cancel
Showing results for 
Search instead for 
Did you mean: 

Someone sending spam usimg my domain

Cerberos
Rising Star
Posts: 61
Thanks: 20
Registered: 16-10-2007

Someone sending spam usimg my domain

I am getting a number of email delivery failure notifications coming into my email catch all account.
If I am reading the headers correctly someone is using an email forwarding server identifying the emails as coming from any.name@mydomain.co.uk.
Some recipients are bouncing these emails back and they are ending up in my email catch all account.
My domain is hosted on plus net. I have checked my email settings and everything seems normal.
It would seem someone has got hold of my domain name and is using it to send out spam.
As I don't want to start appearing on black lists, what can I do?
Here is an example of the emails I am receiving.
Quote
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of
its recipients. The following addresses failed:
<snip>
SMTP error from remote server after RCPT command:
host mailin-02.mx.aol.com[205.188.103.1]:
550 5.1.1 <snip>: Recipient address rejected: netscape.net

--- The header of the original message is following. ---
Received: from icpu717.kundenserver.de (infong-es15.1and1.es [212.227.114.81])
by mrelayeu.kundenserver.de (node=mreu0) with ESMTP (Nemesis)
id 0MWfUd-1UlbEE2Gol-00XYYb; Sat, 29 Jun 2013 21:53:25 +0200
Received: from 92.30.2.237 (IP may be forged by CGI script)
   by icpu717.kundenserver.de with HTTP
   id 49obqB-1U13bs1Gtx-00sLng; Sat, 29 Jun 2013 21:53:25 +0200
X-Sender-Info: <365745316@icpu717.kundenserver.de>
Date: Sat, 29 Jun 2013 21:53:25 +0200
Message-Id: <49obqB-1U13bs1Gtx-00sLng@icpu717.kundenserver.de>
Precedence: bulk
To: <snip>
Subject: Let my goodnight wish bring smile on your face! Kissing your eyes and bidding you goodnight!
From: Paul Yutesler <PaulYutesler@mydomain.co.uk>
Reply-To: Paul Yutesler <PaulYutesler@mydomain.co.uk>
X-opentransfer-URL: http://mydomain.co.uk/webmail/?CID=887720
X-Mailer: MailMaster 1.1a
X-Provags-ID: V02:K0:tNrpF4Oo+9F3m6a0eTMDGYdNeqhLskP+k1kY63iUGZA
Khz2qlPedhkI0kAW2aXWQ6dVM/0ZkacLsdB8+eU0A21LSFDrWA
ZzqG7jhSDIXE0TmsXN0KLbMxplnVZJETGAk6S2mAAIUkIHzuIV
uYaENT8U7TR/FlQ95EoFD8y+UvRKGkHTIqV2t9S4xHGMDIkRlW
HQDe8IarzZ/GzhhvH05HNp6zP7EsGxGtajk6C59JMMukKmr/9o
E4fh2Q+ydGENZ+NnkQZWtNP6bvOfF/CiIW62X6BcGuvDg3ZCvJ
GPkQBnMkc4tAMsLzTABiZlLkxsam63KhfqujmZi6duYe67S3bh
OOrFwbbP9fKWtxo5s5YY9zLoZouqI8BIx8oZAw/2KATywO5yWF
KAnbkuW8NbeSoMtB6oybges16a+/L21xAE=
[Moderator's note by Jim (Oldjim)  Other peoples email address removed ]
9 REPLIES
Community Veteran
Posts: 38,460
Thanks: 1,028
Fixes: 62
Registered: 15-06-2007

Re: Someone sending spam usimg my domain

Assuming you are using the Plusnet email servers and are not using your own you won't have a problem as they don't block by email address but by IP address and it is very doubtful that it will affect you at all
There isn't anything you can do to stop it - it should die down after a while
Note that the source IP address is TalkTalk
Community Veteran
Posts: 3,380
Thanks: 4
Registered: 18-01-2013

Re: Someone sending spam usimg my domain

It looks very much like someone has taken your .com address and put some random name before the @
I get it all the time with mine - the worst time being when I was receiving around a thousand email rejections an hour to my catchall - the spammers didn't go anywhere near my email server but spoofed the "from" and "reply to" addresses.
ABAPMonkey
Newbie
Posts: 1
Registered: 18-08-2013

Re: Someone sending spam usimg my domain

Hi
I've been getting the same issue. Both from a Talk Talk Server and 1&1 server ..... and it seems to be increasing.  What concerns me is that my domain name can become associated with this rubbish as not ALL the names on the headers are rejected.
Is there nothing that can be done about this ?  I'm pretty certain it's nothing to do with hacking, more spoofing.  I've checked all the recipients in the headers and none of them are known to me (so it's pretty unlikely they originate from my machines).
I wonder how many have been sent where an address is not invalid ?
If anyone has any ideas on how to stop this, I, for one, would be very interested
Cheers
appyclappy
Dabbler
Posts: 11
Registered: 06-09-2010

Re: Someone sending spam usimg my domain

anyone got any advice for this issue?

Superuser
Superuser
Posts: 9,667
Thanks: 1,070
Fixes: 59
Registered: 06-04-2007

Re: Someone sending spam usimg my domain

The previous post in this topic was 3 years ago showing the problem is of long standing. The advise given in the first reply (message #2) still applies.

David
appyclappy
Dabbler
Posts: 11
Registered: 06-09-2010

Re: Someone sending spam usimg my domain

Thanks for that spaxyt

I use the Plus SMTP server to send from both my F9 address and my business email (which is hosted by Dependable Web). I get tons of spam in my f9 inbox that looks like it's originated from my business's mail server but been rejected by the destination server and (for some reason I haven't worked out) bounced back to my personal, F9 account...

In my server's cPanel spam settings I can specify safe hosts and MX servers; what do I enter there so that I can cut the spoofed mails but still be able to send messages from smtp.plus.net

Cheers

Community Gaffer
Community Gaffer
Posts: 13,330
Thanks: 1,115
Fixes: 90
Registered: 04-04-2007

Re: Someone sending spam usimg my domain

If your domain is hosted externally then you can set up an SPF record that might help reduce the volume of backscatter. Failing that, if the local part of the delivery failures aren't addresses you use then you can try blacklisting them via Manage My Mail.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

drj
Aspiring Pro
Posts: 1,103
Thanks: 43
Fixes: 1
Registered: 30-03-2011

Re: Someone sending spam usimg my domain

It happens to me several times a year - and as has been said, since they're spoofed there's nothing you can do about it. They "dry up" after a day or two. I find I'm rarely blacklisted because of it though TalkTalk is the favourite when it does happen.

jon
Grafter
Posts: 29
Thanks: 7
Registered: 13-07-2016

Re: Someone sending spam usimg my domain

I had this problem recently. I fixed it by adding an spf record to the domain that only passes emails sent via plus net.

See https://community.plus.net/t5/Email/Correct-SPF-record-when-using-relay-plus-net/m-p/1333657/highlig...