PDA

View Full Version : junk e-mailers using my web address


dgermann
February 15th, 2007, 07:28 PM
Hi--

What if anything can I do about this? Where is the best place to be asking?

"This" is a high volume of rejected mail I am getting using a random string of letters plus an @FootprintsintheWind.com. (That is my website. And I have not even figured out how to send e-mail from that address!) (I have it set so that I get forwarded to my main address all e-mail addressed to anything@my website.)

For instance, here is one I got this evening:

From: Mail Delivery Subsystem <MAILER-DAEMON@bilbo.inter.net.il>
To: qhmn@footprintsinthewind.com
Subject: Returned mail: User unknown
Date: Fri, 16 Feb 2007 02:16:20 +0200 (IST) (Thu, 19:16 EST)


So do I report it to my ipp? Is there anything I should be doing? Or just ignore it.

Thanks!

davidh
February 15th, 2007, 08:12 PM
Hi--

What if anything can I do about this? Where is the best place to be asking?

"This" is a high volume of rejected mail I am getting using a random string of letters plus an @FootprintsintheWind.com. (That is my website. And I have not even figured out how to send e-mail from that address!) (I have it set so that I get forwarded to my main address all e-mail addressed to anything@my website.)

For instance, here is one I got this evening:



So do I report it to my ipp? Is there anything I should be doing? Or just ignore it.

Thanks!

I would suggest configuring your hosting so that the "default" or "garbage collection" address be set to be the address of a non-existent (dummy) user, if possible. Then you can occasionally download (POP) the mail for that "dummy" user and do a mass delete, just making sure, if desired, that you read any non-spam that accidentally gets sent to that address. Of if allowed by your ISP you could have the "dummy" user's mail forwarded to a "private" "dummy" user address for subsequent weeding and deleting.

I have no idea if you have a proxy server (physically in your own office) and if it's related to this problem. However, in the office where I once worked the person who first set up the proxy server (WinProxy, I think, on NT 4) did it incorrectly so that anybody on the web could use various net services thru our company proxy. I'm assuming that this is probably not applicable in your case since I assume you are using some ISP to do your web hosting.

Obviously if your web hosting is set up wrong it could in worst case be wide open for bad guys to abuse your hosting. Good ISP's would hopefully have their systems set up to minimize such possibilities. There may be no problem on your ISP side at all, hard to tell. I think that once the bad guys discover a real existing mail server domain somewhere, it's not hard for them to send fake mail pretending that it's coming from your (that) mail server.

FYI, I think that if you support email thru your domain, you should somehow collect email addressed to "abuse" AND "postmaster" so that you can monitor whether anybody is sending valid (or invalid) complaints regarding your email domain.

In the case of one email domain that I own, I only have one account so everything gets dumped into one account, but the spam volume is low <fingers crossed>.

DH

Gary Maltzen
February 15th, 2007, 08:34 PM
"This" is a high volume of rejected mail I am getting using a random string of letters plus an @FootprintsintheWind.com. (That is my website. And I have not even figured out how to send e-mail from that address!) (I have it set so that I get forwarded to my main address all e-mail addressed to anything@my website.)
Some spammer is sending out messages forging your site as the Sender/Return address. Lucky you - the site he is attacking is "backscattering" the spam attack, i.e. accepting the message then returning it to the forged sender.

Or -- some spammer is attacking your site and YOU are receiving the bounces of all the undeliverable undeliverables.

The simplest solution is to NOT use a wildcard address but to formulate a specific and limited set of valid e-mail addresses in the domain.

Offer of help via Private Message...

dgermann
February 15th, 2007, 09:57 PM
I think Gary's solution might be most workable. Not sure why I need to collect everything.

But then what happens to this junk? Does it just collect on my server or does it get rejected as no such recipient?

I suspect all I need is a Doug@ and Subscribe@ and then to create others as I need them. Oh, and I can see why David would say to have Abuse@ and Postmaster@....

I do not have a proxy server in my physical location, just the box at my IPP's location, which may be in Texas or maybe Tennessee....

Based on David's suggestion about setting up the site correctly, I have also e-mailed my IPP to see if he has any ideas.

Good ideas, guys!

Gary Maltzen
February 15th, 2007, 11:14 PM
It would appear that endeavour.co.uk (Telewest Broadband) has a server with a backscatter problem.

junk1 was sent from "North Carolina Research and Education Network" through an endeavour.co.uk SMTP relay to a non-existent excite.com address then bounced back to the forged FPITW address.

junk2 was sent from "Naval Research Laboratory" through an endeavour.co.uk SMTP relay to a non-existent chartermi.net address then bounced back to the forged FPITW address.

I would send a copy of both to abuse-at-endeavour.co.uk

dgermann
February 16th, 2007, 06:45 PM
Gary--

Thanks for taking a look.

As you suggest I have sent these two to the uk address.

What does it mean that they have a backscatter problem?

Thanks, Gary!

Lindsey
February 16th, 2007, 10:53 PM
What does it mean that they have a backscatter problem?

You might want to take a look at this page (http://spamlinks.net/prevent-secure-backscatter.htm), especially this link (http://www.tuffmail.com/backscatter.php) from it.

--Lindsey

dgermann
February 17th, 2007, 11:46 AM
Lindsey--

Thanks. That helped me to understand it.

Lindsey
February 17th, 2007, 11:51 PM
Thanks. That helped me to understand it.
It's a nasty problem, no question about it. I hope it goes away for you very soon!

--Lindsey

dgermann
February 18th, 2007, 04:56 PM
Thanks, Lindsey.

Actually, the problem as I see it is easy if all we are talking about is backscatter. Hopefully the sites doing it will be responsible and fix the issue.

But isn't the larger problem the people forging or using my website as their e-mail address? (Is that the same thing?) Is there anything to be done with that? Or just learn to live with it? I don't like other people giving me a bad reputation....

Dan in Saint Louis
February 18th, 2007, 07:07 PM
But isn't the larger problem the people forging or using my website as their e-mail address? (Is that the same thing?) Is there anything to be done with that? Or just learn to live with it? I don't like other people giving me a bad reputation....As a partial solution one of my ISPs no longer forwards to some default address any email addressed to the domain but not to an existing account within the domain. In other words, mail to "zzzzz@landiss.com" now goes directly to the bit bucket, no forwarding, no response.

Gary Maltzen
February 19th, 2007, 02:45 PM
But isn't the larger problem the people forging or using my website as their e-mail address? (Is that the same thing?) Is there anything to be done with that?Sender Policy Framework (http://en.wikipedia.org/wiki/Sender_Policy_Framework) is an attempt to find a solution. The downside is restricting your freedom to send your own messages from arbitrary locations.

What's to stop someone from putting your home address as the return address on an envelope?

davidh
February 19th, 2007, 04:00 PM
What's to stop someone from putting your home address as the return address on an envelope?

If wonder if you could get a letter with no stamp or insufficient postage delivered that way if you dropped it in one of those big blue mail boxes? Maybe if the return address were the same zip code as the mailbox ? I.e. put the intended ("delivery") address as the return/from address and put a fake address as the "to" address.

Inquiring minds and devious persons want to know,

DH

Gary Maltzen
February 19th, 2007, 04:24 PM
If wonder if you could get a letter with no stamp or insufficient postage delivered that way if you dropped it in one of those big blue mail boxes? Doing that is called "mail fraud" and each offense carries a significant penalty.
http://www.law.cornell.edu/uscode/18/usc_sec_18_00001342----000-.html

davidh
February 19th, 2007, 04:49 PM
Doing that is called "mail fraud" and each offense carries a significant penalty.
http://www.law.cornell.edu/uscode/18/usc_sec_18_00001342----000-.html

That's what I figured. Even if it slipped thru, it would be delivered late.

I can remember putting stamps or coins in a little brown envelope to cover insufficient postage for letters delivered to our rural mailbox back in the late 50's or early 60's. I forget exactly when they stopped doing that.

I can remember the Shrine of Out Lady of the Immaculate Conception (I was more or less an infidel back then but still thought it was pretty cool in a way) in Bushnell's Basin was unlocked and lit up 24/7 until about the late 70's or early 80's when it was vandalized and then later sold and demolished to become a small business plaza.

Not all changes are progress.

BTW: IIRC, Cornell Law school used to be the distribution point or repository for the ancient "Cello" browser. But for the best eats, IMO, I thought the dairy store and cafeteria in the dairy building were the best on campus, at least back in the 60's.

DH

Lindsey
February 20th, 2007, 12:09 AM
I don't like other people giving me a bad reputation....
Well, that's part of what I meant when I said it was a nasty problem, but to tell you the truth, I doubt most people pay much attention to the source of what spam makes it through to their mailbox. I know I don't. But it's still distressing to have your e-mail address used that way. And no, there's really not anything that you can do about it.

Backscatter can be dealt with; it was a horrible problem once on my CompuServe mailbox, but there doesn't seem to be so much of it any more. Or maybe it doesn't get through, because the regular spam does such a good job of filling up the box. :mad:

--Lindsey

dgermann
February 21st, 2007, 12:25 PM
Dan, Gary, David and Lindsey--

Many thanks!

I have just this morning switched my isp to only forward to me mail addressed to doug@ abuse@ postmaster@ and a couple others, and then have set all others to just go to the ether.

Gary, it looks to me like if I want sender policy framework I need to ask my IPP to set it up. Am I reading that right?

Lindsey, all my junk e-mail comes through my CI$ account. I kinda suspected there was nothing I could do about it. As Gary said, I see nothing stopping people from using my home address for the return address on the junk mail they send.

Thanks to each of you!

Gary Maltzen
February 21st, 2007, 04:29 PM
Gary, it looks to me like if I want sender policy framework I need to ask my IPP to set it up. Am I reading that right?If you want to go that route, whomever manages the DNS records for your domain needs to add a TXT record with the SPF information. I would anticipate at least one round of ("oops, I forgot about...") correction.

Lindsey
February 21st, 2007, 10:47 PM
Lindsey, all my junk e-mail comes through my CI$ account. I kinda suspected there was nothing I could do about it.
Not much you can do to keep it from hitting your In Box in the first place, no. About the best you can do is to use an e-mail client that will allow you to set up rules to filter the junk out as it is downloaded so that you at least don't have to spend time deleting it.

--Lindsey

dgermann
February 24th, 2007, 12:38 PM
Thanks, Gary and Lindsey!

Gary Maltzen
February 24th, 2007, 11:33 PM
FWIW - you got me thinking about that and I added the first SPF record a colleague's domain (qutypublishing.com) currently under spam attack.$ host -t txt qutypublishing.com
qutypublishing.com descriptive text "v=spf1 mx ip4:216.185.196.124/30 ~all"