[thelist] Mail hijacking.....

John C Bullas jcbullas at nildram.co.uk
Tue Jan 20 02:40:42 CST 2004

At 00:54 20/01/2004, you wrote
>Some little so and so is sending out emails with a reply address using my 
>domain name. I have managed to find out who it is, and it appears they are 
>one of the big spammers :o(
>I realise that there is nothing I can do to stop him from sending these 
>messages, but what I would like to know is, is there anyway I can stop 
>receiving all the 'undeliverable' mail messages I keep getting back? The 
>only thing in common with the messages is that they are all from the AOL 
>postmaster, at the moment anyway, as

mail filtering rules > delete at server or on download

if your mail comes via a redirect from the hosts (say you have ken.com 
hosted for your business and mail for anything at fred.org that you also own 
gets routed to anything at ken.com you can set mail so that  anything other 
than selected somethings at fred.org get black holed?

If they are spoofing your active addresses you can only filter on header 
content or subject line

If you bin all responses expect to get complaints (to webmaster at ...) from 
3rd parties who don't know better :)

Expect to maybe be mail bombed by idiots who can't read headers (got sent 
100 5MB text files by one nutter who got them all sent back to him ;0)

>he is concentrating on AOL account users. I know I could just block any 
>messages from that postmaster, but what if he starts changing to other ISPs?

play catchup sadly

>Has anyone else had any experience with this sort of thing? If so, does it 
>tend to peter out after a while, or am I stuck with it? And what have your 
>solutions been?



All I could do is bin the incoming messages.. luckily the domain was not 
used to receive emails so everything could get binned
I did not worry about people threatening to report me as any helpdesk bod 
who could read headers could see the things were spoofed
(the sending IP did not correspond to my IP and was commonly a open proxy 

I did however make approaches to consumer organisations in the areas of the 
snail mail addresses given for people to contact in the spam (thus the spammers
used snail mail for replies and didn't need a valid return address).. i 
think in at least one case a Canadian organization "had a quiet word" with 
one of the offenders (and no they didn't drive dark brown Oldsmobiles and 
carry violin cases)....

All of a sudden it stopped... after 2 weeks started up again and finally 
stopped after another 2 weeks......

If you are shrewd and it is one spammer who is stupid enough NOT to be 
using open proxy relay you might get him/her disconnected if his/her ISP is 

If they are using open proxy check to see if it is a mistake in setup by a 
"firendly" ISP, if so let them know...

email me offlist for more help?

>BTW, my mail server is hosted on a Linux server, although I am not overly 
>familiar with Linux yet.
>Here's hoping

More information about the thelist mailing list