How To Stop Spammers From Using Your Domain/email To Send Out Spam?
May 15, 2008
I've been getting a lot of "Undeliverable" emails sent to my email address. On these messages, the spammer is using my email on the "From" part of the email...... So whenever he sends out spam, the person(s) getting spammed think it's from me..... And the thousands of Undeliverable email error messages are also sent to me.
Is there a way to stop this from Happening? ....... Besides changing my email address?
Is there any way to stop spammers from spoofing my address? I've had issues ever since I started this server with getting bounced spam where the "From:" field was (jibberish)@mydomain.com which was annoying but not that constant.
I came online this morning to check my mail and had over 1200 e-mails and all of them have "firstname.lastname@example.org" as the "From:" address, but the message-ID has my domain name in it..
------ This is a copy of the message, including all the headers. ------
Return-path: <email@example.com> Received: from nobody by host.mydomain.com with local (Exim 4.63) (envelope-from <firstname.lastname@example.org>) id 1Hju9b-0002y3-TH for email@example.com; Fri, 04 May 2007 05:32:43 -0400 To: firstname.lastname@example.org Subject: Update Your Account Records From: Wells Fargo Online <email@example.com> Reply-To: MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit
Message-Id: <E1Hju9b-0002y3-TH@host.mydomain.com> Date: Fri, 04 May 2007 05:32:43 -0400
There's gotta be some way (make that 1204.. just got 4 more bounces) to block spammers from doing this. Could someone help a newbie out?
I was wondering if anyone has any methods to stop spammers? Currently i am keeping watch on the mail queue and making sure nothing unsual. I have in WHM configuration setup to not allow more 200 mail messages per account per hour but for some reason it will hit thousands. WHMCS does seem to suspend them automatically or maybe its because of WHM BUT only when its too late.
Have a persistent spammer who kept emailing my clients, even non existent domain accounts and getting the bounced emails to be send to a particular yahoo address. I tried to block in all ways but can't seem to stop him. His spams are from all over the world. Any suggestions?
I have a massive spam problem on my server, which I cannot seem to find a cure for. Here is an example of the headers from an example email (from WHM) that is stuck in the mail queue:
1HiU0X-0006Y3-O6-Hmailnull 47 12<>1177932329 0-ident mailnull-received_protocol local-body_linecount 78-allow_unqualified_recipient-allow_unqualified_sender-frozen 1177932333-localerrorXX1vrroark@freemail.ru144P Received: from mailnull by host.zaggs.com with local (Exim 4.63)id 1HiU0X-0006Y3-O6for firstname.lastname@example.org; Mon, 30 Apr 2007 12:25:06 +0100045 X-Failed-Recipients: email@example.com Auto-Submitted: auto-replied058F From: Mail Delivery System <Mailer-Daemon@host.zaggs.com>024T To: firstname.lastname@example.org Subject: Mail delivery failed: returning message to sender047I Message-Id: <E1HiU0X-0006Y3-O6@host.zaggs.com>038 Date: Mon, 30 Apr 2007 12:25:06 +01001HiU0X-0006Y3-O6-DThis message was created automatically by mail delivery software.A message that you sent could not be delivered to one or more of itsrecipients. This is a permanent error. The following address(es) failed: email@example.com (generated from firstname.lastname@example.org) retry timeout exceeded------ This is a copy of the message, including all the headers. ------Return-path: <email@example.com>Received: from [22.214.171.124] (port=3648 helo=localhost.localdomain)by host.zaggs.com with smtp (Exim 4.63)(envelope-from <firstname.lastname@example.org>)id 1HiU0X-0006Xu-7rfor email@example.com; Mon, 30 Apr 2007 12:25:06 +0100Message-ID: <firstname.lastname@example.org>From: Noticeable <email@example.com>To: firstname.lastname@example.orgSubject: I am 79 years young!Date: Mon, 30 Apr 2007 14:19:48 +0300MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_9E7D5C31.01A57A34"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express V6.00.2900.2180X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180This is a multi-part message in MIME format.------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/plain; charset="iso-8859-1"Content-Transfer-Encoding: 7bit A few words about HGH LifeI have been taking HGH Life for five weeks and there is a noticeable improvementin me overall. Waking up without muscular pain is the most obvious! WhenI run out, I shall be ordering as much as my pension will allow. I am inEngland and am 79 years young!Order HGH Life online ------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><META http-equiv=3DContent-Type content=3D"text/html; =charset=3Diso-8859-1"><META content=3D"MSHTML 6.00.2900.2912" name=3D"GENERATOR"></HEAD><BODY text=3D#000000 bgColor=3D#ffffff><font size=3D"3" face=3D"Times New Roman"><p align=3D"center"><font =face=3D"Arial" color=3D"#009900" size=3D"5"><strong>A few =words about HGH Life™</strong></font></p><p align=3D"center"><font face=3D"Arial">I have been taking HGH =Life™ <strong>for five weeks </strong>and there is a noticeable =improvement in me overall. Waking up without muscular pain is the most =obvious! When I run out, I shall be ordering as much as my pension will =allow. I am in England and am <strong>79 years =young</strong>!"</font></p><p align=3D"center"><a href=3D"http://worldwdefull.com"><strong><font =face=3D"Arial" color=3D"#ff6600" size=3D"4">Order HGH Life™ =online</font></strong></a></p></font></BODY></HTML>------=_NextPart_000_0000_9E7D5C31.01A57A34--
I can confirm that the person who is doing this IS NOT using the 'nobody' user because I am keeping a spam_log for that.
How else is a user able to use our server for spam? Please help as I would like to get this sorted ASAP.
suppose my domain is mydomain.com, my sendmail may send email to any domain name except local domain, say, sendmail may send email to hotmail, yahoo or any other domain name, but when send email to emailbox under mydomain.com, sendmail log will say domain not found.
My situation is my server does not have DNS service, my DNS service is outsourced, and MX record also is outsourced.
i have a vps and although i can send mails without problem from my main root account, sending via any of the child accounts created for customers results in their email being picked up as spam (in hotmail at least).
To clarify, mydomain.com is my main name. Email can send without problem,
customersdomain.com, hosted on the same machine, when sending emails they are picked up as spam. The mx dns entries in the zone file are set (by default to) customersdomain.com. and for all the child domains customer1domain.com. etc.
Do i need to ask the datacenter to add a reverse dns entry for mail.mydomain.com?
Is this an issue with the mx records for the hosted domains? Should i change the hosted domaims mx entry on the customers domains to mail.mydomain.com?
I know the ip isnt blacklisted because exactly the same email goes through when sending from the mydomain.com email addresses.
I have two domains that I haven't set email up for yet. One is hosted on a good plan that uses cPanel. The other has some not-so-user-friendly interface.
Either case, I haven't set up email because I don't know what to seperate between truth and fiction. I know of the front end measures of cloaking an email link to your site using hex or some other hack so it doesn't show up to spiders and bots.
I also heard a rumor that using generic "webmaster@" on any domain is a surefire way for these bots to spam through. So is that true? Should I name my link like "thiswebmaster@" instead ? (or to that effect?)
What can I do to prevent too much (relatively speaking I guess) spam coming in?
Now the server is getting to many spam mails. We already have filters on the server, but we get spam mails with header which are not in English language. The header are normally in russian or arabic language.
how to stop these spam mails with header which are not in english.