OT: Problem with returned emails - I didnt send them!

Discussion in 'DIY Computers' started by Wagg, Nov 26, 2005.

  1. Wagg

    Wagg Guest

    Hi there,

    I'm getting returned emails, but I havent sent them. Looking at the
    original emails, they're lal spam, and they're being returned to me as
    someone out there is using my domain to forward them. I've looked at the
    IP's on the original messages and they all originate in China, Taiwan,
    Brazil, Argentinia, USA, etc, they all appear different. Whereas if it was
    one or two emails it wouldnt be a problem, but I'm getting around 1000+ an
    hour now, and after 12 hours the mailbox is full, that I've taken to leaving
    the mail program open all night.

    Is there any way I can fix this? I know you can look at a message source
    and it tells you more or less where it came from, as most emails say they
    came from [email protected] dot org dot uk which is not an address I
    use, but it is on my domain list. I've tried creating that mailbox, and
    then spam listing everything in it, but the email addresses change slightly
    every day or so.

    Is this just going to have to be one of those things that may go away? Or
    am I going to have to live with it? I can change the domain, but its on a
    business I've built up for the last 7 years, and would be too costly.

    Any thoughts or ideas appreciated.
     
    Wagg, Nov 26, 2005
    #1
    1. Advertisements

  2. Wagg

    Rob Morley Guest

    It will probably calm down in a few days as the spammers move on to
    spoof another domain - if they stay in one place too long it will get
    blacklisted and their spam won't reach its intended recipients.
     
    Rob Morley, Nov 27, 2005
    #2
    1. Advertisements

  3. Wagg

    Alex Fraser Guest

    I have seen some virus-laden or spam emails masquerade as delivery failure
    messages, but it is far more common for delivery failure messages to be
    genuine. Although a genuine one might be generated in response to an email
    (often spam) sent with a forged sender address - which is probably the case
    here.

    Alex
     
    Alex Fraser, Nov 27, 2005
    #3
  4. try www.spamjab.org its free and lets you sort out possible problem ones too
    and either delete them or add to blacklist. great free spamkiller. does
    about 900 a week on an old account of mine.
     
    Sod the Builder, Nov 27, 2005
    #4
  5. oops spamjab.com



     
    Sod the Builder, Nov 27, 2005
    #5
  6. A number of us have been there :(

    As other posters have pointed out it is probably nothing personal, a spammer
    has selected your domain at random.

    The best you can do is to tough it out and move on. Hopefully you can use
    filtering to delete most of bounced messages. Most ISPs are aware of this
    practice "joe-job" and will not usually not blacklist your domain or suspend
    your account.

    I had a similar problem with my current account and was forced to setup
    rules to delete the bounces. They usually follow a predictable format.

    Eventually the spammer will move on. It sucks big time I know.. but it
    probably is not worth the effort in trying to track them down. A lot of the
    ISPs in Korea and China are spammer friendly and simply ignore abuse
    reports.

    BTW it is has been alleged that posting to anti-spam newsgroups such as
    news.admin.net-abuse.* increases your chances of being "joe-jobbed" by
    spammers.
     
    Trust No One®, Nov 27, 2005
    #6
  7. I wish my lot would move on - I've been getting a thousand rejection
    slips a day, for a couple of months now. All to random_names at
    sessile dot org.

    Anyone know of a POP3 filter that just drops messages unless the to:
    is on a whitelist (just text-matching would do)? POPfile gets way too
    busy, classifying so much data as "mailer-rejects". Wish it had a
    "drop" option per bucket.

    Cheers - Jaimie
     
    Jaimie Vandenbergh, Nov 27, 2005
    #7
  8. Wagg

    Wagg Guest

    Thanks for all the posts people. Had around 200,000 emails since I wrote
    this! Woke up this morning to deal with an error telling me that the program
    could no longer compensate for the amount of memory being used, and had to
    delete them bit by bit to get my mailbox back.

    The email address that is bouncing is just a jumble of letters, and has no
    resemblance to any of the email addresses I have setup on the account. The
    only place that my email is accessable to a name collecting program would be
    the website, but all they have is the domain part and not the actual right
    name!
     
    Wagg, Nov 27, 2005
    #8
  9. Wagg

    Rob Morley Guest

    Hardly "suffering" then.
    That's a virus, it does "Mail delivery failed" "Paris Hilton & Nicole
    Richie" and a number of other headers. See
    http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=49473
     
    Rob Morley, Nov 27, 2005
    #9
  10. Wagg

    Don Spumey Guest

    Use something like 'Mailwasher'...download the headers.....if it's
    spam.....bounce 'em back to the 'feckers!

    Don.
     
    Don Spumey, Nov 27, 2005
    #10
  11. Wagg

    Wagg Guest

    Hi Don,

    I tried Mailwasher, it couldnt cope with the amount coming in. While I type
    this I am downloading 273 emails, which 2 mins ago I didnt have.

    I can bounce them back, but they came from my domain name (according to the
    address but not the IP) so sending them back would end up with me!

    This current amount are all returned from people in Germany.
     
    Wagg, Nov 27, 2005
    #11
  12. Bitstring <>, from the
    No, please don't unless you are 110% sure you know where it =really=
    came from. 95% of the 'spam' in my mailbox are spam and virus 'bounces'
    from systems which haven't got a clue about faking of Email headers.
     
    GSV Three Minds in a Can, Nov 27, 2005
    #12
  13. Wagg

    Rob Morley Guest

    Bounces from servers run by careless/clueless admins (and users who have
    spambusting software that tries to send a fake bounce message) can be
    nearly as much of a problem as the original spam. That crap should be
    disappearing into a black hole, not ricocheting around the internet.
     
    Rob Morley, Nov 28, 2005
    #13
  14. Why not ditch the catch-all domain box and set up *proper* POP3 boxes
    for each account you need? That way if you get messages to
    [email protected] then the sender will receive a nice "550 - No Such
    User" message. No need for filters anywhere, and your spamload (and
    data transfer per month) drops drastically.
     
    Gareth Halfacree, Nov 30, 2005
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.