Mass Spam

Soldato
Joined
21 Jul 2004
Posts
6,329
Location
Bromley / Uxbridge
From about 7am this morning, I started receiving **** loads of spam emails. By 7.30am I had received approximately 1300 emails, and a further 1000 or so since then (host capped emails).

I immediately contacted my host, who was very helpful, and he placed a cap on the number of emails that could be sent and received to 200 per hour.

Now I tried blocking some of the email types through cPanel, but they are all from different email addresses and being sent to various aliases at my domain name, making it really hard for me to stop them.

All my emails come into Outlook on my PC, but cPanel is also set to forward them to my Google Mail account, so I am having to clean up both inboxes at the moment.

The emails are titled Mailer-Daemon, Postmaster, Mail Delivery System, and other varios RE: messaged :mad:

Anyone got any ideas on how to stop this? (I cannot access cPanel from work, but I could tell my host to do something).
 
Soldato
Joined
21 Jul 2004
Posts
6,329
Location
Bromley / Uxbridge
Grrr... 80 emails since I made my first post :mad:

Most of them have PDF files attached, and have messages like:

Code:
Mail Delivery Subsystem <[email protected]> 	
to LoraleaKeon
	
show details
	 9:52 am (3 minutes ago) 
  ----- The following addresses had permanent fatal errors -----
<[email protected]>
   (reason: 550 5.1.1 User unknown)

  ----- Transcript of session follows -----
... when talking to itatrade.com. while trying to contact ita202.itatrade.com.:
>>> DATA
<<< 550 5.1.1 User unknown
550 5.1.1 <[email protected]>... User unknown
<<< 503 5.5.2 Need Rcpt command.

Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.1.1
Remote-MTA: DNS; ita202.itatrade.com
Diagnostic-Code: SMTP; 550 5.1.1 User unknown
Last-Attempt-Date: Wed, 8 Aug 2007 03:52:47 -0500 (CDT)


---------- Forwarded message ----------
From: "Loralea Keon" <[email protected]>
To: [email protected]
Date: Wed, 8 Aug 2007 10:26:58 +0200
Subject: Portfolio alert-jasons
 
Soldato
Joined
5 Mar 2006
Posts
6,163
Location
everywhere
Drop your catch-all account all together so it's only the spam going to "[email protected]" will get through. There will probably be a very, very small number of emails that make it through then.

These are SPAM, initially I thought that my account had been hijacked and was sending out bounced emails but it is just SPAM.
 
Soldato
Joined
21 Jul 2004
Posts
6,329
Location
Bromley / Uxbridge
markyp23 said:
Drop your catch-all account all together so it's only the spam going to "[email protected]" will get through. There will probably be a very, very small number of emails that make it through then.

These are SPAM, initially I thought that my account had been hijacked and was sending out bounced emails but it is just SPAM.

I can't drop my catch all, because I use different things in front of the @ when I register somewhere. For example it would be [email protected] for the OcUK Forums and Shop, [email protected] for Warwick University... and the same applies for every other site I have registered on.

If I stop this catch all, I will stop receiving most my emails :(

Yeah, my host initially thought it could be my machine sending out spam, but I checked it all out and it wasn't ...
 
Suspended
Joined
4 Aug 2003
Posts
3,054
At a guess, I would say that someone has used (spoofed) your domain name as the sender in a mass email exercise - s/he builds the recipient name from a database of First and Last names.

Where the destination email address doesn't exist or is invalid, the target email server is (helpfully) bouncing the emails.

Because the SPAMmer has used your domain name, the bounce messages are all getting sent back to you.

What will probably happen next is that your domain name will get blacklisted automatically.

You will have an absolute nightmare fixing this and may well end up abandoning your domain name and having to register a new one.

I know all of this because it happened to me not so very long ago. Sadly, it is entirely out of your hands because some other swine is doing the damage :mad:
 
Soldato
Joined
21 Jul 2004
Posts
6,329
Location
Bromley / Uxbridge
Shackley said:
At a guess, I would say that someone has used (spoofed) your domain name as the sender in a mass email exercise - s/he builds the recipient name from a database of First and Last names.

Where the destination email address doesn't exist or is invalid, the target email server is (helpfully) bouncing the emails.

Because the SPAMmer has used your domain name, the bounce messages are all getting sent back to you.

What will probably happen next is that your domain name will get blacklisted automatically.

You will have an absolute nightmare fixing this and may well end up abandoning your domain name and having to register a new one.

I know all of this because it happened to me not so very long ago. Sadly, it is entirely out of your hands because some other swine is doing the damage :mad:

Oh... hmm... GRRR! My domain name is hirenshah.co.uk (my name), and I want to keep it! Who would blacklist it? I may contact them right now...

G-MAN2004 - the spam is not coming to my Gmail account... its being forwarded there by my hosting, as I have set it to send a copy of all incoming emails there...

knowledge123 - nope
 
Soldato
Joined
18 Jan 2007
Posts
19,751
Location
Land of the Scots
Danger Phoenix said:
Oh... hmm... GRRR! My domain name is hirenshah.co.uk (my name), and I want to keep it! Who would blacklist it? I may contact them right now...
Anyone end everyone, not to mention the big blacklists that a lot of companies use.
 
Soldato
Joined
5 Mar 2006
Posts
6,163
Location
everywhere
Danger Phoenix said:
I can't drop my catch all, because I use different things in front of the @ when I register somewhere. For example it would be [email protected] for the OcUK Forums and Shop, [email protected] for Warwick University... and the same applies for every other site I have registered on.

If I stop this catch all, I will stop receiving most my emails :(

Yeah, my host initially thought it could be my machine sending out spam, but I checked it all out and it wasn't ...

In that case you may be better off making mailboxes for every address you currently have.
 
Soldato
Joined
21 Jul 2004
Posts
6,329
Location
Bromley / Uxbridge
I also got him to reject all emails from Mailer-Daemon for the time being, because that should stop over half the emails coming in... but that still doesn't help the situation of there is a chance my domain will get blacklisted :(
 
Soldato
Joined
8 Nov 2002
Posts
9,128
Location
NW London
Danger Phoenix said:
but that still doesn't help the situation of there is a chance my domain will get blacklisted :(

Unfortunately there is little you can do about that. It's a stupid way of blacklisting, as it's so easy to spoof the "MAIL FROM:" field, but a lot of blacklist companies will still use it.
 

Hxc

Hxc

Soldato
Joined
29 Oct 2004
Posts
12,501
Location
London
cPanel's email programs are absolutly awful at dealing with spam, I'd use a mail client and a software spam filter to do anything to a domain account.
 
Top