Mass Spam

[Danger Phoenix]

From about 7am this morning, I started receiving **** loads of spam emails. By 7.30am I had received approximately 1300 emails, and a further 1000 or so since then (host capped emails).

I immediately contacted my host, who was very helpful, and he placed a cap on the number of emails that could be sent and received to 200 per hour.

Now I tried blocking some of the email types through cPanel, but they are all from different email addresses and being sent to various aliases at my domain name, making it really hard for me to stop them.

All my emails come into Outlook on my PC, but cPanel is also set to forward them to my Google Mail account, so I am having to clean up both inboxes at the moment.

The emails are titled Mailer-Daemon, Postmaster, Mail Delivery System, and other varios RE: messaged

Anyone got any ideas on how to stop this? (I cannot access cPanel from work, but I could tell my host to do something).

 

[Danger Phoenix]

Grrr... 80 emails since I made my first post

Most of them have PDF files attached, and have messages like:

Mail Delivery Subsystem <[email protected]> 	
to LoraleaKeon
	
show details
	 9:52 am (3 minutes ago) 
  ----- The following addresses had permanent fatal errors -----
<[email protected]>
   (reason: 550 5.1.1 User unknown)

  ----- Transcript of session follows -----
... when talking to itatrade.com. while trying to contact ita202.itatrade.com.:
>>> DATA
<<< 550 5.1.1 User unknown
550 5.1.1 <[email protected]>... User unknown
<<< 503 5.5.2 Need Rcpt command.

Final-Recipient: RFC822; [email protected]
Action: failed
Status: 5.1.1
Remote-MTA: DNS; ita202.itatrade.com
Diagnostic-Code: SMTP; 550 5.1.1 User unknown
Last-Attempt-Date: Wed, 8 Aug 2007 03:52:47 -0500 (CDT)


---------- Forwarded message ----------
From: "Loralea Keon" <[email protected]>
To: [email protected]
Date: Wed, 8 Aug 2007 10:26:58 +0200
Subject: Portfolio alert-jasons

 

[Danger Phoenix]

Drop your catch-all account all together so it's only the spam going to "[email protected]" will get through. There will probably be a very, very small number of emails that make it through then.

These are SPAM, initially I thought that my account had been hijacked and was sending out bounced emails but it is just SPAM.

I can't drop my catch all, because I use different things in front of the @ when I register somewhere. For example it would be ocuk@ for the OcUK Forums and Shop, warwick@ for Warwick University... and the same applies for every other site I have registered on.

If I stop this catch all, I will stop receiving most my emails

Yeah, my host initially thought it could be my machine sending out spam, but I checked it all out and it wasn't ...

 

[Danger Phoenix]

At a guess, I would say that someone has used (spoofed) your domain name as the sender in a mass email exercise - s/he builds the recipient name from a database of First and Last names.

Where the destination email address doesn't exist or is invalid, the target email server is (helpfully) bouncing the emails.

Because the SPAMmer has used your domain name, the bounce messages are all getting sent back to you.

What will probably happen next is that your domain name will get blacklisted automatically.

You will have an absolute nightmare fixing this and may well end up abandoning your domain name and having to register a new one.

I know all of this because it happened to me not so very long ago. Sadly, it is entirely out of your hands because some other swine is doing the damage

Oh... hmm... GRRR! My domain name is hirenshah.co.uk (my name), and I want to keep it! Who would blacklist it? I may contact them right now...

G-MAN2004 - the spam is not coming to my Gmail account... its being forwarded there by my hosting, as I have set it to send a copy of all incoming emails there...

knowledge123 - nope

 

[Danger Phoenix]

Anyone end everyone, not to mention the big blacklists that a lot of companies use.

Ahh ****!

 

[Danger Phoenix]

In that case you may be better off making mailboxes for every address you currently have.

That is literally hundreds

I just spoke with my host again, and he is going to try and create a SPF Record for me... not sure if that will help, but I hope it does!

 

[Danger Phoenix]

I also got him to reject all emails from Mailer-Daemon for the time being, because that should stop over half the emails coming in... but that still doesn't help the situation of there is a chance my domain will get blacklisted

 

[Danger Phoenix]

You know you have shooting ranges... at the moment I wish I could line up spammers and have some fun target practising!

 

[Danger Phoenix]

cPanel's email programs are absolutly awful at dealing with spam, I'd use a mail client and a software spam filter to do anything to a domain account.

Well it has just started today... so it is someone using my domain. And at present I am not worried about receiving it, but more about my domain being blacklisted

 

[Danger Phoenix]

Dont subscripe to certain websites .

I didn't

 

[Danger Phoenix]

I get a lot of spam on my website emails - i just filter dodgey words at the front of the email addresses and it automatically deletes them.

Yes, but this is not from the spammer... these emails are "failed delivery" emails because the spammer is using my domain name as the sender's details...

Filtering the content will stop me receiving them, but will not stop the spammer using my domain and getting it blacklisted...

 

[Danger Phoenix]

You may have a long day and night ahead of you then

<snip>

Cheers for all the links mate

 

[Danger Phoenix]

Can some of you do me a favour and send an email to something [at] hirenshah [dot] co [dot] uk where the something is anything you want

 

[Danger Phoenix]

done you one. (testor@...)

Cheers... got it

Well I'm not sure what my host has done, but the spam is not around 1 email every 2 minutes, rather than 1 email per second...

 

[Danger Phoenix]

I randomly emailed someone from Spamhaus, and this is what they said:

Hi, no, you can not be blacklisted for this problem. This problem happens all the time to thousands of people every day, the blacklists never act on the address the spam says it is "From" as we know this is always false.

The 'bounce attack' on you will stop in a day or two, as the spammer will change to using someone else's domain as his 'From'. So for the moment there's nothing you can do except trash the bounces.

Regards,

Steve Linford
The Spamhaus Project
http://www.spamhaus.org

 

[Danger Phoenix]

How come you always use [email protected]

Wouldn't it be better to just setup one account for registrations etc and use that with no catchall?

I use it because it allows me to filter emails easily in my Outlook, and also if one website starts sending me spam, I can block that [email protected]...

I suppose that doesn't help when something like this happens

yup the spam databases blacklist based upon the IP address of the sending server as it's so easy to spoof a from address.

This isn't SPAM per se, it's legitimate NDR messages that are being generated as some tard has spoofed your email addresses, the fact you have a catchall means that you will receive every last email sent to your domain.

unlucky :8

Yeah... I wish I could kill the guy, because sifting through the emails trying to spot the ones I want to keep is becoming a headache. The spam has picking up again to around 5 every minute... still less than this morning.

If tomorrow there is a news article saying "Spammer Killed In Frenzied Attack" it wasn't me

 

[Danger Phoenix]

I have hundreds of addresses, which makes it near impossible to do... for every site I have signed up at, or for everything I have put my email address down, it is a different alias.

Ranging from giving Barclays my email address to placing an order online at HSS...

 

[Danger Phoenix]

Received 4 spam emails this morning, since 8am

Now I am not sure if that is the filter kicking in (the host's filter adapts to incoming spam) or if the filters I have set up are stopping it, or if it has actually stopped.

I am going to turn off my filters this evening, to see if they still come in... but it is looking good at the moment

 

[Danger Phoenix]

I just thought I would update you guys and let you know that this was sorted within 5 days of creating this thread. I get the usual couple of spam emails a day now, but that is about it

 

[Danger Phoenix]

Did they just gradually fade off?

Yes, as well as my host tweaking a few settings and features