markcart Premium Member join:2003-04-24 Columbus, OH |
markcart
Premium Member
2007-Mar-2 7:08 pm
SPAMers using my domain nameI've recently gotten 100's of reject/challenge messages in my forwarded catch-all email. Someone from overseas is sending spam using bogus username@mydomain.com.
Guess there's not much I can do about that, but wanted to know how I should set my catch-all. Should it "bounce the message if no match is found" or "drop the message and do nothing" or "forward it".
The SPAM seems to be lightening up quite a bit. It was pretty heavy the last two days. Do these spammers tend to use you forever or move around to different domains?
Any links or good search phrases where I can learn?
Thanks |
|
MospawMy socks don't match.
join:2001-01-08 New Braunfels, TX |
They kind of come in waves. I get them all the time on my domains with catch-alls. Sometimes hundreds in a week, and then nothing for a while...
If the spammers are kind enough to use the same email address, you might be able to set it up so that particular address is rejected or emails thrown into the bit bucket on the server level. |
|
GeekNJ Premium Member join:2000-09-23 Waldwick, NJ |
to markcart
I removed my catch all because of this. I'd have hundreds of spam per day - direct and "undeliverable" replies.
For me, I just remove the account assigned to the catch all. If I had to select one of your options, I'd drop the message. If you bounce it, then like you receive "undeliverable" messages, you'd be sending those to the poor folks that had their email address spoofed as the from address. |
|
markcart Premium Member join:2003-04-24 Columbus, OH |
markcart
Premium Member
2007-Mar-2 11:11 pm
Thanks for your comments. So this is a common occurrence? This is my first experience with it, so I kind of got nervous. I was thinking that my domain would be banned or put on some blacklist since a bunch of "different-usernames@mydomain.com" were being used as the "From" address in SPAM mail.
I guess since mydomain.com resolves to a different IP address than the spammers sent the messages from then I have nothing to worry about. Properly prepared abuse complaints would be sent to the origination IP not the domain name owner? |
|
Netgear R6400 Switches Trash Bin Apple AirPort Extreme (2011)
1 recommendation |
to markcart
said by markcart:Any links or good search phrases where I can learn? Yep. It's known as a joe job. |
|
markcart Premium Member join:2003-04-24 Columbus, OH |
markcart
Premium Member
2007-Mar-2 11:46 pm
Thanks, that was informative. The best I can tell from what is being returned in the delivery failure messages is the SPAM being sent out is the typical random words in the message body along with a .gif image that contains the real advertisement. I've seen one for a "hot stock pick". |
|
nixenRockin' the Boxen Premium Member join:2002-10-04 Alexandria, VA
1 recommendation |
to markcart
said by markcart:Thanks for your comments. So this is a common occurrence? This is my first experience with it, so I kind of got nervous. I was thinking that my domain would be banned or put on some blacklist since a bunch of "different-usernames@mydomain.com" were being used as the "From" address in SPAM mail. I guess since mydomain.com resolves to a different IP address than the spammers sent the messages from then I have nothing to worry about. Properly prepared abuse complaints would be sent to the origination IP not the domain name owner? Competent mail admins won't ban a domain because of forged Froms. You can, however, help admins at other sites by using things like SPF or DomainKeys on your domain. -tom |
|
sporkmedrop the crantini and move it, sister MVM join:2000-07-01 Morristown, NJ |
to GeekNJ
said by GeekNJ:I removed my catch all because of this. I'd have hundreds of spam per day - direct and "undeliverable" replies. Catch-alls are so '90's. Personally I think anyone that uses them is something of a masochist. |
|
|
to markcart
I bet they are just using your domain as the reply-to email and not the email they are sending the spam from. |
|
1 edit |
to markcart
Had that happen to me mid-2006. I just deleted the catch-all forward and ignored the errors. Until I did that I was averaging 200 or more of them a day. They were all random character names so they were impossible to filter out. It's just part of life on the 'net... |
|
MxxCon join:1999-11-19 Brooklyn, NY ARRIS TM822 Actiontec MI424WR Rev. I
|
to markcart
said by nixen:You can, however, help admins at other sites by using things like SPF or DomainKeys on your domain. indeed. it will reduce amount of bounce messages with faked "FROM:" header. |
|
markcart Premium Member join:2003-04-24 Columbus, OH |
markcart
Premium Member
2007-Mar-3 10:42 am
Thanks everyone, I truly appreciate your comments and pointers. Now I completely understand what has happened. I will be implementing SPF very soon. Have a good weekend! |
|
craig70130 Premium Member join:2004-04-27 New Orleans, LA |
Funny topic as I'm right now removing the last catchall from the domains I manage. Had 30+ domains, many with 50+ email addresses. What a pain but worth it. |
|