Spam from my Domain


#1

Hi all,

I think someone is using my domain to send spam mail. I have set up a google alert to see all the links to my site - and I got this…
http://groups.google.com/group/nl.internet.misbruik.spam-signalering/browse_thread/thread/9ad1a47e0d21a4c5

Its a spam mail someone posted on a newsgroup. What worries me is this line…
Received: from localhost (localhost.localdomain [127.0.0.1])
by host53010165.openjs.com (8.13.1/8.13.1) with SMTP id DRQxMQOz21.926669.iGc.xHp.0028653829786
for ; Sun, 27 Apr 2008 12:49:53 -0100

openjs.com is my domain and is managed by dreamhost. I don’t have any scripts to send email on that domain - so I don’t think the spam is created using header injection in contact forms.

There is only one mail address configured for this domain - and its not ‘EsmeraldairredentistMau(something)@openjs.com

How can I prevent this spamming?

Binny V A


#2

What I find odd in the headers is that there’s no IP address tied to the openjs host, and the hostname in openjs doesn’t even exist.

My first suspicion is that the hostname is forged. Even the spam report submission appears not to suspect your domain, as neither openjs or DreamHost in the list of recipients of the spam report.

-Scott