[OT Re: SPAM Problem]

Louis LeBlanc FreeBSD at keyslapper.net
Sun Jul 24 14:20:56 GMT 2005 

On 07/23/05 05:11 PM, Greg Maruszeczka sat at the `puter and typed:
> Aaron Siegel wrote:
> > Hello
> > 
> > This message is off topic but I was not sure were else I can go to get help 
> > with my problem.  For the past week I have been receiving messages from 
> > various mail servers which have bounced messages I have not sent but have my 
> > email address as the originator of the bounced message. I believe there are 
> > some SPAMers using my email address on their SPAM. I would really like to 
> > avoid changing my domain name.  Has anyone experienced this problem? Is there 
> > something I can do?  
> > 
> 
> It's probably "blowback" resulting from the activities of worm-infected
> windows hosts. Someone you correspond with got infected and the worm
> subsequently propagated itself by picking your name from their address
> book and inserting it into the from: header of the message carrying the
> worm. Then, badly configured MTAs send "helpful" NDRs to the "sender"
> informing them that they're messages couldn't be delivered
> 
> Pretty routine, really.

Sorry I missed the OP, but this is something pretty much everyone sees
at one time or another.  I got to the point where I was receiving
around 200/day before I started seeing myself in Joe-Jobs.  Basically,
they want a shot at getting through those servers that simply require
a valid email address in the From: header.

I find it ridiculous that these mail servers simply bounce it to that
address rather than simply interpreting the headers and sending it
back to abuse/postman/admin at the originating relay.  This would certainly
bring it to the attention of the very few people with the ability to
stop the email coming.

In the meantime, I'm afraid there's not much you can do unless you
want to track that relay down yourself.  Even if you find it, most
times it's out of your reach (different country, etc).  And if you do
find it and it's coming from the next town over, it's not like the
authories will want to convict anyone of identity theft - they still
tend to go for the low hanging fruit, so best case scenario is you can
get the ISP to shut them down until they find another provider.  Maybe
(big maybe) the ISP will sue them, but you don't get anything for your
effort but the satisfaction that they got burned.

I eventually shut down the domain I was getting so much spam at.  I
recently turned it back on after 6 months of downtime and immediately
started getting over 40/day.  Looks like some spammers never pare down
the lists they sell.  The only thing you can really do is install spam
filters (like ports/mail/p5-Mail-SpamAssassin) so you don't have to
look at it.  Just make sure your address isn't whitelisted.

Lou
-- 
Louis LeBlanc                          FreeBSD-at-keyslapper-DOT-net
Fully Funded Hobbyist,                   KeySlapper Extrordinaire :)
Please send off-list email to:         leblanc at keyslapper d.t net
Key fingerprint = C5E7 4762 F071 CE3B ED51  4FB8 AF85 A2FE 80C8 D9A2

I do desire we may be better strangers.
    -- William Shakespeare, "As You Like It"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050724/51c00540/attachment.bin

More information about the freebsd-questions mailing list