Theme

Welcome · log in · join	food

	All Forums		Hot Topics		Gallery

Search similar:

Forums → Software and Operating Systems →

Scam and Phishbusters → Spammer faking me as FROM:

uniqs
372

« Barracuda? • [Scam] Gold Police / Scam-Killer »

pmkdatabase7 join:2005-01-10 20150	pmkdatabase7 Member 2005-Sep-29 10:35 pm Spammer faking me as FROM: Hi, Someone is spamming using my domain name with a valid user name as FROM: and a valid MX server name/IP in the header. My server is not open relaying. The headers are faked - I have to assume that never having seen one, but it must be the case. I never see the actual spam but get 100's of ndr's and other notices about it from the recipients every day. This has been going on for a few weeks. I am worried that the domain is going to start get blocked. FWIW, I don't think this was a random selection. I think we are being targeted by a disgruntled ex-employee who is now doing spamming. Is there anything I can do to: find out who is doing the spamming; stop it; work around it so my domain does not get blocked; any other ideas/suggestions/sources of info? Thanks, Peter
	actions · 2005-Sep-29 10:35 pm ·
nwrickert Mod join:2004-09-04 Geneva, IL	nwrickert Mod 2005-Sep-29 11:52 pm It's unlikely that you will be blocked for this. It's rather common spamming practice these days. If you can configure your mail system to actually accept one of these non-delivery reports, then it might contain info that points back to the origin. However, the chances are that these message originate all over, by virtue of zombie networks.
	actions · 2005-Sep-29 11:52 pm ·
pmkdatabase7 join:2005-01-10 20150	pmkdatabase7 Member 2005-Sep-30 2:19 am I get the ndrs and filter them locally, so I can see the details of the ndr, but not the header of original spam message. I would love to get my hands on of those with the headers. I did receive one ndr from a Symantec protected system that my domain is blocked from sending to that domain, but it is not someone I am worried about. Thanks a lot for the info - I appreciate it. Any thoughts from other members would be welcome also. Peter
	actions · 2005-Sep-30 2:19 am ·
statemachine Premium Member join:2001-01-21 Si Valley	statemachine to pmkdatabase7 Premium Member 2005-Sep-30 4:03 am to pmkdatabase7 Sounds like a joe job. Fortunately, SPF was designed to specifically combat joe jobs. Publish an SPF record that states which servers are used for your outbound e-mail. And when domains that check SPF receive bogus e-mail claiming to be from your domain, it will be instantly deleted or flagged. Just having the record gives you something to point to if there are any problems. You must also consider that while the joe job is intentional, it may just be a spammer who hit upon a valid e-mail address and is using it to get past filters (and is not necessarily the work of a disgruntled ex-employee).
	actions · 2005-Sep-30 4:03 am ·

Forums → Software and Operating Systems → Scam and Phishbusters	« Barracuda? • [Scam] Gold Police / Scam-Killer »