cancel
Showing results for 
Search instead for 
Did you mean: 

Spam attack - how to repell

jonnyfriendly
Grafter
Posts: 100
Thanks: 9
Registered: ‎30-07-2007

Spam attack - how to repell

Hi

I'm using a macintosh with Outlook. Yesterday evening i was subjected to a spam attack from an unknown source - source email was not given and heading was  "Mail delivery failed: returning message to sender" I have nothing in my send box. and these emails were coming through to my main plusnet address.

Any email address in text was changed each time. Blocking and Junk filters in Outlook didn't work. These emails were coming in every 2- 3mins about 6-8 at a time. As a temporary measure i have a made a rule to delete anything with the 'Mail delivery failed: returning message to sender' in title to block and delete.

I am wondering if there is a way to block these via Plusnet server (poss. via webmail) or i anyone has got any suggestions i would grateful. I can't find an obvious way to raise a ticket with Plusnet

Thanks in advance

j

7 REPLIES 7
Townman
Superuser
Superuser
Posts: 22,916
Thanks: 9,534
Fixes: 156
Registered: ‎22-08-2007

Re: Spam attack - how to repell

Hi Friendly Jonny,

I'm afraid to advise that the horse has bolted and you cannot now close the stable gate!  What you are seeing is not a Spam Attack, but the detritus of of one.  Spammers have obtained your email address and are making mischief with it.

Your email address has been used as the sender's address by some spammer somewhere else - you are now receiving the delivery failure reports.  There is nothing you can do about this, other than what you have done already.

I suggest that you check the email headers of one of these failure reports as that should indicate where the original email was actually sent from.  Check that it did not go out via a Plusnet SMTP server.  If it did then your Plusnet email address (account) has been compromised and you should change its password.  That said Plusnet are very diligent in monitoring for compromised accounts and will change passwords themselves.

Note, it is up to the sending email client to determine if and where to save an outgoing email, not the sending SMTP service.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Baldrick1
Moderator
Moderator
Posts: 11,615
Thanks: 5,166
Fixes: 415
Registered: ‎30-06-2016

Re: Spam attack - how to repell

@Townman 

If the bad guys have the OP's email address isn't the safest and sure fire way to stop the problem now and in the future is to make sure that catch all is switched off in the account and change the email address?

Moderator and Customer
If this helped - select the Thumb
If it fixed it,  help others - select 'This Fixed My Problem'

jonnyfriendly
Grafter
Posts: 100
Thanks: 9
Registered: ‎30-07-2007

Re: Spam attack - how to repell

Thanks for the replies. They do not appear to have been coming via a Plusnet server and also seem to have stopped around 1.00am this morning. Plan is to monitor and hope they don't return

j

Townman
Superuser
Superuser
Posts: 22,916
Thanks: 9,534
Fixes: 156
Registered: ‎22-08-2007

Re: Spam attack - how to repell

@Baldrick1 

That as a cure is worse than the aliment!

Changing one's email address is a right royal pain and completely ditching the email address risks losing important emails.  Jonny's approach here is very pragmatic.  Abusers of email addresses tend to do so only for short campaigns ... then they move on to some other hijacked address.

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

jonnyfriendly
Grafter
Posts: 100
Thanks: 9
Registered: ‎30-07-2007

Re: Spam attack - how to repell

Thanks for the input Townman. I agree about the email address, would be a total pain, especially at the moment.

Am i right to assume that he other option of changing password will only work if i can confirm that they went out via a plusnet server?. No obvious signs of that ATM.
Also, touch wood, nothing been received since 1.00am this morning. I hoping its a short lived attack.
I am interested in what causes these attacks and why they stop - and also what's in it for the spammers. It's an area i don't really understand

j

Townman
Superuser
Superuser
Posts: 22,916
Thanks: 9,534
Fixes: 156
Registered: ‎22-08-2007

Re: Spam attack - how to repell

Hi Jonny,

Once emails have been sent, the horse has escaped, so changing your password (if the emails were sent via your Plusnet account) will have no impact on NDRs being returned for what has been sent.  Changing the mailbox password will stop further abuse of the the Plusnet SMTP service, if that was used to send these emails.

It is possible to send emails appearing from come from fred@anywhere.com via any SMTP server one has access to.  Strict implementation of SPF by both sending and receiving email services ought to reduce the promulgation of SPAM email.  Plusnet has SPF set on all @account.plus.com email addresses, which effectively says that only Plusnet SMTP servers are permitted to send emails on behalf of @account.plus.com - however it is then down to the RECEIVING email service to decide (or not) how firmly to police the SPF information.

Such attacks are short lived.

What do spammers get from this - well there are a number of things...

  • To some extent the sender masks who they are
  • Senders are not looking for a response, they are simply seeking to deliver a payload - attached malware, phishing attempt or simply a link for the receiver to click
  • Just to create mischief

Hope that helps some?

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

jonnyfriendly
Grafter
Posts: 100
Thanks: 9
Registered: ‎30-07-2007

Re: Spam attack - how to repell

Thanks Townman

Very helpful comments

j