11 Jan 2007

What to do when you’re the FROM address of someones email spam campaign.

 Twice this past month I’ve got online in the morning to check my email and found hundreds of returned mail sitting in my inbox. What these are is that some clown (for lack of nastier names) has sent out a blast email where they put all types of variations before @webuildpages.com… for example dkdklds@webuildpages.com or bobsmith@webuildpages.com etc etc, and so when they send their spam, the return email is something @ webuildpages.com.

I’m sure this must happed to lots of people besides me (I’m guessing I’m a random hit, not a "I hate Jim" hit).

I’m sure webuildpages is now on several spam lists, I’m sure I’ve pissed a bunch of people off who think I’m the one sending theses (and hurting the image of webuildpages.com).

I know one email spam filter that we’re listed on, and unfortunately many IPS’s and hosts use that filter….and when I’ve looked into how to get my emailed delisted from their spam list I was suprised they the people who make this list totally assume you’re guilty and they make you jump through so many hoops to try to claim your innocence that it appeared that it would take a lot of time and work to try to get off the spam list.

What can be done?

Comments

  1. Tom January 11, 2007 at 4:04 PM

    I had the same thing happen to me. I’ve to come up with a better solution than turning the catch-all off. I’d be very interested if anyone has any action that can be taken.

  2. Brett January 11, 2007 at 4:15 PM

    You can’t do anything to keep this from happening. It is called Phishing (http://en.wikipedia.org/wiki/Phishing) where your email address/domain is spoofed.

    For example: I can send an email as Bill Gates bill.gates@microsoft.com by a few quick changes to my email settings and I obviously don’t have access to his email or servers.

    It is a fundamental flaw in the way email was designed to work in my opinion… The best thing to do is just help educate people. I am sure that most people have received spoofed emails from PayPal or eBay telling them to “click here” and update their personal info… Even the links look real but are spoofed and take the visitor to a form that will collect their private information.

    MANY people just believe that since the email has their name and logo in it that it MUST be real. Go to http://www.microsoft.com/athome/security/email/phishing.mspx for a quick example.

    The sad truth is that lots of people get taken advantage of by being ignorant of this…

  3. 2k a day January 11, 2007 at 4:55 PM

    I’d sure like to know. I get hundreds of bounced back emails from someone spamming off some of my domains that I’ve had for years.

  4. Richard January 11, 2007 at 7:40 PM

    I’ve had this happen to me too a few years back. It’s really frustrating at first, however once you’ve convinced your webhost, upstream provider, spam list maintainer and your neighbor’s dog you will find that it somehow sorts itself out. (at least it did for me)

    You may also want to look into SPF (Sender Policy Framework) for your email’s dns records. (it’s still far from a full solution though)

  5. Quadszilla January 11, 2007 at 8:02 PM

    happened to me last week and f@cked gmail up for 5 days (the domain was forwarding). I’ll put up money towards a bounty to kill the guy if anyone wants to look . . .

  6. Tim Linden January 11, 2007 at 8:59 PM

    Use SPF. Many email providers use it now to see if the mail is really from the person it says it is or not. If it isn’t it’ll just delete it. Thats how you can prevent it.

    (My website I wrote how to use SPF to prevent your email from getting junked, but it works the same way to make sure email NOT from you DOES get junked WITHOUT hurting you)

    As for what to do now.. Just try and track down the spammer like you’d do someone spamming you. Find the IPs they are using and contact the ISPs.

  7. Simon Heseltine January 11, 2007 at 11:38 PM

    I certainly wouldn’t suggest going to the website in the bounced email and filling out their order form over and over again with expletives, maybe using some automated testing solution to do it for you for an hour or 2. 😉

    Funny thing is my wife only got bounced emails for a day, then they must have stopped using her email address, don’t know why… 🙂

  8. Hrvatska January 11, 2007 at 11:46 PM

    On what server you are linux or windows.., i have great solution for linux servers… You forget that SPAM exists..
    🙂

  9. Tom January 12, 2007 at 1:12 AM

    If you have one of the original messages, here are some really good suggestions on how to track down the source:
    http://www.de.sorbs.net/spamfo/basic.shtml
    Beyond that, SPF works well and is now widely used. DomainKeys is another good one but less widely adopted. It is gaining popularity as e-mail servers adopt the standard. Good luck.

  10. Christoph C. Cemper January 12, 2007 at 6:13 AM

    @jim: yeah – I got this crap on my major business domains, and the only think I got to do so far is implement a) SPF (which MIGHT help) and b) implement a blackhole for the catchall – at least then I dont receive those jerky reply mails

    @tom: > It is gaining popularity as e-mail servers adopt the standard.

    Crap – Yahoo adopted it WITHOUT taking note of all production versions of the major opensource mailer embeded in so many webhosts – EXIM tough with a huge base does not support it

    that means – my mails go to BULK for Yahoo email recipients… super, ha?

    http://weblog.cemper.com/a/200611/28-yahoo-bulk-folder-xyahoofilteredbulk-killing-my-business-mails.php

    and even admin personal refuses to setup the “experimental” versions that “adopted” that standard …

    THEY DON’T EVEN TAKE MONEY TO FIX IT!

    see about my experiences

    http://weblog.cemper.com/a/200611/29-domainkeys-experimental-implementation-worth-the-hassle.php

    Take note that ALL this crap doesn’t keep 3 chained spamfilters to pass thru the generours image spam

    http://weblog.cemper.com/a/200701/10-how-to-get-rid-of-the-re-my-somecrap-spam.php

    So in short Jim, implement SPF on your domain, do the catchall and join Matt Cutts and all the others bitching about the really sucky software surrounding email communication

    http://www.mattcutts.com/blog/why-isnt-email-authenticated/

    cheers,christoph

  11. Christoph C. Cemper January 12, 2007 at 6:14 AM

    @Hrvatska: you’re talking about greylisting?

    I think Jims problem is not that he receives spams, but that somebody’S using his domain (randomly) to fake the mail headers

  12. Dave White January 12, 2007 at 10:49 AM

    This is ridiculous. I don’t understand why these spammers have the guts to use their own emails/domains.
    Always an innocent person has to suffer at the cost of his reputation and unnecessarily be blamed for not doing anything unethical.

  13. Tom Royce January 12, 2007 at 11:21 AM

    This nailed one of our domains and ended up brining us down as the bounces were coming in at 5,000 an hour…

    What I did do was route the errors to an account that could be pulled off the server by an account accessed outlook and then set up the rules to put them in a seperate folder.

    It does not fix the problem, and I would love to learn a way to do so, but it took some of the pain out of it. I could not imagine having to wade through a webmail account that has all that coming in.

  14. wheel January 12, 2007 at 12:23 PM

    The simplest thing to do is turn off your catch-all email account. Only allow email to addresses that you know are valid, like ‘jim@’ or ‘webmaster@’.

    This doesn’t stop the spammers from using your domain, but it does stop all the bounced emails from hitting your inbox.

  15. Caomhin January 12, 2007 at 3:05 PM

    I’ll echo the catch-all account advice firstly (although that’ll usually result in a double bounce, but you annoy the guys who bounced mail they shouldn’t have rather than dealing with their screw-up).

    As for removal from a spam filter; the one I found you on is usually pretty good at delisting. Just send an email saying you were joe jobbed along with a sample of the bounce and you should get removed fairly quickly.

  16. Ross Hill January 13, 2007 at 9:47 PM

    Yep got the same happening here too… normal spam is enough of a problem without having returned mail and knowing that you are probably getting put on a list 🙁

  17. Hrvatska January 14, 2007 at 7:36 AM

    No i have combination of open source tools.. that if setup in right way…
    works better that solutions.. that cost coupel 1000$s …

    if you ar einterested let me know and i will send you url whwrw you can find all that

  18. Nina January 14, 2007 at 6:48 PM

    Yep, a real problem that happened to me too. I’d like to agrree with that gut who supposed that you’d open only that emails that you know. As for the SPAM – it really exists if to know how to use it properly:-)

  19. Jim Westergren January 15, 2007 at 11:09 AM

    This happened to me too a few months ago. I got 1,5K bounced mails from a spam mailing.

    I turned off catch all and I made an auto-reply to all mails that was not directed to the right one with a notice that this email is invalid and unauthorized used by a spammer, not me. That way when some guy got angry and answered the spam they got the autoreply explaining the situation. Not a perfect solution but the best I could figure out to rescue the bad image.

  20. Nick Wilsdon January 16, 2007 at 2:15 PM

    I find myself checking RBL fairly frequently – this is my usual stop – http://www.robtex.com/rbls.html (if anyone has any other recommendations I’d like to hear them).

    You’re right Jim, getting off the lists is not easy. We once got a recycled IP that took weeks to clean up!

  21. Tom January 16, 2007 at 2:48 PM

    Nick, http://www.dnsstuff.com is another good one for checking RBLs.

    I hadn’t heard of robtex but it’s going in my bookmarks. It’s definitely a good find. Thanks for sharing it!

  22. Josh January 17, 2007 at 11:49 AM

    Wow, I didn’t even know that until reading this post. I’ve been getting those bounce back email for a while and I thought they were spamming to me.

  23. Bestmiler February 24, 2007 at 12:35 AM

    This happened to my Dad once and AOL froze his account. After reviewing what happened, we found out that someone was sending out emails selling a product. There was nothing we could do but talk to AOL.

  24. A.J. February 28, 2007 at 10:19 AM

    Unfortunately, I’ve been getting this sort of junk for some time. I’ve tried several things and some improved it but didn’t find anything that really fixes the problem.

    The sad thing is that after months, it hasn’t dropped off any. I would have thought they’ve of moved on and used someone else in the from line.

Comments closed

Sorry, the comment form is closed at this time.