Thread: my domain being used for spam email
View Single Post
Old 02-10-2006, 01:20   #6
andygrif
Inactive
 
Join Date: Jul 2003
Posts: 2,820
andygrif has a bronze arrayandygrif has a bronze arrayandygrif has a bronze array
andygrif has a bronze arrayandygrif has a bronze arrayandygrif has a bronze arrayandygrif has a bronze arrayandygrif has a bronze arrayandygrif has a bronze arrayandygrif has a bronze array
Re: my domain being used for spam email
Quote:
Originally Posted by Anastasis View Post
About 4 years ago I obtained my own domain name and have since then used it as the recipient of any emails to that domain, e.g. myname@mydomain.co.uk, mywifesname@mydomain.co.uk, or anythingelse@mydomain.co.uk.

When I register with sites I regularly use the name of the site I am registering with, e.g. cableforum@mydomain.co.uk to identify the sender and ensure it is not used by anyone else for marketing purposes.

That system has worked without any problems since I have had it, but just in this last week it appears that a spammer has picked up my domain name and is using for sending spam email to their list with bogus senders who have their email return address showing as at my domain. So for example, they are sending emails out with a signature of Fred Bloggs but the return email address is a series of random letters at my domain, e.g. osxhg@mydomain.co.uk, kodj@mydomain.co.uk. As a consequence, I am getting several bounced emails returned to me as undeliverable because for example they have been sent an unknown recipient at a domain, and the domain's server has bounced the email back to me suggesting I am the sender.
I've got this on the go right now, and for the same reasons I have catch-all email forwarding...and using the same things, such as tesco@mydomain.co.uk, you'd be surprised the companies (who claim not to sell your details) who appear to profit from sharing their databases.

Anyway, spammers are not using your domain per se, they're spoofing identities by suggesting that mail comes from somewhere it doesn't, it goes into thousands of expired mailboxes and boucnes back to you, as yourdomain.com is where the return address is.

If it's just started, I'm afraid to tell you that it will get worse before it gets better, but it will tail off. Mine started about 6 months ago and I was getting 100+ 'bounces' per day. Now I get about 10-15.

The way to solve this is to remove the catch-all forwarding. You need to find all the addresses you've used and want to recieve all mail for (eg cableforum@ joebloggs@ etc) and specify these as valid mailboxes.

What will happen then is that dsjhfshfk@yourdomain.com will not actually exist and will bounce or just vanish into the ether.

To do this, consult with your domain's registrar and support pages as they do differ from supplier to supplier. Also, if your ISP (and ntl don't) offer domain hosting (PlusNet do this) you can specify the MXCORE records at your domain host to point to your ISP's and you specify the mailboxes there.

A simpler solution would be to alter the redcords of the places you've signed up with unique addresses to a single one, use that with your domain reg and boucne everything else.

Quote:
Originally Posted by AntiSilence View Post
However, once while I was browsing my web space with my FTP client, I found a file that I had not placed on there called "bot.txt" which turned out to be a SpamBot which connected to an IRC channel and someone was using it to send spam.

I deleted it and I got less bounced emails back.
Are you referring to robots.txt? This is a file in the root directory of your web host which tells the search engines which directories they can and cannot search to place in their directories.

I'm not saying they don't, but I haven't heard of spammers using it, as they would (of course) need to know that domain existed in the first place to search it - in which case they can just use that domain to spam.

More info here: http://www.robotstxt.org/
andygrif is offline   Reply With Quote