Avoiding Bouncing Spam

jæd · Oct 19, 2006

Hi,

Some little spammer has decided it would be nice to use a domain name I own to put as their "from: " address on their inane ramblings... I'm now getting hundreds of bounced messages back to me, often with "You message is spam" attached. Is there any way to deal with it, and any possible legal comeback people who have been spammed can hold me up for...?

Oh, and are there any ways of avoiding this in the future...?

Thanks...!

J

dennisr · Oct 19, 2006

jæd said:
Hi,

Some little spammer has decided it would be nice to use a domain name I own to put as their "from: " address on their inane ramblings... I'm now getting hundreds of bounced messages back to me, often with "You message is spam" attached. Is there any way to deal with it, and any possible legal comeback people who have been spammed can hold me up for...?

Oh, and are there any ways of avoiding this in the future...?

Thanks...!

J

I've had the same problem in the past - they tend to tail off after a while. From the hours of trying to find some way of dealing with it I am afraid there is not much you can do.

I had to redirect wrong 'front end' email names (using the url bit with a random string of letters at the front) from a regulerly used email address (as a default address) to a crappy yahoo address I just checked occasionaly to stop the flow of bounced email messages in one case. I'd recommend that at least to avoid the worst of the bounced returns

Boris Sprinkler · Oct 19, 2006

have a look at the headers of the spam. If you dont have these speak to the admins of the domains you are getting the responses from with a polite explanation. have a look at where he is sedning this from and speak to the abuse admin for whatever domain/server he is using. He is probably coming through an open relay somewhere. Inform them and they should stop it. It will take some time but eventually they will give up.

spudulike · Oct 20, 2006

dennisr said:
they tend to tail off after a while.

Agreed. I've had this happen a few times and it just went away. It's been happening for the past week so I've added more "DENY" expressions to my Linux mailfilter configs to delete these on the server (mailfilter just looks at headers and never downloads bodies, as soon as it has finished "getmail" downloads any remaining emails):

DENY=^Subject:.*Undelivered Mail Returned to Sender
DENY=^Subject:.*Returned mail: see transcript for details
DENY=^Subject:.*Returned mail: User unknown
DENY=^Subject:.*Mail System Error - Returned Mail
DENY=^Subject:.*Delivery Notification
DENY=^Subject:.*DELIVERY FAILURE
DENY=^Subject:.*Delivery Status Notification (Failure)
DENY=^Subject:.*Non delivery report
DENY=^Subject:.*message undeliverable
DENY=^Subject:.*failure notice
DENY=^Subject:.*Undeliverable mail:
DENY=^Subject:.*Mail delivery failed
DENY=^Subject:.*Returned mail: Unable to deliver mail
DENY=^Subject:.*Delivery reports about your email

I have "ALLOW=" set up for known email addresses to prevent true non-delivery messages getting deleted.

jæd · Oct 20, 2006

Boris Sprinkler said:
have a look at the headers of the spam. If you dont have these speak to the admins of the domains you are getting the responses from with a polite explanation. have a look at where he is sedning this from and speak to the abuse admin for whatever domain/server he is using. He is probably coming through an open relay somewhere. Inform them and they should stop it. It will take some time but eventually they will give up.

Ok... Will look into it when I have a sec... I've double checked to make sure that I don't have any open relays running myself...

jæd · Oct 20, 2006

spudulike said:
It's been happening for the past week so I've added more "DENY" expressions to my Linux mailfilter configs to delete these on the server (mailfilter just looks at headers and never downloads bodies, as soon as it has finished "getmail" downloads any remaining emails):

Must set this up... Looks handy...

Kameron · Oct 20, 2006

Boris Sprinkler said:
have a look at the headers of the spam. If you dont have these speak to the admins of the domains you are getting the responses from with a polite explanation. have a look at where he is sedning this from and speak to the abuse admin for whatever domain/server he is using. He is probably coming through an open relay somewhere. Inform them and they should stop it. It will take some time but eventually they will give up.

The vast vast majority of spam these days is spat out by bot nets controlled from IRC channels.

Unless you can automate the production of reasonably formatted abuse notifications to correct originating domains you are going to be there all day. The best you can normally do is pick the address that was used and redirect it to /dev/null, many standard installations provide this facility at blackhole@hoster, devnull@yoursite or variations on same. However you probably will also find that a tool like spam assassin flags it all as incoming spam anyway as long as it can keep up with the flood.

If you are seeing very large numbers, anything above a couple of thousand an hour would be large for a personal domain then your hosting provider will probably help you by applying postfix rules for you before it hits your server (depending on set up & the host).

Normally spammers are selling something and if they are doing that then they need a way for 'customers' to contact them, you can attack that as well by reporting that as abuse and with some hosting providers it works with some it doesn't.

cybertect · Oct 20, 2006

FYI, the term for this malarkey is being Joe-Jobbed.

I've had a few of the domains I run suffer this from time to time. You'll usually find it dies down after a few days, weeks, or months.

If you have your own domain, you might contact your domain host an ask them to implement SPF for email.

While it's tempting, I'm reluctant to do that myself as it messes with the DNS records in ways that they weren't intended to be used and I'm a bit of a stickler for such things.

spudulike · Oct 20, 2006

jæd said:
Must set this up... Looks handy...

Very. The cron job that checks mail every 20 minutes also emails me the mailfilter log file once it exceeds a certain number of "deletes", just so I can quickly monitor what's getting chopped.

ricbake · Oct 21, 2006

Help - ? spammer using my domain name, or something

For the the past 10 days I have had an avalanche of delivery failure notifications from emails I haven't sent from
names-I-don'[email protected]
I really don't feel safe opening the attachments containing the original emails. Could anyone offer some advice? Are files ending .txt or .msg safe to open?
Thanks

Maggot · Oct 22, 2006

I've been getting the same thing recently. I was advised to get a new email address, but I'd rather not.

Kameron · Oct 22, 2006

ricbake said:
For the the past 10 days I have had an avalanche of delivery failure notifications from emails I haven't sent from
names-I-don'[email protected]
I really don't feel safe opening the attachments containing the original emails. Could anyone offer some advice? Are files ending .txt or .msg safe to open?
Thanks

More or less, well not really msg which is Outlooks embeded message format but I haven't seen any specific vuln's recently so a patched up machine should be fine. txt really are safe but only if the extention really is txt and some mail clients can be fooled into showing a .txt when the extension is something else. However, what I can't figure out is why you want to open them, they weren't messages sent by you and the bounce isn't too you since it isn't an address you use; just bin them like any normal person, how interested can you be in viagra, penis enlargement and pay per view porn?

Avoiding Bouncing Spam

jæd

Corporate Hooker

dennisr

the acceptable face

Boris Sprinkler

Dont be scared

spudulike

Well-Known Member

jæd

Corporate Hooker

jæd

Corporate Hooker

Kameron

Kamoceratops

cybertect

It's grim up north (London)

spudulike

Well-Known Member

ricbake

working out how

Maggot

The Cake of Liberty

Kameron

Kamoceratops

Similar threads