Major Problem! Need help immediately!

[thetzfreak]

Alright here is the problem. My friend owns a domain name that has e-mail forwarding. Basically, anything sent to [email protected] will go to [email protected]. So, here is the problem: It seems that people have "hijacked" his domain name and are sending a HUGE amount of spam using his domain name! They create a name, doesn't matter what it is [email protected] and is sent to dozens of people a day. And because of invalid e-mails or other reasons, they are either getting bounced back are are sending e-mails saying: you are sending spam! But, the thing is, these e-mail aren't comming to the spammer, but to my friend! He is getting 20-30 e-mails a day, and since this just started a week ago, this number is sure to grow to 100s of e-mails a day.

My friend uses this e-mail address forwarding for everything, and does not want to disable it. But, because of these circumstances, it doesn't seem that he has much of a choice.

These stupid spammers! Don't they know it's illegal???

If anyone can help me out and tell me what to do in this situation, I'll be forever grateful.

Thanks a LOT,
Ephi

 

[dabb]

It has happened to me several times. There is nothing you can do except to add a filter on your server or email client to toss out any email addresses that you don't expect to receive email to on your catch all.

 

[thetzfreak]

He already uses MailWasher Pro right now, but he still has to take the time to go through the e-mails marking off which one is spam. This takes time every day, and he just doesn't have the time for that. Maybe there is another solution?

Thanks.

 

[kjmz]

Tell him to report it. If you can find the IP Address that it's getting sent by you can get his ISP and report him. I would try and do this since there is no other way.

 

[thetzfreak]

Well, I don't think there is a way to find out the spammers IP address, because my friend is receiving sent-back e-mails, not e-mails directly from the spammer. All of the e-mails are bounce backs, so I do not think there is a way to get his IP.

Thanks for your time.

Also, the reason he doesn't want to turn off email forwarding is because he uses it for EVERYthing; bank accounts, hosting, basically everything to sign up with on the internet.

 

[kjmz]

Well, I don't think there is a way to find out the spammers IP address, because my friend is receiving sent-back e-mails, not e-mails directly from the spammer. All of the e-mails are bounce backs, so I do not think there is a way to get his IP.

Thanks for your time.

Also, the reason he doesn't want to turn off email forwarding is because he uses it for EVERYthing; bank accounts, hosting, basically everything to sign up with on the internet.

Then tell your friend to email one of the people he got a bounce back from and ask them to give him a IP Address. I'm pretty sure someone would do it to stop them from getting SPAM.

 

[thetzfreak]

Then tell your friend to email one of the people he got a bounce back from and ask them to give him a IP Address. I'm pretty sure someone would do it to stop them from getting SPAM.

That's a good idea! Thanks for that. But even if he reports these to the internet crime site or such place, do you really think they are going to help? I mean, they're getting probably thousands of these reports a day! What are the chances that they are going to help him?

 

[kjmz]

That's a good idea! Thanks for that. But even if he reports these to the internet crime site or such place, do you really think they are going to help? I mean, they're getting probably thousands of these reports a day! What are the chances that they are going to help him?

If you report it straight to the ISP, they could easily warn them or shut their account down. I know many stories where it worked. ISP's don't like SPAMMERS at all. I would do it if I were him, it's one of the only things to do.

 

[thetzfreak]

If you report it straight to the ISP, they could easily warn them or shut their account down. I know many stories where it worked. ISP's don't like SPAMMERS at all. I would do it if I were him, it's one of the only things to do.

Who's ISP to report it to?

 

[dabb]

The spammer is most likely using hundreds of open relays to send the spam. When this happened, I also made filters to auto-trash anything with "Failure Notice", "Mail Delivery System", "Mail Administrator", "Delivery Notification", etc in the body or subject to junk all of the undeliverable notifications. Hopefully after a few weeks when the jerk stops, you can then disable these filters.

 

[inspiration100]

the guy that is spamming you, his ISP. Should be able to find out who is ISP is via the IP address. You can do so with a tool such as http://www.analysespider.com/ip2country/lookup.html. Remember he may be using a fake IP.

 

[RJ]

Sounds like email spoofing and there's not much you can do about it.

The ISP you want to report it to is the one that the email is originating from. You can use spamcop.net to report it. Just be careful you don't end up reporting your own domain name.

A past thread with similar issue,
http://namepros.com/showthread.php?t=84275

 

[kjmz]

Who's ISP to report it to?

You would have to lookup the IP through a site. There IP searches aren't that hard to find, I even think there is one in cPanel. You can usually get the ISP from the information the IP search gives you.

If you want you can give me the IP and I'll try to find out.

 

[dabb]

Even if you manage to find an IP, it's probably one in Russia, Korea, China, or some other country who's ISP could give a crap.

 

[kjmz]

Even if you manage to find an IP, it's probably one in Russia, Korea, China, or some other country who's ISP could give a crap.

It's better to give it a chance, then just leaving it and getting tons of SPAM.

 

[thetzfreak]

Well, my friend did his research with spamcop.net, and he said that after reading the explanations, it won't help him. He read the explanations and stuff at spamcop, and it they said that they need the headers of the spam e-mails. Well, he doesn't have them; he has the e-mails from the original victims who received the spam in the first place.

So, basically spamcop is not going to work. I guess what is left to do now is to request the ip address from the victims.

Thanks for you help, guys.

 

[kjmz]

Well, my friend did his research with spamcop.net, and he said that after reading the explanations, it won't help him. He read the explanations and stuff at spamcop, and it they said that they need the headers of the spam e-mails. Well, he doesn't have them; he has the e-mails from the original victims who received the spam in the first place.

So, basically spamcop is not going to work. I guess what is left to do now is to request the ip address from the victims.

Thanks for you help, guys.

You could also just request the whole email from the victims and then send that to spamcop.net

 

[dewd]

this happens to me all the time with my 3letter domains,.........i like spam, gives me something to read, when noone else emails me

 

[thetzfreak]

You could also just request the whole email from the victims and then send that to spamcop.net

Hehe, alright. Well, he's gonna try to do that (ask them for either the person's IP or the message itself) but there is also another problem. Most of the e-mails bounce backs that he's getting is from automated messages from other spam blockers. So, if he sends them the e-mail, they're not gonna have any idea what he's talking about lol. Plus, people don't know how to find out IP addresses from e-mail messages.

But it's fine At least ONE person should be real, and not an automated spam blocker

 

[jberryhill]

If anyone can help me out and tell me what to do in this situation, I'll be forever grateful.

Help you? Sure.

Find a different friend.

But, seriously, poorly-arranged email relay systems get abused. It's a jungle out there, and those spammers are hidden behind multiple proxies and other relays to the extent that even when you do finally come up with an IP address in North Whazatistan, what do you think you are going to accomplish with that information?

As an intermediate measure, your friend might consider limiting his relay to accept only email originating from an IP address or block that your friend uses to connect to the internet. Yes, I know this is not a complete solution, but, hey, whaddya want for free.

As also noted above, it's not clear whether someone is actually using your friend's poorly-conceived blackhole-bait of a relay, or simply spoofing your friend's domain in forged email sent via another mechanism.

 

[i386]

No hijacking

Just header spoof

 

[labrocca]

Header spoofing is common. His best bet..change email addresses. It's easier to take the time to just change all your bank and other email addresses than to fight the spam. Really I know..I have had to drop a few of my fav email addresse over the same SPAM type of issues. If you got an address that's just getting spammed..then kill it and move on. The spam will NEVER stop and only increase no matter what you do.

Get a gmail account or something.


Also I have a few emails addresses I use.

1. For trusted sites that I keep all my bank and important info
2. For sites I frequent often like forums
3. For junk sites that I sign up for and don't really want them to ever contact me


One of my common tactics is to take an odd domain and create a catch-all email for it. Then when I sign up at a site like dealsforlife.com I use [email protected] Then if the spam starts to come to me via that email address I know where it came from. I can easily filter it out at that time.

Goodluck to your friend.
btw- why can't he post?

 

[jberryhill]

3. For junk sites that I sign up for and don't really want them to ever contact me

The coolest utility for that purpose is www.mailinator.com.

It takes a bit to get the zen of its usefulness, but as soon as you "get it", you'll wonder why you ever did anything else for "sign up" or "confirm registration" crap.

The best way to describe it quickly is that <anything>@mailinator.com is, right now, a valid email address. You can go to mailinator.com, log in as <anything> and see what it in the mailbox for that address. There is no password. All email collected at mailinator is deleted after a relatively short period.

So, you go to some newspaper that you never read, just because you want to see one single article. They want your email address. Easy. You register as [email protected] and sign up. Then, you pop over to mailinator.com, log in as randomcrappyname, hit the confirm link, and you are golden.

The other thing to be familiar with is bugmenot.com, which maintains a database of valid userid/passwords for a large number of free sites that require registration for spammage purposes.

 

[barefoottech]

this happens to me all the time with my 3letter domains,.........i like spam, gives me something to read, when noone else emails me

Great, can I send you all of mine then. I get over 300 a day to my Spam Bait email addresses

 

[thetzfreak]

labrocca: I know that what you said seemed to be the right choice, but the thing is that he is VERY busy and he doesn't have the time. He's behing in stuff and he never has time for anything. Which is the reason he can't post he's a grown up man, owns his own business, and doesn't talk on boards hehe. You wouldn't find the ownder of amazon on this forum, would you?

That common tactic that you use ([email protected]) is the exact thing that he does. For wachovia, he has [email protected]. The thing is, this spammer just generates different names everytime to this domain. So, [email protected] is always different. And also, why did you said get a gmail account? What is so special about it?

jberryhill: thanks a LOT for those websites, bugmenot and mailinator. That, I find, is VERY useful.

Thanks for your time guys!