Jump to content

someone else sending email from my domain


abyrne
 Share

Recommended Posts

I received an email from a lady who asked to be removed from our email list, and discovered she is not on our list. When I asked her to send me the original mail she received, she replied she had already deleted the email, but the address she had added to her "block" list is not one of ours, but it did use our domain name "[at]cptigers.org".

I assume there is nothing I can do without header information to track this down, but wanted to verify that is correct. Users don't even have to use your mail server to use your domain in the "Sent from" address, do they? Is there anything I can do to prevent this?

Thanks, Amanda

Amanda Byrne

IT Administrator

www.cptigers.org

Edited by abyrne
Link to comment
Share on other sites

...I assume there is nothing I can do without header information to track this down, but wanted to verify that is correct. Users don't even have to use your mail server to use your domain in the "Sent from" address, do they? Is there anything I can do to prevent this?
Hi Amanda,

You need the header information to track down the source/sources - assuming that almost certainly they are multiple if you could see all the forgeries in your domain name (most people know it is not really "you" so won't even complain), forging the From: address is trivial and a widely-used tactic (almost universally-used) of spammers. It is generally held to be pointless trying to get to the bottom of it though that might depend on the actual circumstances. Some past discussions here that may be of interest (just a few of the many):

http://forum.spamcop.net/forums/index.php?showtopic=5937

http://forum.spamcop.net/forums/index.php?showtopic=806

http://forum.spamcop.net/forums/index.php?showtopic=7314

http://forum.spamcop.net/forums/index.php?showtopic=478

Link to comment
Share on other sites

(...) the address she had added to her "block" list is not one of ours, but it did use our domain name "[at]cptigers.org".

I assume there is nothing I can do without header information to track this down, but wanted to verify that is correct. Users don't even have to use your mail server to use your domain in the "Sent from" address, do they? Is there anything I can do to prevent this?

You are right, there isn't much you can do to stop someone forging your domain into the "from" line. They don't need to have any association or interaction with your mail server. This is a pretty standard tactic among spammers, who need to use a valid-looking from-address so that their messages at least look kosher to some spam filters. This info is easy to forge and is therefore quite untrustworthy as you have learned.

Since you did not indicate that you got any bounces on this mailing (just the one personal reply), you may already have taken the biggest countermeasure you can -- namely, turning off "catchall" e-mail addresses for your domain (i.e., a catchall is where your mail server will forward all mails to your domain that aren't addressed to a valid username). This spares you from getting hundreds (or more) of bounces for undeliverable spams.

If you had the header of the original message, you would be able to tell where the message originated (i.e., what IP address), and you might be able to use this as the basis for a report to the provider responsible for this address. However, there's only a slim chance that any action would be taken on such a report.

This sort of thing happens to many, many domain owners every day. The spammers like to spread the joy around, however, so chances are that you won't be bothered again for awhile (at least not by this spammer).

-- rick

(edited to fix a goof)

Edited by rconner
Link to comment
Share on other sites

  • 2 weeks later...
This sort of thing happens to many, many domain owners every day. The spammers like to spread the joy around, however, so chances are that you won't be bothered again for awhile (at least not by this spammer).

...unless your domain is used by the "Russian girlfriend" spammers that have been forging my wife's address on their outgoing spew for about three months. They don't show much of a sign of letting up. I've tried complaining to the responsible parties for source IPs, but even more importantly to the hosts of the spamvertised sites, who did nothing. :-(

So, we get lots of NDRs headed for my wife's address, but most of them wind up in her Held Mail folder (SC email account). I'm seeing a LOT of similar activity related to random addresses I own/monitor. I've noticed a rather large increase of spam, both in my Held Mail and getting through to my inbox.

DT

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...