[thelist] Mail hijacking.....
John C Bullas
jcbullas at nildram.co.uk
Tue Jan 20 02:40:42 CST 2004
At 00:54 20/01/2004, you wrote
>Hi,
>
>Some little so and so is sending out emails with a reply address using my
>domain name. I have managed to find out who it is, and it appears they are
>one of the big spammers :o(
>
>I realise that there is nothing I can do to stop him from sending these
>messages, but what I would like to know is, is there anyway I can stop
>receiving all the 'undeliverable' mail messages I keep getting back? The
>only thing in common with the messages is that they are all from the AOL
>postmaster, at the moment anyway, as
mail filtering rules > delete at server or on download
if your mail comes via a redirect from the hosts (say you have ken.com
hosted for your business and mail for anything at fred.org that you also own
gets routed to anything at ken.com you can set mail so that anything other
than selected somethings at fred.org get black holed?
If they are spoofing your active addresses you can only filter on header
content or subject line
If you bin all responses expect to get complaints (to webmaster at ...) from
3rd parties who don't know better :)
Expect to maybe be mail bombed by idiots who can't read headers (got sent
100 5MB text files by one nutter who got them all sent back to him ;0)
>he is concentrating on AOL account users. I know I could just block any
>messages from that postmaster, but what if he starts changing to other ISPs?
play catchup sadly
>Has anyone else had any experience with this sort of thing? If so, does it
>tend to peter out after a while, or am I stuck with it? And what have your
>solutions been?
Yup....
http://www.fatblokeracing.org/marketeering/index_spam.htm
All I could do is bin the incoming messages.. luckily the domain was not
used to receive emails so everything could get binned
I did not worry about people threatening to report me as any helpdesk bod
who could read headers could see the things were spoofed
(the sending IP did not correspond to my IP and was commonly a open proxy
relay)
I did however make approaches to consumer organisations in the areas of the
snail mail addresses given for people to contact in the spam (thus the spammers
used snail mail for replies and didn't need a valid return address).. i
think in at least one case a Canadian organization "had a quiet word" with
one of the offenders (and no they didn't drive dark brown Oldsmobiles and
carry violin cases)....
All of a sudden it stopped... after 2 weeks started up again and finally
stopped after another 2 weeks......
If you are shrewd and it is one spammer who is stupid enough NOT to be
using open proxy relay you might get him/her disconnected if his/her ISP is
understanding....
If they are using open proxy check to see if it is a mistake in setup by a
"firendly" ISP, if so let them know...
email me offlist for more help?
>BTW, my mail server is hosted on a Linux server, although I am not overly
>familiar with Linux yet.
>
>Here's hoping
>Alexis
More information about the thelist
mailing list