Major Problem! Need help immediately!

[thetzfreak]

Alright here is the problem. My friend owns a domain name that has e-mail forwarding. Basically, anything sent to [email protected] will go to [email protected]. So, here is the problem: It seems that people have "hijacked" his domain name and are sending a HUGE amount of spam using his domain name! They create a name, doesn't matter what it is [email protected] and is sent to dozens of people a day. And because of invalid e-mails or other reasons, they are either getting bounced back are are sending e-mails saying: you are sending spam! But, the thing is, these e-mail aren't comming to the spammer, but to my friend! He is getting 20-30 e-mails a day, and since this just started a week ago, this number is sure to grow to 100s of e-mails a day.

My friend uses this e-mail address forwarding for everything, and does not want to disable it. But, because of these circumstances, it doesn't seem that he has much of a choice.

These stupid spammers! Don't they know it's illegal???

If anyone can help me out and tell me what to do in this situation, I'll be forever grateful.

Thanks a LOT,
Ephi

 

[dabb]

It has happened to me several times. There is nothing you can do except to add a filter on your server or email client to toss out any email addresses that you don't expect to receive email to on your catch all.

 

[thetzfreak]

He already uses MailWasher Pro right now, but he still has to take the time to go through the e-mails marking off which one is spam. This takes time every day, and he just doesn't have the time for that. Maybe there is another solution?

Thanks.

 

[kjmz]

Tell him to report it. If you can find the IP Address that it's getting sent by you can get his ISP and report him. I would try and do this since there is no other way.

 

[thetzfreak]

Well, I don't think there is a way to find out the spammers IP address, because my friend is receiving sent-back e-mails, not e-mails directly from the spammer. All of the e-mails are bounce backs, so I do not think there is a way to get his IP.

Thanks for your time.

Also, the reason he doesn't want to turn off email forwarding is because he uses it for EVERYthing; bank accounts, hosting, basically everything to sign up with on the internet.

 

[kjmz]

Well, I don't think there is a way to find out the spammers IP address, because my friend is receiving sent-back e-mails, not e-mails directly from the spammer. All of the e-mails are bounce backs, so I do not think there is a way to get his IP.

Thanks for your time.

Also, the reason he doesn't want to turn off email forwarding is because he uses it for EVERYthing; bank accounts, hosting, basically everything to sign up with on the internet.

Then tell your friend to email one of the people he got a bounce back from and ask them to give him a IP Address. I'm pretty sure someone would do it to stop them from getting SPAM.

 

[thetzfreak]

Then tell your friend to email one of the people he got a bounce back from and ask them to give him a IP Address. I'm pretty sure someone would do it to stop them from getting SPAM.

That's a good idea! Thanks for that. But even if he reports these to the internet crime site or such place, do you really think they are going to help? I mean, they're getting probably thousands of these reports a day! What are the chances that they are going to help him?

 

[kjmz]

That's a good idea! Thanks for that. But even if he reports these to the internet crime site or such place, do you really think they are going to help? I mean, they're getting probably thousands of these reports a day! What are the chances that they are going to help him?

If you report it straight to the ISP, they could easily warn them or shut their account down. I know many stories where it worked. ISP's don't like SPAMMERS at all. I would do it if I were him, it's one of the only things to do.

 

[thetzfreak]

If you report it straight to the ISP, they could easily warn them or shut their account down. I know many stories where it worked. ISP's don't like SPAMMERS at all. I would do it if I were him, it's one of the only things to do.

Who's ISP to report it to?

 

[dabb]

The spammer is most likely using hundreds of open relays to send the spam. When this happened, I also made filters to auto-trash anything with "Failure Notice", "Mail Delivery System", "Mail Administrator", "Delivery Notification", etc in the body or subject to junk all of the undeliverable notifications. Hopefully after a few weeks when the jerk stops, you can then disable these filters.

 

[inspiration100]

the guy that is spamming you, his ISP. Should be able to find out who is ISP is via the IP address. You can do so with a tool such as http://www.analysespider.com/ip2country/lookup.html. Remember he may be using a fake IP.

 

[RJ]

Sounds like email spoofing and there's not much you can do about it.

The ISP you want to report it to is the one that the email is originating from. You can use spamcop.net to report it. Just be careful you don't end up reporting your own domain name.

A past thread with similar issue,
http://namepros.com/showthread.php?t=84275

 

[kjmz]

Who's ISP to report it to?

You would have to lookup the IP through a site. There IP searches aren't that hard to find, I even think there is one in cPanel. You can usually get the ISP from the information the IP search gives you.

If you want you can give me the IP and I'll try to find out.

 

[dabb]

Even if you manage to find an IP, it's probably one in Russia, Korea, China, or some other country who's ISP could give a crap.

 

[kjmz]

Even if you manage to find an IP, it's probably one in Russia, Korea, China, or some other country who's ISP could give a crap.

It's better to give it a chance, then just leaving it and getting tons of SPAM.

 

[thetzfreak]

Well, my friend did his research with spamcop.net, and he said that after reading the explanations, it won't help him. He read the explanations and stuff at spamcop, and it they said that they need the headers of the spam e-mails. Well, he doesn't have them; he has the e-mails from the original victims who received the spam in the first place.

So, basically spamcop is not going to work. I guess what is left to do now is to request the ip address from the victims.

Thanks for you help, guys.

 

[kjmz]

Well, my friend did his research with spamcop.net, and he said that after reading the explanations, it won't help him. He read the explanations and stuff at spamcop, and it they said that they need the headers of the spam e-mails. Well, he doesn't have them; he has the e-mails from the original victims who received the spam in the first place.

So, basically spamcop is not going to work. I guess what is left to do now is to request the ip address from the victims.

Thanks for you help, guys.

You could also just request the whole email from the victims and then send that to spamcop.net

 

[dewd]

this happens to me all the time with my 3letter domains,.........i like spam, gives me something to read, when noone else emails me

 

[thetzfreak]

You could also just request the whole email from the victims and then send that to spamcop.net

Hehe, alright. Well, he's gonna try to do that (ask them for either the person's IP or the message itself) but there is also another problem. Most of the e-mails bounce backs that he's getting is from automated messages from other spam blockers. So, if he sends them the e-mail, they're not gonna have any idea what he's talking about lol. Plus, people don't know how to find out IP addresses from e-mail messages.

But it's fine At least ONE person should be real, and not an automated spam blocker

 

[jberryhill]

If anyone can help me out and tell me what to do in this situation, I'll be forever grateful.

Help you? Sure.

Find a different friend.

But, seriously, poorly-arranged email relay systems get abused. It's a jungle out there, and those spammers are hidden behind multiple proxies and other relays to the extent that even when you do finally come up with an IP address in North Whazatistan, what do you think you are going to accomplish with that information?

As an intermediate measure, your friend might consider limiting his relay to accept only email originating from an IP address or block that your friend uses to connect to the internet. Yes, I know this is not a complete solution, but, hey, whaddya want for free.

As also noted above, it's not clear whether someone is actually using your friend's poorly-conceived blackhole-bait of a relay, or simply spoofing your friend's domain in forged email sent via another mechanism.