Spammers using my domain

[Norman1961]

Hi everyone Im new to this and need some help fast.

On Friday I started getting loads of Returned and message undliverable stuf from German French and Belgian mail servers. Adressed to me at my domain. At present I am getting about 5 a minute.

I immediately emailed the registrars support address and asked him if he could do anything about it. NO RESPONSE.

So i decide to look into it myself. In the headers the spam started at all different ip's but was sent through the registrars mail server mailjusthename.co.uk.

Next I tried lookingup some of the domains linked to in the message bodies. These all 13 different ones pointed to a suppoosed online software shop selling $400 software for £40. That sounde dodgy so I did a few whois's on the domains.

They were all registered on Thursday at the same registrar in China. The owner of the domain is reported to be Alan Feur which is supposed to be an author of war novels.

The address of the owner is a house that was forclosed by a bank and is included in an auction next month.

The contact telephone numbers are all different with the US area code 212 43******

What can I do because the guy who controls the mail server is not doing anything about it.

I tried getting the DNS to point to a dynaic dns service with no MX record for a couple of days but that's no use.

I am in the UK and I dont know where to go next.

[Farelf]

...

On Friday I started getting loads of Returned and message undliverable stuf from German French and Belgian mail servers. Adressed to me at my domain. At present I am getting about 5 a minute....

Hi Norman,

Spammers spoofing our e-mail address so clueless mail admins send non-delivery reports to the real owner of the address? Relax, it happens to all of us and usually goes away when they move on to the next address to spoof. There are plenty of references to it 'here' if you want to look around (the search box at the top of each page, the FAQ http://forum.spamcop.net/forums/index.php?showtopic=203 etc.). If it is a longer-term problem you might like some advice on keeping the stuff out of your inbox - you will need to say more about your hardware, software and networking arrangements in that case.

If you are a SC reporter you can report this 'backscatter' by the way - in the faint hope the resulting reports might contribute to the education of the indocible.

[Norman1961]

Hi Norman,

Spammers spoofing our e-mail address so clueless mail admins send non-delivery reports to the real owner of the address? Relax, it happens to all of us and usually goes away when they move on to the next address to spoof.

Thanks for that Farelf.

It only worries me because they are using my real name in the from address and my business domain. The domin in question isn't hosted but forwarded to my main business domain. I dont use the email at the spoofed domain but I have catch all email forwarding to my personal e-mail adddress. For genuine business I only use email addresses at my main domain

If I am getting circa 400 hundred faill mesages a day they must be sending out thousands of spams a day.

In light of my investigations and the frudulent activity I uncovered, I am worried that either me or my domain may be linked to criminal activities.

I am still getting bouced fail messages returned as I type this. They seem to be more prolific. It has gone on for 4 days I have never known a spam attack to go on this long.

I have registered as a SC reporter but I am unsure of how to do it. I am also wary of reporting in case my domain which incidentally acounts for 90% of my web traffic and my sales is blacklisted.

Norman

[Farelf]

...I have registered as a SC reporter but I am unsure of how to do it. I am also wary of reporting in case my domain which incidentally acounts for 90% of my web traffic and my sales is blacklisted.

Sounds like this would be a good time to learn then Norman. First up, try pasting the full spam with headers into your members' page (members.spamcop.net - use one of the options at http://www.spamcop.net/mcgi?action=loginfo...nonsignup.shtml - login on that page or go to the "HTTP basic auth" sign-on). Ways to get the full headers are covered in http://www.spamcop.net/fom-serve/cache/19.html (How do I get my email program to reveal the full, unmodified email?). You can then assure yourself that your IP address is not implicated (99%+ probability it is not) or cancel the report if it is (you seem to have the research ability to check ownership of IP addresses if you are unsure, or you can come back for advice).

Bulk submission of the backscatter (by email - much less effortful than copying and pasting one at a time) won't stop it but you can certainly report it - the section http://forum.spamcop.net/forums/index.php?showtopic=2385 may help to see how others use various configurations (the Wiki version is apparently/maybe hors de combat at the moment). Filtering options can be discussed for ways to keep the stuff out of your inbox if you want/need to do that.

But first get an example parsed and bring it back here if necessary (the "Here is your TRACKING URL - it may be saved for future reference:" link in the parse). Just cancel the report first if you do that (you can always resubmit if it is not too old). The intention is to initially use the parser to assure yourself your machine is not the one spamming which it almost certainly isn't.

[Miss Betsy]

Most people have turned off the 'catch-all' since spammers started trying every combination of names found with every domain name they can find.

Miss Betsy