dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
580
markcart
Premium Member
join:2003-04-24
Columbus, OH

markcart

Premium Member

SPAMers using my domain name

I've recently gotten 100's of reject/challenge messages in my forwarded catch-all email. Someone from overseas is sending spam using bogus username@mydomain.com.

Guess there's not much I can do about that, but wanted to know how I should set my catch-all. Should it "bounce the message if no match is found" or "drop the message and do nothing" or "forward it".

The SPAM seems to be lightening up quite a bit. It was pretty heavy the last two days. Do these spammers tend to use you forever or move around to different domains?

Any links or good search phrases where I can learn?

Thanks

Mospaw
My socks don't match.

join:2001-01-08
New Braunfels, TX

Mospaw

They kind of come in waves. I get them all the time on my domains with catch-alls. Sometimes hundreds in a week, and then nothing for a while...

If the spammers are kind enough to use the same email address, you might be able to set it up so that particular address is rejected or emails thrown into the bit bucket on the server level.

GeekNJ
Premium Member
join:2000-09-23
Waldwick, NJ

GeekNJ to markcart

Premium Member

to markcart
I removed my catch all because of this. I'd have hundreds of spam per day - direct and "undeliverable" replies.

For me, I just remove the account assigned to the catch all. If I had to select one of your options, I'd drop the message. If you bounce it, then like you receive "undeliverable" messages, you'd be sending those to the poor folks that had their email address spoofed as the from address.
markcart
Premium Member
join:2003-04-24
Columbus, OH

markcart

Premium Member

Thanks for your comments. So this is a common occurrence? This is my first experience with it, so I kind of got nervous. I was thinking that my domain would be banned or put on some blacklist since a bunch of "different-usernames@mydomain.com" were being used as the "From" address in SPAM mail.

I guess since mydomain.com resolves to a different IP address than the spammers sent the messages from then I have nothing to worry about. Properly prepared abuse complaints would be sent to the origination IP not the domain name owner?

rjackson

join:2002-04-02
Ringgold, GA
Netgear R6400
Switches Trash Bin
Apple AirPort Extreme (2011)

1 recommendation

rjackson to markcart

to markcart
said by markcart:

Any links or good search phrases where I can learn?

Yep. It's known as a joe job.
markcart
Premium Member
join:2003-04-24
Columbus, OH

markcart

Premium Member

Thanks, that was informative. The best I can tell from what is being returned in the delivery failure messages is the SPAM being sent out is the typical random words in the message body along with a .gif image that contains the real advertisement. I've seen one for a "hot stock pick".

nixen
Rockin' the Boxen
Premium Member
join:2002-10-04
Alexandria, VA

1 recommendation

nixen to markcart

Premium Member

to markcart
said by markcart:

Thanks for your comments. So this is a common occurrence? This is my first experience with it, so I kind of got nervous. I was thinking that my domain would be banned or put on some blacklist since a bunch of "different-usernames@mydomain.com" were being used as the "From" address in SPAM mail.

I guess since mydomain.com resolves to a different IP address than the spammers sent the messages from then I have nothing to worry about. Properly prepared abuse complaints would be sent to the origination IP not the domain name owner?
Competent mail admins won't ban a domain because of forged Froms.

You can, however, help admins at other sites by using things like SPF or DomainKeys on your domain.

-tom

sporkme
drop the crantini and move it, sister
MVM
join:2000-07-01
Morristown, NJ

sporkme to GeekNJ

MVM

to GeekNJ
said by GeekNJ:

I removed my catch all because of this. I'd have hundreds of spam per day - direct and "undeliverable" replies.
Catch-alls are so '90's.

Personally I think anyone that uses them is something of a masochist.

HardwareGeek
join:2003-11-15
Brooklyn, NY

HardwareGeek to markcart

Member

to markcart
I bet they are just using your domain as the reply-to email and not the email they are sending the spam from.

RadioDoc

join:2000-05-11
La Grange, IL

1 edit

RadioDoc to markcart

to markcart
Had that happen to me mid-2006. I just deleted the catch-all forward and ignored the errors. Until I did that I was averaging 200 or more of them a day. They were all random character names so they were impossible to filter out. It's just part of life on the 'net...

MxxCon
join:1999-11-19
Brooklyn, NY
ARRIS TM822
Actiontec MI424WR Rev. I

MxxCon to markcart

Member

to markcart
said by nixen:

You can, however, help admins at other sites by using things like SPF or DomainKeys on your domain.
indeed. it will reduce amount of bounce messages with faked "FROM:" header.
markcart
Premium Member
join:2003-04-24
Columbus, OH

markcart

Premium Member

Thanks everyone, I truly appreciate your comments and pointers. Now I completely understand what has happened. I will be implementing SPF very soon.
Have a good weekend!

craig70130
Premium Member
join:2004-04-27
New Orleans, LA

craig70130

Premium Member

Funny topic as I'm right now removing the last catchall from the domains I manage. Had 30+ domains, many with 50+ email addresses. What a pain but worth it.