave comment about bouncing viruses back to the source to people who run servers, but IIUC, viruses should be deleted, sent to dev/null, unless you intend to report to the proper address - which you do by just sending the headers, not the attachment.

Miss Betsy

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...