Someone sending spam usimg my domain
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Someone sending spam usimg my domain
Someone sending spam usimg my domain
30-06-2013 10:32 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If I am reading the headers correctly someone is using an email forwarding server identifying the emails as coming from any.name@mydomain.co.uk.
Some recipients are bouncing these emails back and they are ending up in my email catch all account.
My domain is hosted on plus net. I have checked my email settings and everything seems normal.
It would seem someone has got hold of my domain name and is using it to send out spam.
As I don't want to start appearing on black lists, what can I do?
Here is an example of the emails I am receiving.
[Moderator's note by Jim (Oldjim) Other peoples email address removed ]
Quote This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of
its recipients. The following addresses failed:
<snip>
SMTP error from remote server after RCPT command:
host mailin-02.mx.aol.com[205.188.103.1]:
550 5.1.1 <snip>: Recipient address rejected: netscape.net
--- The header of the original message is following. ---
Received: from icpu717.kundenserver.de (infong-es15.1and1.es [212.227.114.81])
by mrelayeu.kundenserver.de (node=mreu0) with ESMTP (Nemesis)
id 0MWfUd-1UlbEE2Gol-00XYYb; Sat, 29 Jun 2013 21:53:25 +0200
Received: from 92.30.2.237 (IP may be forged by CGI script)
by icpu717.kundenserver.de with HTTP
id 49obqB-1U13bs1Gtx-00sLng; Sat, 29 Jun 2013 21:53:25 +0200
X-Sender-Info: <365745316@icpu717.kundenserver.de>
Date: Sat, 29 Jun 2013 21:53:25 +0200
Message-Id: <49obqB-1U13bs1Gtx-00sLng@icpu717.kundenserver.de>
Precedence: bulk
To: <snip>
Subject: Let my goodnight wish bring smile on your face! Kissing your eyes and bidding you goodnight!
From: Paul Yutesler <PaulYutesler@mydomain.co.uk>
Reply-To: Paul Yutesler <PaulYutesler@mydomain.co.uk>
X-opentransfer-URL: http://mydomain.co.uk/webmail/?CID=887720
X-Mailer: MailMaster 1.1a
X-Provags-ID: V02:K0:tNrpF4Oo+9F3m6a0eTMDGYdNeqhLskP+k1kY63iUGZA
Khz2qlPedhkI0kAW2aXWQ6dVM/0ZkacLsdB8+eU0A21LSFDrWA
ZzqG7jhSDIXE0TmsXN0KLbMxplnVZJETGAk6S2mAAIUkIHzuIV
uYaENT8U7TR/FlQ95EoFD8y+UvRKGkHTIqV2t9S4xHGMDIkRlW
HQDe8IarzZ/GzhhvH05HNp6zP7EsGxGtajk6C59JMMukKmr/9o
E4fh2Q+ydGENZ+NnkQZWtNP6bvOfF/CiIW62X6BcGuvDg3ZCvJ
GPkQBnMkc4tAMsLzTABiZlLkxsam63KhfqujmZi6duYe67S3bh
OOrFwbbP9fKWtxo5s5YY9zLoZouqI8BIx8oZAw/2KATywO5yWF
KAnbkuW8NbeSoMtB6oybges16a+/L21xAE=
Re: Someone sending spam usimg my domain
30-06-2013 10:48 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
There isn't anything you can do to stop it - it should die down after a while
Note that the source IP address is TalkTalk
Re: Someone sending spam usimg my domain
30-06-2013 10:50 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I get it all the time with mine - the worst time being when I was receiving around a thousand email rejections an hour to my catchall - the spammers didn't go anywhere near my email server but spoofed the "from" and "reply to" addresses.
Re: Someone sending spam usimg my domain
18-08-2013 11:00 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I've been getting the same issue. Both from a Talk Talk Server and 1&1 server ..... and it seems to be increasing. What concerns me is that my domain name can become associated with this rubbish as not ALL the names on the headers are rejected.
Is there nothing that can be done about this ? I'm pretty certain it's nothing to do with hacking, more spoofing. I've checked all the recipients in the headers and none of them are known to me (so it's pretty unlikely they originate from my machines).
I wonder how many have been sent where an address is not invalid ?
If anyone has any ideas on how to stop this, I, for one, would be very interested
Cheers
Re: Someone sending spam usimg my domain
14-07-2016 12:06 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
anyone got any advice for this issue?
Re: Someone sending spam usimg my domain
14-07-2016 1:21 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The previous post in this topic was 3 years ago showing the problem is of long standing. The advise given in the first reply (message #2) still applies.
Re: Someone sending spam usimg my domain
14-07-2016 11:07 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks for that spaxyt
I use the Plus SMTP server to send from both my F9 address and my business email (which is hosted by Dependable Web). I get tons of spam in my f9 inbox that looks like it's originated from my business's mail server but been rejected by the destination server and (for some reason I haven't worked out) bounced back to my personal, F9 account...
In my server's cPanel spam settings I can specify safe hosts and MX servers; what do I enter there so that I can cut the spoofed mails but still be able to send messages from smtp.plus.net
Cheers
Re: Someone sending spam usimg my domain
15-07-2016 6:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If your domain is hosted externally then you can set up an SPF record that might help reduce the volume of backscatter. Failing that, if the local part of the delivery failures aren't addresses you use then you can try blacklisting them via Manage My Mail.
Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵
Re: Someone sending spam usimg my domain
22-07-2016 7:45 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It happens to me several times a year - and as has been said, since they're spoofed there's nothing you can do about it. They "dry up" after a day or two. I find I'm rarely blacklisted because of it though TalkTalk is the favourite when it does happen.
Re: Someone sending spam usimg my domain
04-09-2016 9:54 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I had this problem recently. I fixed it by adding an spf record to the domain that only passes emails sent via plus net.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Someone sending spam usimg my domain