Main Area and Open Discussion > Living Room

Someone may be maliciously using my domain name

<< < (2/3) > >>

nite_monkey:
Guess I'm SOL then. Just one of the many perks of owning your own domain name. ;D

Edit: wow, I just checked my spam folder, and found 7 more... :o

SoldierByte:
Guess I'm SOL then. Just one of the many perks of owning your own domain name. ;D

Edit: wow, I just checked my spam folder, and found 7 more... :o
-nite_monkey (June 29, 2012, 01:12 PM)
--- End quote ---
Nite-Monkey,
What the others say is the sad truth..
about ten years ago I suffered the exact same thing on both
of my domains..
At times I was getting over 600 returned emails a day..!!
I was able to trace my culprit to Nigeria..
Everything I did failed..
After seven weeks I figured I'd risk trouble and
regain my sites or disband them..
A virus the offender received solved my frustrations..
I have now embed a small " present/gift " within everything
upon my domains so were a pic, gif, sentence, word, etc.
copied FROM said domains and then pasted,
the thief would be rather upset...
This DOES not stop automated scans and crawlers
( or humans ) that just choose domain names at random..
In that case I still have found no way to stop this issue as
most POP type accounts and their security work more
or less on an " honor code ' type of system..
I normally would have refrained from posting
since my coding seems to offend " some " here.....
But I wanted to at least give you some encouragement
that you are not alone, and problem IS a common one..
But what has happened to you will usually not last more
then a few months until " whomever ' moves on to the
next account/domain name....
Because they are NOT actually utilizing YOU account/servers/smpt
but in affect just using your name " pasted over " their real stuff.
So changing your account is null and in vain.
And the risk of having your domain (s) blacklisted is very real..
( one of mine WAS )
Wish I had a solution, but afraid I do not..
Be advised the creeps ALSO utilize private email too..
They will grab a valid ID like abc123  @ say example Yahoo/Google etc..
and use that too..
The problem IS frustrating, and ALL the governments are fully aware
of this issue....
My advice is stay strong, don't do anything crazy, and CONTINUALLY
monitor your email as you might find something in their to lead you
to the perpetrator..
If there is anything "good" about this...
Knowing you were NOT personally targeted,
but simply a random victim is about your only consolation ..
I wish you luck my friend..

Renegade:
It's called a "joe job".

But you aren't totally powerless...

I had the same problem, and found out through my trials that there's not really anyway to stop them.  They put bogus reply addresses (in many cases, they use an account on your server) so that they can get past some spam checks that don't use something akin to the Sender Policy Frameworkw check to make sure it's actually from that domain.  It can also get your domain blacklisted.  This was several years ago that I had this problem, so I'm not sure if something better has come along in the meantime.
-wraith808 (June 29, 2012, 12:52 PM)
--- End quote ---

808 is on the right track there. SPF can help you out.

Part of the benefit of SPF is that while you cannot stop someone from doing joe jobs, you *CAN* setup your DNS records with SPF to explicitly state which email servers are permitted to send mail for the domain.

That means that if you wanted to, you could list "mail.donationcoder.com" as a legitimate email sender for your domain, and mouser could then email on your behalf, or let you send email through his email server.

The net effect there is that when someone does a DNS lookup for the SPF record, they can verify that the domain name or IP address is legitimate for email, and then either allow a connection or deny the connection (or allow/disallow email).

This is very important, because it then makes it clear that joe jobs are spam, and that they should be rejected. It also lets people know that they shouldn't blacklist your domain because of a joe job, as you have already explicitly stated that the joe job email server is NOT legitimate.

So, SPF does give you a certain degree of power by letting you state who is and isn't a legitimate email sender. (You still can't stop the joe job, but you CAN say that it is spam.)

nite_monkey:
I've setup a gmail label in my account, so new whenever I see one of the return to sender emails, I just add it to the label so that later I can go back and examine it.

SeraphimLabs:
SPF records can help.

You can also note the IPs of the server that the mail originated from and contact the abuse address of that server to report that it is generating spam.

Although not always successful, in many cases spam is generated by abusive clients on web hosting services. Reporting the spam to the owner of the originating server can sometimes get the spam-generating site shut down, at least providing a break in the flood before they set up a replacement spam generator.

Navigation

[0] Message Index

[#] Next page

[*] Previous page