cancel
Showing results for 
Search instead for 
Did you mean: 

Spam sent via your e-mail account

aetos
Grafter
Posts: 166
Registered: 30-07-2007

Spam sent via your e-mail account

Any one finding they are being subjected to return spam with your domain listed as the offending sender,
I had over 300 returned undeliverable receipts to my machine over the last couple of days.

MARK
5 REPLIES
Plusnet Staff
Plusnet Staff
Posts: 17,641
Thanks: 535
Fixes: 159
Registered: 05-04-2007

Spam sent via your e-mail account

Hi,

This is simply a form of SPAM that has been doing the rounds, the link below should give you some more info on this and also some tips on how to stop it reaching you.

http://www.plus.net/support/security/spam/spam_protection_guide.shtml#4
If this post resolved your issue please click the 'This fixed my problem' button
 Chris Parr
 Plusnet Staff
aetos
Grafter
Posts: 166
Registered: 30-07-2007

Spam sent via your e-mail account

Here is a copy of a header, have replaced my domain in header with XXXX
Quote
Envelope-to: Rito795@XXXX.plus.com
Delivery-date: Sun, 25 Feb 2007 17:06:48 +0000
Received: from smtpout1.online.net ([212.27.35.141])
by pih-sunmxcore14.plus.net with esmtp (PlusNet MXCore v2.00) id 1HLMpj-00077y-GT
for Rito795@XXXXX.plus.com; Sun, 25 Feb 2007 17:06:47 +0000
Received: from mx3.online.net (mx3.online.net [212.27.35.133])
by smtpout1.online.net (Postfix) with SMTP id 8EF9B934CDB
for <Rito795@XXXX.plus.com>; Sun, 25 Feb 2007 18:03:45 +0100 (CET)
Received: (qmail 22868 invoked for bounce); 25 Feb 2007 17:03:45 -0000
Date: 25 Feb 2007 17:03:45 -0000
From: MAILER-DAEMON@proxad.net
To: Rito795@XXXX.plus.com
Subject: [-SPAM-] failure notice
Message-Id: <20070225170345.8EF9B934CDB@smtpout1.online.net>


These appear to have been sent via PN


Mark

N/A

Spam sent via your e-mail account

Common spam techniques are to spoof the sender address to appear to come from an e-mail address or domain other than the actual sender.

The header you've cited appears to be the return header to yourself. If you had a copy of the original message with full outgoing header you'd probably see it originated outside the PN network (in all liklihood on a Zombie computer).

Unfortunately there's nothing PN or anyone else can do to prevent spoofing. In your case, as your domain is clearly being used for this purpose, you may find it helpful to "blackhole" your catchall mailbox so that <anything>@domain.plus.com is deleted, except where you have defined a mailbox.
ESL
Grafter
Posts: 70
Registered: 05-08-2007

Spam sent via your e-mail account

Can you tell me if it is possible to do this for emails spoofed from my domain email?

I have been receiving them adressed as:

abcdef AT mydomain dot CO dot UK

Where "abcdef" is just normally a random string. I don't understand how I can " blackhole" my domain emails.

Sorry, but I'm a bit thick when it comes to this sort of stuff...
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

Spam sent via your e-mail account

Hi,

Yep, we can set the blackhole up on the domain as well, in fact it will be set up on any domains as well as the PlusNet address if you were to request a blackhole.

Best thing to do is set up any mailboxes/redirects for addresses you use and then raise a ticket and we can blackhole the mailbox for you.