Someone may be maliciously using my domain name

ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

<< < (3/3)

Stoic Joker:
Recently I have been getting returned mail delivery errors stating that "somerandomname(at)mydomainnamehere(dot)com" could not be delivered, because the recipient doesn't exist. -nite_monkey (June 29, 2012, 12:44 PM)
--- End quote ---

Critical point that appears to be getting missed here is a little something called NDR (Non Delivery Report) Spam. The point of which is two fold. Back before Mail Admins made a practice of throttling back on the events that warranted an NDR. Malicious types would send mail to a server that was intentionally addressed wrong, just to force the mail server to crash itself with a flood of (self generated) NDRs.

On the flip side, the practice is still used to bypass (server level) spam filters by tricking the server into delivering the mail to the target by way of a delivery failure notice. e.g. the phony from address (you) is actually the intended target...the to address is intentionally invalid which forces the server to "return" it to the (now intended) target.

This is why I severely limit the NDR reports that are allowed by our mail server.

One thing to try is to send an Email to an invalid address to see what your mail servers NDRs are supposed to look like. As it's entirely possible (they won't match) that the mail is getting (bank shotted) bounced a few times before it gets to you.

nite_monkey:
One thing to try is to send an Email to an invalid address to see what your mail servers NDRs are supposed to look like. As it's entirely possible (they won't match) that the mail is getting (bank shotted) bounced a few times before it gets to you.
-Stoic Joker (July 01, 2012, 09:01 AM)
--- End quote ---
I use google apps for my mail server.

I think I will setup a spf record for my domain name. Hopefully that will help a little in some way.

edit:well it appears I already have an spf record setup. (I don't manage the dns for my domain, someone else does. They may have set it up.)
I also decided that I will just disable my catchall setting on my google apps account, and actually create email aliases instead of using the catchall as an alias.

Navigation

[0] Message Index

[*] Previous page

Go to full version