Spammer forging email from/reply to headers.

meephead · October 1st, 2006, 8:39 PM

I probably can't do much about this, but maybe someone can suggest a course of action I could take. Some unknown person is forging the from and reply-to email header addresses to my domain while spamming people with crap. The result is that I get a "Delivery Failed" type message every few minutes when he sends an email to a non existant account somewhere. The other down side is that it makes it seem as if I, or someone on my domain, is the actual spammer.

For now I turned off the catch-all email option so my inbox doesn't get flooded with this crap, but I'd honestly love to stop this person somehow. Sadly, there is nothing in the mail transfer data that would give me a hint on how to trace this back to him, the IPs and hostnames vary with every email so it's not easy to figure out. The only thing in there that makes me assume it's one person is the fact that the client and version number are identical in each failed delivery message I get.

Probably a hopeless case, but if there are any suggestions on what I could do let me know.

Code3TJ · October 11th, 2006, 2:49 PM

I'd like to know too - I just got 2540 failure notices for somebody's penny stock spam that was sent out using my header.

musicman2059 · October 11th, 2006, 4:26 PM

This was happening to me on my old host, and something tells me this will happen with surpass as well. (As forging an address I don't think has anything to do with what host you're on.)

I wish I could do something about it.

meephead · October 11th, 2006, 5:11 PM

Yeah, usually nothing you can do about it directly. However, there is a nice theory on fighting spam that I read a few days ago on silenceisdefeat.org.

http://silenceisdefeat.org/~samble/spam.txt

Sort of has similar in theory to a DDoS, except the goal isn't to cause any harm to their server or anything of the sort, but their wallet. After all, they're paying money so you can click their links, so might as well give them what they paid for. This should make their costs go up enough to either a) force them to stop spamming their products, at least in those amounts or b) having failed the first option, run them out of business.

**twirp** · October 11th, 2006, 9:10 PM

You could check the message and other variables before sending it. [click]

meephead · October 11th, 2006, 11:16 PM

Quote:

Originally Posted by twirp

You could check the message and other variables before sending it. [click]

That's not helpful with forged headers, they're not sending it through the website, there is no connection to it in fact. They're just changing the from email header to your domain and usually using a made up account so it makes it seem like an actual user from your domain sent it.

So the result is spam looking as if it was sent from your website, when it's not.

punchdouble · October 20th, 2006, 9:37 AM

Same problem here.

Patty · October 22nd, 2006, 9:10 PM

I'm having the same problem as well, although it's not a lot of messages, but at least once a day, and directed to the same email. I'll post the header here next time I get it.

I hope there's something that can be done. (Like killing all spammers in the world. ..)

October 1st, 2006, 8:39 PM	#1 (permalink)
meephead Registered User Comfy Contributor Joined in Aug 2006 Hosted on SH103 106 posts Gave thanks: 3 Thanked 4 times	Spammer forging email from/reply to headers. I probably can't do much about this, but maybe someone can suggest a course of action I could take. Some unknown person is forging the from and reply-to email header addresses to my domain while spamming people with crap. The result is that I get a "Delivery Failed" type message every few minutes when he sends an email to a non existant account somewhere. The other down side is that it makes it seem as if I, or someone on my domain, is the actual spammer. For now I turned off the catch-all email option so my inbox doesn't get flooded with this crap, but I'd honestly love to stop this person somehow. Sadly, there is nothing in the mail transfer data that would give me a hint on how to trace this back to him, the IPs and hostnames vary with every email so it's not easy to figure out. The only thing in there that makes me assume it's one person is the fact that the client and version number are identical in each failed delivery message I get. Probably a hopeless case, but if there are any suggestions on what I could do let me know. __________________ [SH103] http://nemesia.org/

October 11th, 2006, 2:49 PM	#2 (permalink)
Code3TJ Registered User Seasoned Poster Joined in Jan 2004 Hosted on Pass51 62 posts Gave thanks: 0 Thanked 0 times	I'd like to know too - I just got 2540 failure notices for somebody's penny stock spam that was sent out using my header. __________________ Jeep Horizons - Pass51 California Jeeper - Pass51

October 11th, 2006, 4:26 PM	#3 (permalink)
musicman2059 Move Zig Seasoned Poster Joined in Oct 2006 Lives in Vancouver, BC Hosted on SH105 70 posts Gave thanks: 9 Thanked 2 times	This was happening to me on my old host, and something tells me this will happen with surpass as well. (As forging an address I don't think has anything to do with what host you're on.) I wish I could do something about it. __________________ Site: http://www.ancientcave.com/ Server: SH105 (72.29.93.156)

October 11th, 2006, 5:11 PM	#4 (permalink)
meephead Registered User Comfy Contributor Joined in Aug 2006 Hosted on SH103 106 posts Gave thanks: 3 Thanked 4 times	Yeah, usually nothing you can do about it directly. However, there is a nice theory on fighting spam that I read a few days ago on silenceisdefeat.org. http://silenceisdefeat.org/~samble/spam.txt Sort of has similar in theory to a DDoS, except the goal isn't to cause any harm to their server or anything of the sort, but their wallet. After all, they're paying money so you can click their links, so might as well give them what they paid for. This should make their costs go up enough to either a) force them to stop spamming their products, at least in those amounts or b) having failed the first option, run them out of business. __________________ [SH103] http://nemesia.org/

October 11th, 2006, 9:10 PM	#5 (permalink)
twirp DemonicAngel Super #1 Joined in Aug 2004 Lives in Wherever The World Takes Me Hosted on Pass76 1,842 posts Gave thanks: 28 Thanked 35 times	You could check the message and other variables before sending it. [click] __________________ You wear Vans so high school kids will think that you can skate. He wears Vans because he can skate. TwiRp wears Vans because they were on sale. Pass76 wants Vans.

October 20th, 2006, 9:37 AM	#7 (permalink)
punchdouble Registered User Seasoned Poster Joined in Jan 2004 Lives in The Netherlands Hosted on SH106 63 posts Gave thanks: 11 Thanked 2 times	Same problem here. __________________ punchdouble.com [dior]

October 22nd, 2006, 9:10 PM	#8 (permalink)
Patty Registered User Excelling Contributor Joined in Feb 2005 540 posts Gave thanks: 86 Thanked 24 times	I'm having the same problem as well, although it's not a lot of messages, but at least once a day, and directed to the same email. I'll post the header here next time I get it. I hope there's something that can be done. (Like killing all spammers in the world. ..) __________________ Patty Pass 57 \| Dime999 \| SH 110

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search