cancel
Showing results for 
Search instead for 
Did you mean: 

hijacked domain name

N/A

hijacked domain name

Not sure that's exactly it, I'm referring to 'returned' messages either undelivered or blocked as spam or, recently, claiming to have contained banned subject matter or files. All of these have my plus net domain name with a completely spurious prefix. Quite apart from the fact that the so-called returns clutter up my inbox, I'm concerned about getting a reputation as a spammer or worse - one of today's returns claimed a message about islamist extremists. I'm completely Norton and firewalled up (Outpost pro on rules setting) so I'm pretty sure I'm not orginating these things. Does anyone know how to stop them? :?: :?:
5 REPLIES
ceridwen
Grafter
Posts: 937
Registered: 14-10-2007

hijacked domain name

Unfortunately, there isn't much you can do!

It is very easy to forge the from and return to addresses in an e-mail as these are just unverified text fields so the client can put what it likes in there. So quite literally these could be being sent from any machine anywhere on the internet and not necessarily a machine belonging to anyone you may have interacted with (and very unlikely to be one of your machines, PN's machines or for that matter another customer of PN).

You could look at SPF (http://www.openspf.org/) which would at least confirm that these weren't being sent by you but it is not well enough used to eradicate these at present.

Matthew
N/A

hijacked domain name

Drat! I rather thought that might be the case but I'm encouraged to hear it might not even be daft mates who multi forward equally daft messages despite my best efforts! Thanks Matthew.
Suzanne
Plusnet Staff
Plusnet Staff
Posts: 12,169
Thanks: 18
Fixes: 1
Registered: 04-04-2007

hijacked domain name

Hi,

You're not the only one getting these, these been quite a lot of posts from others on here seeing the same and CSC have been getting an awful lot of tickets on the subject.

My PlusNet email address has so far escaped but one of my domain names is getting 50 or more of these every day and that figure is increasing.

As Matthew says it's unlike that the mail has originated from your PC, chances are at some point your email address has been harvested from some source. The most common way that a spammer will get hold of a bunch of email addresses is from a virus writer these days. The virus writer distributes a virus which scans all infected PCs for email addresses (from emails address books, cached web pages, etc.) and collects them all up. There are other ways, such as searching Usenet posts, phising websites and many other ways.

Chances are your address has been passed on to spammer from one of these ways. Those emails that get forwarded around to thousands of people are just like a big buffet to a spammer. Just takes one of the recipients to be infected with a virus for everyone in the mail to have their address harvested.

The new trick the spammers are using is rather than using the email addresses they have, to just use the parts after the @ symbol and spam to death people using a set of random letters before the @ symbol while at the same time using the same idea as the from address so when the spam isn't delivered you get lots of bouncebacks.

Best thing to do in this situation is to blackhole your catch-all email address, see the following page:

http://portal.plus.net/support/security/spam/blocking_spam_emails.shtml

If we blackhole the catch-all then you'll only see mails sent to the mailboxes and redirects that you've specifically set up.
N/A

hijacked domain name

This is exactly the one:
'The new trick the spammers are using is rather than using the email addresses they have, to just use the parts after the @ symbol and spam to death people using a set of random letters before the @ symbol while at the same time using the same idea as the from address so when the spam isn't delivered you get lots of bouncebacks.'
Thanks for the link suggestion, I'll take a look. My email address gets to a lot of places so I'm resigned to the idea that it will at some point be forwarded to someone with only a notional idea of security. Hey ho!
Suzanne
Community Veteran
Posts: 2,829
Thanks: 153
Fixes: 2
Registered: 05-04-2007

hijacked domain name

Yep the only way is to blackhole all other parts before the @ which are not used. One of my domains is getting delivery failure reports for spam I didn't send, with random characters before the @.

I only used mail@, so I think I might turn the catch-all off - but of course it doesn't help the spam which is directed to mail@, but it should reduce the amount of mail its getting.

I know domains are lifted from WHOIS records, I've even had 419 scam mails to my domains with my details which have been clearly lifted from there!