Spam with your domain names

[ilcesco]

This is not a real scam but it's something I noticed today in my mailbox that annoyed me quite a bit.
I am the founder and owner of a website, wich obviously have its own domain name. let's call it "domain.com" (obviously the real name is another one).

well, in the last few days i've received tons of "Undelivered Mail Returned to Sender" style emails for messages that i've never wrote, sent out with fake email adresses like [email protected]

I don't really know why somebody is using my domain name in the "from:" caption when sending out spam (it seems mostly mortgage and loans spam), but it's really annoying, because the thousands of people receiving those messages might think that I am actually sending out those messages.

Why are they doing that? is it because my website is quite "reliable" and the spam can bypass the filters? Is it a competitors attempt of disturbing?
How can I stop them?

 

[AussieDomainer]

Hi

I have found that this style of spam is becoming more and more popular. I don't believe anyone else will be receiving spam emails with your domain as the sender as their email address will be the sender for them. Eg:

They send a domain to [email protected] from [email protected] (or a similar email).
They will then send an email to [email protected] from [email protected] (or a similar email).

In other words they make it look like it is from your email addresses so that you will more than likely take notice of it. I could be wrong about what you are receiving but this has generally been the case in my experience and others that I have talked to. I hope this has helped in some way.

Regards
David

 

[Keral_Patel]

Same thing happened to 3 mortgage site of my client. And he was shouting at me. Bcoz only he and me had the access to the server. He said he didn't send out any emails and I knew that I also didn't.

From 3 months, this thing had been turning over and over in my mind. But after reading this thread now I am clear what the scenario is.

 

[Peter]

it is not uncommon for people to send out spam from [email protected] to a whole bunch of people. to most people it looks like the mail came from you instead of the spammer.

 

[ilcesco]

The problem is that the "from to:" field of the emails is easily editable. Everybody can, for istance, send out an email from "[email protected]" to anyone else.

I know that nowadays its quite popular among the spammers to send emails from [email protected] to [email protected], to attract your attention.

But this is not my case.

Here there's people who send real emails with my address to thousand and thousand of people, and part of them, for some reason, get back to me because refused by some spam filter or just because the receiving email address does not exist anymore.


The only active address on my domain is "[email protected]".
This is what i get in my mailbox, every time with different addresses:

From: Mail Delivery System <[email protected]>
To: [email protected]
Date: Sep 1, 2006 1:55 AM
Subject: Undelivered Mail Returned to Sender
Reply | Reply to all | Forward | Print | Add sender to Contacts list | Delete this message | Report phishing | Show original | Message text garbled?
This is the Postfix program at host venture-1.com.

I'm sorry to have to inform you that your message could not be
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The Postfix program

<[email protected]> (expanded from <[email protected]>): cannot access
mailbox /var/mail/jjtan for user jjtan. error writing message: File too
large


Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822; [email protected]
Action: failed
Status: 4.0.0
Diagnostic-Code: X-Postfix; cannot access mailbox /var/mail/jjtan for user
jjtan. error writing message: File too large



---------- Forwarded message ----------
From: "Dennis Carter" <[email protected]>
To: [email protected]
Date: Sat, 26 Aug 2006 23:49:19 +0000 (UTC)
Subject: Re: notice
Hello,

You have been chosen to participate in an invitation only limited time event!
Are you currently paying too much for your mortgage? STOP! We can help you lower that today!
Answer only a few questions and we can give you an approval in under 30 seconds it is that simple!

http://www.growthapartforus.com/

And stop fighting for lenders let them fight for you! Make them work for your business by giving you the lowest rates around!
Two hundred and thirty thousand dollar loans are available for only three hundred and forty dollars/month! WE ARE PRACTICALLY GIVING AWAY MONEY!

http://www.growthapartforus.com/

Think your credit is too bad to get a deal like this? THINK AGAIN! We will have you saving your money in no time!
Are you ready to save your money?

http://www.growthapartforus.com/

Regards,
Thomas Mitchell

(i've changed the real domain name with MYDOMAIN.com)
As you can see "Dennis Carter" <[email protected]> is a randomly generated sender name and adress, and it's always different in any email i'm getting.

 

[verbster]

The same thing has been happening to me. Posted it in the DNOA section, but should have put it here. Exact same situation.

Spent time looking up IP addresses and sending info to "abuse" addresses, but that only had limited success with these guys. Finally had my provider disable my email and enable it a day later. Seemed to help. I can't figure out what else to do to prevent or stop it.

 

[kev]

...i have had this problem aswell. sometimes up to 25 messages a day!

 

[dnb8]

I'm getting every day lots of emails like this to my "catch all " email account,
"mail returned (...)" and in from is ex. [email protected] or other address in my domain :D

 

[verbster]

Yeah, this stuff is getting out of hand. It's a business to the spoofers. They use a good domain name with e-mail for a while, and then move on to the next domain to exploit.

It's now a continuous thing with me and my sites....getting anywhere from 20 to 500 "returns" per day to my catch-all addresses. It's a real pisser, but so hard to prevent or control.

 

[drakewla]

I get some of these too.

One day someone even called and insulted me because someone forged one of my domain as From and sent spams...

There's a way to reduce it (but won't stop it) by setting up a SPF (sender policy frameword) record in the domain zone:

For example:
phear.org. 3600 IN TXT "v=spf1 ip4:83.243.10.10 a mx ?all"

Have a look at http://www.openspf.org/ for more details and a record generator

drakewla

 

[whitebark]

The spammer obviously has a domain linked in the email that they want people to go to - report that domain to their registrar and to their server host. That will put an end to it real quick - much faster than posting here.

 

[Peter]

the person who sends the spam is not necessarily the site owner. They may have paid someone (which is ussually the case) to promote their site. They are generally unaware that they are spamming to achieve it.

 

[Ronald Regging]

This used to be a problem a long time ago, where Sendmail had a flaw that would allow people to send email through your server without actually having an account. I'm not sure if this issue is still around today or not, but it may be something you want to look into, or ask your hosting provider if they can verify whether or not this is the case.