Someone Spoofed my Email Address

I have a user on my exchange server whose e-mail address is being spoofed.  All we receive back are bounced e-mails that can't be delivered.  What can I do to stop this?
drstedimAsked:
Who is Participating?
 
war1Commented:
Greetings, drstedim !

You can change the user email address, and then blocked the old address from being delivered.

If you cannot change the user email address, then you have to wait out the spam attack.  How many bounced email are you using?  Usually spam attack ends within 3 days to a week.

Best wishes!
0
 
Irwin SantosComputer Integration SpecialistCommented:
what's the exact NDR message?
0
 
drstedimAuthor Commented:
This has been going on for about 2 weeks.  The user is getting about 60,000 emails a day all stating that the recipient isn't valid or the spam filter has blocked the e-mail ... or something along those lines.  Emails are coming from 1000's of servers in many different languages.  The user is in Sales and doesn't want to "lose business" due to an email address change; although, I'd imagine 60,000 e-mails a day isn't helping his cause much either.  Here are some examples of message that are coming through:
****** Message from InterScan Messaging Security Suite ******


Sent <<< RCPT TO:<ljqv@yamaha.com>
Received >>> 550 no such recipient

Unable to deliver message to <ljqv@yamaha.com>.

************************     End of message     **********************
Example 2:
Your message to: rabonifas@eganco.com, rah@eganco.com
was blocked by our Spam Firewall. The email you sent with the following subject has NOT BEEN DELIVERED:

Subject: Re:
Example 3 (this one seems to have some useful info, but I don't know what to do with it):
    **********************************************
    **      THIS IS A WARNING MESSAGE ONLY      **
    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
    **********************************************

The original message was received at Wed, 24 May 2006 23:01:41 +0200 (CEST)
from 81-203-11-84.user.ono.com [81.203.11.84]

   ----- Transcript of session follows -----
<norman@palantir.informatik.uni-mannheim.de>... Deferred: Connection refused by palantir.informatik.uni-mannheim.de.
Warning: message still undelivered after 2 hours
Will keep trying until message is 3 days old
Example 4:
****** Message from InterScan E-Mail VirusWall NT ******

Sent >>> RCPT TO: <r@eurobankpr.com>
Received <<< 550 unknown user <r@eurobankpr.com>

Could not deliver mail to this user.
r@eurobankpr.com
*****************     End of message     ***************
Example 5:
We have received the message sent to email address:

rad4rdgirresourcesafriendship@reply.mb00.net

however, this address is not a valid subscription or removal address on
this system. Please check the address and try sending your message again.

Thank you.
 

I don't know if this helps at all, but thanks for looking!!!

0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
Irwin SantosComputer Integration SpecialistCommented:
looks like he got SPAM bombed.

The best way out is to get a NEW email address, rather than fight it, let it go, it will be unproductive.
0
 
war1Commented:
Spam attack will subside after awhile, if you want to continue using the address.
0
 
snerkelCommented:
I have the exact same problem with one of my domains and their is nothing you can do about it now.

Best advice for the future is to use email addresses that aren't likely to be generated by a bot.

Things like sales@  dave@  info@ are examples that are likely to get this sort of problem, instead setup accounts such as wiggetsales@     dave.theman@     wiggetinfo@

Educate staff not to use important email addresses for entering competitions, signing up to forums etc, instead get them to use yahoo or hotmail (in other words disposable) email addresses for such things. Reserve the important email address for clients, or printed adverts. Don't publish the email addresses on your web site where they can be easily harvested.

The spam is bad, the auto responses from spam filters and mail servers can actually cause more "spam" than the original spam. If only admins would turn off such features.

It is amazing so many people don't realise how easy spoofing sender email addresses is, they are quick to blame the return email address for the spam without finding out the facts, I have a number of emails complaining about "my" spam.
0
 
prashsaxCommented:
It looks like spam.

Can you post the header of the mails.

Header contains all the information about the origin of the mail and list of all the servers it had gone before being delivered.

We, receive many spams, where the senders domain is same as ours. This is very common practice by spammers to use recipents domain name in the senders address. If your antispam server is not configured properly then these mails can get inside, as senders address seems trusted.

Install a good antispam server, if you not have already.

Try Spamassassin with Amavis and Postfix. It runs on linux and its free.

0
 
wolfymikCommented:
You may want to try setting up Blocking lists if you are running an exchange server.  Check out the following links:

SBL allows you to connect to a database which lists verified spammer ip addresses.  You can then block anything from those addresses.
http://www.spamhaus.org/sbl/

XBL is another blocking list that should be used in tandem with SBL.  
http://www.spamhaus.org/xbl/

Another link is the CBL or composite blocking list, but you should not need this if you use XBL since XBL queries the CBL database.
http://cbl.abuseat.org/

Hope this helps deter any future spam issues and may also help curb your current issue.
0
 
BenReynoldsCommented:
My e-add has been on the web since 1994, so I have been spoofed often. If you're visible, there's not much you can do about it, beyond the measures outlines above.

I am, however, concerned that innocent people connected to me might get spam with a virus, etc from my spoofed e-add. For that reason, our whole organization tries to always put a unique identifier in the subject header, something spammers wouldn't ordinarily think to use that also shows we are connected to the organization.

Good luck to your sales person.
0
 
drstedimAuthor Commented:
He is biting the bullet and the e-mail address will be changed.  Thanks for all your help and advice!
0
 
Irwin SantosComputer Integration SpecialistCommented:
cool. thankyou!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.