[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

spam sent from my spoofed domain not my server

Posted on 2006-05-04
7
Medium Priority
?
334 Views
Last Modified: 2010-04-11
I have a 'private' domain name, i.e. only my family uses it.  Call it mydomain.ca for discussion.  I use a relatively well established ISP that hosts my web site with the domain name, and I use the domain registrar's service to route e-mails that use the domain name to the appropriate address at the ISP.There are 5 legitimate mailboxes.  For the past week, someone has been sending spam using mydomain.ca - with nonsense addresses like xfqw@mydomain.ca.   I get in my mailbox any mail to any address @mydomain.ca, except those properly addressed to other family members, so I am getting a score of NDRs a day (which I delete, of course.)

I have read a few other questions on this - several had no solution, one had a now-dead link, and one just suggested turning off the NDR function on Exchange so mydomain.ca would not be floated temptingly in front of spammers to use.  None of these actually prevents or stops what is happening.  I use Eudora for mail, but since my system is not sending it, that does not seem relevant.

I presume this is inevitable - the ISP service dept thought so - and I should just wait till the spammer moves on ....but just in case: any suggestions?  I share the fear of an earlier questioner that legitimate mail from me and my family will be blacklisted.  

thanks

 JDG
0
Comment
Question by:johndgregory
7 Comments
 
LVL 1

Expert Comment

by:ashbury
ID: 16612075

Nothing much can be done to stop Spam and sppodef spamm mails
0
 
LVL 32

Accepted Solution

by:
r-k earned 1000 total points
ID: 16612295
Yes, I agree that this mail is originating from outside your network, so there is little you can do about it. I think the danger of your domain being blacklisted because of this are slim, however, so I would not worry on that account.

If you do want to do something, you can try tracking down where the original mails are originating. You may find they are all originating from just one or two IPs (presumably infected PC's). In that case you can track down the ISP responsible for those IPs (using ARIN e.g. http://www.arin.net/) and send a note to their abuse address. If you're lucky they will notify or shutdown the offending PC. It's a bit of a long shot, but may be all you can do.

To track the originating IP, you will have to examine the full headers included with several of the NDRs. You may find this link useful: http://www.stopspam.org/email/headers.html

Keep in mind in some cases the headers may be forged.

Good luck.
0
 

Author Comment

by:johndgregory
ID: 16619515
Thank you, r-k.  The tutorial on headers and mail protocol is wonderful.  Unfortunately there does not seem to be any common element in the (apparently) originating received from: lines, either names or IP addresses.

I trust that the spam is not going through my computer in any way (except that it bounces back to it...)  Mydomain.ca is not a server, it is merely an address known to my ISP and my domain registrar. So I am not relaying, and the spammer is not naming my actual ISP anywhere that I can see.

JDG
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Expert Comment

by:JexPam
ID: 16633291
I see these all the time. Spoofed domain and e-mail addresses are generated from zombie computer all over the internet blasting million of generated e-mail addresses.

The only thing you can do is turn off receiving of non-valid recipient addresses or have all the NDRs (and other junk mail) to go one address and set to auto-delete.

To address this issue there are a few new technologies such as Sender Policy Framework & Microsoft’s Sender ID and MARID, however there is no universal standard as of yet.
0
 
LVL 32

Expert Comment

by:r-k
ID: 16633343
"I trust that the spam is not going through my computer in any way"

Yes, they are certainly not going through your computer or domain, only the bounces are coming to you. Sorry I forgot to follow up.
0
 

Author Comment

by:johndgregory
ID: 16638529
Thanks - I think r-k summed it up.  Thanks as well to JexPam for the policy references. I know a bit about the policy attempts, but it's a pain when it hits my computer...  In fact I do have all non-specified mail going to one box - but it's mine (rather than my wife's or kids') so I see what's up if there are other mistakes from real senders. The volume of NDRs is manageable for the moment.

JDG
0
 
LVL 32

Expert Comment

by:r-k
ID: 16643600
Thank you and good luck.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Experts Exchange expands question security options for members.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question