johndgregory
asked on
spam sent from my spoofed domain not my server
I have a 'private' domain name, i.e. only my family uses it. Call it mydomain.ca for discussion. I use a relatively well established ISP that hosts my web site with the domain name, and I use the domain registrar's service to route e-mails that use the domain name to the appropriate address at the ISP.There are 5 legitimate mailboxes. For the past week, someone has been sending spam using mydomain.ca - with nonsense addresses like xfqw@mydomain.ca. I get in my mailbox any mail to any address @mydomain.ca, except those properly addressed to other family members, so I am getting a score of NDRs a day (which I delete, of course.)
I have read a few other questions on this - several had no solution, one had a now-dead link, and one just suggested turning off the NDR function on Exchange so mydomain.ca would not be floated temptingly in front of spammers to use. None of these actually prevents or stops what is happening. I use Eudora for mail, but since my system is not sending it, that does not seem relevant.
I presume this is inevitable - the ISP service dept thought so - and I should just wait till the spammer moves on ....but just in case: any suggestions? I share the fear of an earlier questioner that legitimate mail from me and my family will be blacklisted.
thanks
JDG
I have read a few other questions on this - several had no solution, one had a now-dead link, and one just suggested turning off the NDR function on Exchange so mydomain.ca would not be floated temptingly in front of spammers to use. None of these actually prevents or stops what is happening. I use Eudora for mail, but since my system is not sending it, that does not seem relevant.
I presume this is inevitable - the ISP service dept thought so - and I should just wait till the spammer moves on ....but just in case: any suggestions? I share the fear of an earlier questioner that legitimate mail from me and my family will be blacklisted.
thanks
JDG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you, r-k. The tutorial on headers and mail protocol is wonderful. Unfortunately there does not seem to be any common element in the (apparently) originating received from: lines, either names or IP addresses.
I trust that the spam is not going through my computer in any way (except that it bounces back to it...) Mydomain.ca is not a server, it is merely an address known to my ISP and my domain registrar. So I am not relaying, and the spammer is not naming my actual ISP anywhere that I can see.
JDG
I trust that the spam is not going through my computer in any way (except that it bounces back to it...) Mydomain.ca is not a server, it is merely an address known to my ISP and my domain registrar. So I am not relaying, and the spammer is not naming my actual ISP anywhere that I can see.
JDG
I see these all the time. Spoofed domain and e-mail addresses are generated from zombie computer all over the internet blasting million of generated e-mail addresses.
The only thing you can do is turn off receiving of non-valid recipient addresses or have all the NDRs (and other junk mail) to go one address and set to auto-delete.
To address this issue there are a few new technologies such as Sender Policy Framework & Microsoft’s Sender ID and MARID, however there is no universal standard as of yet.
The only thing you can do is turn off receiving of non-valid recipient addresses or have all the NDRs (and other junk mail) to go one address and set to auto-delete.
To address this issue there are a few new technologies such as Sender Policy Framework & Microsoft’s Sender ID and MARID, however there is no universal standard as of yet.
"I trust that the spam is not going through my computer in any way"
Yes, they are certainly not going through your computer or domain, only the bounces are coming to you. Sorry I forgot to follow up.
Yes, they are certainly not going through your computer or domain, only the bounces are coming to you. Sorry I forgot to follow up.
ASKER
Thanks - I think r-k summed it up. Thanks as well to JexPam for the policy references. I know a bit about the policy attempts, but it's a pain when it hits my computer... In fact I do have all non-specified mail going to one box - but it's mine (rather than my wife's or kids') so I see what's up if there are other mistakes from real senders. The volume of NDRs is manageable for the moment.
JDG
JDG
Thank you and good luck.
Nothing much can be done to stop Spam and sppodef spamm mails