E-mail Relay/Spoofing?


#1

I have had my domain “spoofed” in the past but nothing like what has just happened. I did report this problem to Tech Support, but I never heard anything about it yet as they have over 500 issues they are currently working on.

Here is what happened today! I received over 500 e-mail messages that had Undeliverable type of messages. I think someone is using my domain to relay spam! They have used an e-mail address that I don’t have! It was something like Hey17@mydomain.com. How do I stop this? My domain is probably on some sort of “spam” list somewhere now…:frowning: How do I check and change that too?

Please help!


#2

I’m not one with real answers to this, but I don’t know that you can change it. I’ve gotten spoofed spam from well-known domain names before, and when I contacted the owners of those domains, they tell me there’s nothing they can do. Hopefully, someone here will say I’m wrong and have a real answer (I’m interested, too).

I don’t know if this would affect it, but do you have a catch-all address set up for your domain? If so, you shouldn’t. When setting up addresses, it tells you that a catch-all address may cause you to receive all kinds of spam.

Jen
http://www.SassyDevil.com/


#3

Yes, I do have a catch all address. I will remove that NOW. Thank you for the information! I will continue to watch this post and see if anyone has any other suggestions.


#4

It depends upon how high up the the chain the spoofing starts; some spammers will have a few layers of impersonated domains, and in some cases will have forged headers as well; the only header you can really trust are those that are delivered from your dreamhost server (…which means I’m pretty sure DH sendmail verifies IP/domain before accepting mail and won’t relay without local authentication).

But that doesn’t stop lots of irresponsible service providers (aka “bullet-proof hosters”) from telling you “Oh, there’s nothing we can do about it…”. About all you can do at that point is get your own server and set its firewall to drop packets for anything in that WHP’s assigned IP range to the proverbial bit-bucket. Personally, I have days where I track it to an American source and dream of dressing-up in a postal worker’s uniform, loading a magazine into a 10 ga. pump-action and paying a nice li’l visit to the aforementioned spammer, but that daydream has not yet manifested itself in reality.


#5

Hmmm…so I guess there is nothing I can do to stop this short of getting my own e-mail server? That’s sad!

Now my daydreams are beginning…:slight_smile:


#6

I thought I would follow up on this post. I received an e-mail from tech support today and they are saying there is nothing I can do to stop this “relay” situation. All I can do is use the mail filter to not receive any of the bounced mail. There just seems to be something wrong with that answer…but ok…if that’s what they say. I would be afraid to filter out all bounced mail just in case it is something I need to know about!

Thanks to both of you who replied to my question in here on this issue. It was nice to know I wasn’t alone…:slight_smile:


#7

they are saying there is nothing I can do to stop this “relay” situation. […] There just seems to be something wrong with that answer

They’re right. There is no way to prevent someone sending mail with your address or domain as the From: address.

FYI, it’s not “relaying”. This term, in the context of spam, refers to something specific. This is not what’s happening here. This is simple forgery.


If you want useful replies, ask smart questions.


#8

I understand. It is just so frustrating! Just seems like there should be something that can be done to stop the “stealing” of your domain name to spam! I think my domain just might be on a list as a “spammer” now. Oh well, nothing I can do about it.

Thanks for the reply!


#9

I think my domain just might be on a list as a “spammer” now.

Don’t worry about this. No one but the most clueless mail administrators would blacklist a domain name from a From: header rather than the mail server the mail was delivered through. This kind of forgery is extremely common and blacklisting every domain that has been forged this way would result in the loss of huge amounts of legitimate mail.


If you want useful replies, ask smart questions.


#10

That is a good point! Thanks again for the information!