Slashdot Mirror
Proving You Are Not a Spammer?
tfinniga asks: "A spammer has recently started using my domain name as 'From:' addresses when sending out spam. I'm worried about my domain being blacklisted, and I'm annoyed by the bounces — I'm getting about 1000 bounce messages a day. Unfortunately, I give out a different email address to each site I visit: slashdot@example.com, paypal@example.com, amazon@example.com, etc., and the spammer is using a different address for each mail, so simple address filtering doesn't work. What is the best way of avoiding being put on a blacklist, and dealing with the flood of bounces?"
I run my email the exact same way that you do, and I have had the same problems. Fortunately, I've never been rejected as a spammer based on my domain name alone, and if you are hopefully someone else here can help you solve that problem.
As far as stopping the bounces... The only way I've found that works is to use a whitelist system... filter all of the addresses that you know are good (paypal@example.com, etc) into folders, and everything else goes into a generic catchall folder that you give a quick scan to before moving it to a long term keep folder.
Just a note... I highly recommend the keep folder over just trashing the message. When's it's morning and you are groggily mass deleting messages, sometimes good messages get axed accidentally... If you have your own domain, it's likely that you have POP so long term storage shouldn't be a problem.
Josh
Open Your Mind. Open Your Source.
If the sender is forging your From address, chances are they're not using your mail server. Most decent blacklists (e.g. SpamCop, Spamhaus) will blacklist the offending server's IP address, not your mail domain.
Consider implementing SPF (home page wiki) so recipient mail servers can drop the message if it wasn't sent from a server authorized to send mail from your domain.
Most bounce messages will not include your outgoing server's signature. You can consider dropping those messages using the techniques described in the Postfix Backscatter Howto.
Also you're breaking RFC 2606.
Let's just say this was your poor judgment and move on.
You are being joe-jobbed. Do not worry about it.
http://www.spamfaq.net/terminology.shtml#joe_job
3.2.22 What's a "Joe Job"?
The act of faking a spam so that it appears to be from an innocent third party, in order to damage their reputation and possibly to trick their provider into revoking their Internet access. Named after Joes.com, which was victimized in this way by a spammer some years ago.
You will not wind up on a blacklist. This is a well known phenomenon among mail admins.
--
BMO
This is an easy one ... just send an email to everyone explaining the situation. And I just happen to have some mailing lists of people who opted-in to receive just this kind of notification, which I can provide to you at a very reasonable costs.
This isn't entirely on topic, but it's related to my experience of having spammers use my domain in the From: field.
:)
Dealing with the hundreds or thousands of bounces was inconvenient, but I noticed one string of bounces was coming from a regular user who had a script set up to bounce about a hundred spammy messages of their own in response to each spam they detected.
I mailed them telling them what a useless idea that was, and all I got back was the same bounce - a hundred messages all with the line "PISS OFF WITH YOUR SPAM AND TAKE IT ELSEWHERE", and my original message quoted.
Figuring it was email from my domain (now blacklisted on their server/client somehow), I emailed from another email account, telling them the same thing, and got the same bounces. Third time I tried, I emailed them without describing my domain anywhere in the email, letting them know their spam bounces weren't going to real spammers, rather to the email addresses of those that the spammer had spoofed.
The string of abuse I got back was essentially two pages of ranting, telling me a spammer couldn't fake a From: address, my domain must have been hacked, calling me an idiot who should be banned from the net. The usual teenager response.
The simple fix? Sending email to their account with my domain listed in the body so it triggered their hundred-message spam bounce, but with the From: field set to the idiot's own email address.
I only had to send one. My next message to them reminding them their From: address could indeed be faked bounced back with a mailbox full message from their ISP. Seems his spam-bounce script had seen my email to him with my domain listed in the body, sent back 100 rude messages all to the From: field address (which was himself), each of which also carried my domain in the text. those hundred emails to himself also each must have triggered his spam bounce script, making 10,000 emails to himself from himself... and so on.
Gave me some amusement to make up for having spammers using my domain
To all the people saying domains don't get black listed. Sorry you are wrong.
G _CODE=PU03
I posted this exact question to slashdot about 4 years ago, back then you were just pretty much screwed.
I was actually recieving threating return mail for sending spam, which is why I posted here.
My domain did end up on a bunch of black lists and is still on a few to this day.
I will say that the better ISP's use a mailserver based black list and not a domain based one, but there are still some out there.
Now what you can do.
Go to the FTC ID theft complaint form
https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_OR
Yes spoofing your e-mail is a form of ID theft.
The company advertised is just as legally responsible as the spammer.
If you keep fileing complaints the spammers learn not to use your e-mail. The ones in the US and Canada you can actually sue to recover damages.
Good luck
The Lunatick, Carpe Corpus!