Re: [OT Re: SPAM Problem]

From: Louis LeBlanc (
Date: 07/24/05

  • Next message: Louis LeBlanc: "Re: undelete in FreeBSD?"
    Date: Sun, 24 Jul 2005 10:20:49 -0400

    On 07/23/05 05:11 PM, Greg Maruszeczka sat at the `puter and typed:
    > Aaron Siegel wrote:
    > > Hello
    > >
    > > This message is off topic but I was not sure were else I can go to get help
    > > with my problem. For the past week I have been receiving messages from
    > > various mail servers which have bounced messages I have not sent but have my
    > > email address as the originator of the bounced message. I believe there are
    > > some SPAMers using my email address on their SPAM. I would really like to
    > > avoid changing my domain name. Has anyone experienced this problem? Is there
    > > something I can do?
    > >
    > It's probably "blowback" resulting from the activities of worm-infected
    > windows hosts. Someone you correspond with got infected and the worm
    > subsequently propagated itself by picking your name from their address
    > book and inserting it into the from: header of the message carrying the
    > worm. Then, badly configured MTAs send "helpful" NDRs to the "sender"
    > informing them that they're messages couldn't be delivered
    > Pretty routine, really.

    Sorry I missed the OP, but this is something pretty much everyone sees
    at one time or another. I got to the point where I was receiving
    around 200/day before I started seeing myself in Joe-Jobs. Basically,
    they want a shot at getting through those servers that simply require
    a valid email address in the From: header.

    I find it ridiculous that these mail servers simply bounce it to that
    address rather than simply interpreting the headers and sending it
    back to abuse/postman/admin at the originating relay. This would certainly
    bring it to the attention of the very few people with the ability to
    stop the email coming.

    In the meantime, I'm afraid there's not much you can do unless you
    want to track that relay down yourself. Even if you find it, most
    times it's out of your reach (different country, etc). And if you do
    find it and it's coming from the next town over, it's not like the
    authories will want to convict anyone of identity theft - they still
    tend to go for the low hanging fruit, so best case scenario is you can
    get the ISP to shut them down until they find another provider. Maybe
    (big maybe) the ISP will sue them, but you don't get anything for your
    effort but the satisfaction that they got burned.

    I eventually shut down the domain I was getting so much spam at. I
    recently turned it back on after 6 months of downtime and immediately
    started getting over 40/day. Looks like some spammers never pare down
    the lists they sell. The only thing you can really do is install spam
    filters (like ports/mail/p5-Mail-SpamAssassin) so you don't have to
    look at it. Just make sure your address isn't whitelisted.


    Louis LeBlanc                          FreeBSD-at-keyslapper-DOT-net
    Fully Funded Hobbyist,                   KeySlapper Extrordinaire :)
    Please send off-list email to:         leblanc at keyslapper d.t net
    Key fingerprint = C5E7 4762 F071 CE3B ED51  4FB8 AF85 A2FE 80C8 D9A2
    I do desire we may be better strangers.
        -- William Shakespeare, "As You Like It"

  • Next message: Louis LeBlanc: "Re: undelete in FreeBSD?"