How To Stop Spammers From Using Your Domain/email To Send Out Spam?
May 15, 2008
I've been getting a lot of "Undeliverable" emails sent to my email address. On these messages, the spammer is using my email on the "From" part of the email...... So whenever he sends out spam, the person(s) getting spammed think it's from me..... And the thousands of Undeliverable email error messages are also sent to me.
Is there a way to stop this from Happening? ....... Besides changing my email address?
Is there any way to stop spammers from spoofing my address? I've had issues ever since I started this server with getting bounced spam where the "From:" field was (jibberish)@mydomain.com which was annoying but not that constant.
I came online this morning to check my mail and had over 1200 e-mails and all of them have "online@wellsfargo.com" as the "From:" address, but the message-ID has my domain name in it..
Quote:
------ This is a copy of the message, including all the headers. ------
Return-path: <nobody@host.mydomain.com> Received: from nobody by host.mydomain.com with local (Exim 4.63) (envelope-from <nobody@host.mydomain.com>) id 1Hju9b-0002y3-TH for lwilder1999@yahoo.com; Fri, 04 May 2007 05:32:43 -0400 To: lwilder1999@yahoo.com Subject: Update Your Account Records From: Wells Fargo Online <online@wellsfargo.com> Reply-To: MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit
Message-Id: <E1Hju9b-0002y3-TH@host.mydomain.com> Date: Fri, 04 May 2007 05:32:43 -0400
There's gotta be some way (make that 1204.. just got 4 more bounces) to block spammers from doing this. Could someone help a newbie out?
I think someone has successfully make my server to send out emails. Why i know this?
it's because I saw many return emails saying that the emails sent out to their inbox are consider spam. I mean a lot for instance within 1 second, there are more than 10 mails.
Can someone help explains me how I can find the culprit and fix the problem?
I have a VPS and I am wondering if anyone knows any way in which to make it so that emails sent from the server are not seen as spam by hotmail and the likes.
These emails are simply replies to people contacting me first then I reply with ONE message from an autoresponder. No further contact is made unless they write me back again.
This is not really something that would work with aweber, getresponse, or a similar service.
And most email service providers seem to have a limit of 250/messages a day.
I'm guessing I will need a dedicated server for this?
Anything else I need on the dedicated server? I only have a few mailbox accounts I use that I access via outlook.
I was wondering if anyone has any methods to stop spammers? Currently i am keeping watch on the mail queue and making sure nothing unsual. I have in WHM configuration setup to not allow more 200 mail messages per account per hour but for some reason it will hit thousands. WHMCS does seem to suspend them automatically or maybe its because of WHM BUT only when its too late.
Have a persistent spammer who kept emailing my clients, even non existent domain accounts and getting the bounced emails to be send to a particular yahoo address. I tried to block in all ways but can't seem to stop him. His spams are from all over the world. Any suggestions?
I have a massive spam problem on my server, which I cannot seem to find a cure for. Here is an example of the headers from an example email (from WHM) that is stuck in the mail queue:
Quote:
1HiU0X-0006Y3-O6-Hmailnull 47 12<>1177932329 0-ident mailnull-received_protocol local-body_linecount 78-allow_unqualified_recipient-allow_unqualified_sender-frozen 1177932333-localerrorXX1vrroark@freemail.ru144P Received: from mailnull by host.zaggs.com with local (Exim 4.63)id 1HiU0X-0006Y3-O6for vrroark@freemail.ru; Mon, 30 Apr 2007 12:25:06 +0100045 X-Failed-Recipients: download@host.zaggs.com029 Auto-Submitted: auto-replied058F From: Mail Delivery System <Mailer-Daemon@host.zaggs.com>024T To: vrroark@freemail.ru059 Subject: Mail delivery failed: returning message to sender047I Message-Id: <E1HiU0X-0006Y3-O6@host.zaggs.com>038 Date: Mon, 30 Apr 2007 12:25:06 +01001HiU0X-0006Y3-O6-DThis message was created automatically by mail delivery software.A message that you sent could not be delivered to one or more of itsrecipients. This is a permanent error. The following address(es) failed: download@host.zaggs.com (generated from abraham@keysupplier.com) retry timeout exceeded------ This is a copy of the message, including all the headers. ------Return-path: <vrroark@freemail.ru>Received: from [220.157.245.77] (port=3648 helo=localhost.localdomain)by host.zaggs.com with smtp (Exim 4.63)(envelope-from <vrroark@freemail.ru>)id 1HiU0X-0006Xu-7rfor abraham@keysupplier.com; Mon, 30 Apr 2007 12:25:06 +0100Message-ID: <10fb01c78b19$683b6042$8bc8505a@freemail.ru>From: Noticeable <vrroark@freemail.ru>To: abraham@keysupplier.comSubject: I am 79 years young!Date: Mon, 30 Apr 2007 14:19:48 +0300MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_9E7D5C31.01A57A34"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express V6.00.2900.2180X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180This is a multi-part message in MIME format.------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/plain; charset="iso-8859-1"Content-Transfer-Encoding: 7bit A few words about HGH LifeI have been taking HGH Life for five weeks and there is a noticeable improvementin me overall. Waking up without muscular pain is the most obvious! WhenI run out, I shall be ordering as much as my pension will allow. I am inEngland and am 79 years young!Order HGH Life online ------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><META http-equiv=3DContent-Type content=3D"text/html; =charset=3Diso-8859-1"><META content=3D"MSHTML 6.00.2900.2912" name=3D"GENERATOR"></HEAD><BODY text=3D#000000 bgColor=3D#ffffff><font size=3D"3" face=3D"Times New Roman"><p align=3D"center"><font =face=3D"Arial" color=3D"#009900" size=3D"5"><strong>A few =words about HGH Life™</strong></font></p><p align=3D"center"><font face=3D"Arial">I have been taking HGH =Life™ <strong>for five weeks </strong>and there is a noticeable =improvement in me overall. Waking up without muscular pain is the most =obvious! When I run out, I shall be ordering as much as my pension will =allow. I am in England and am <strong>79 years =young</strong>!"</font></p><p align=3D"center"><a href=3D"http://worldwdefull.com"><strong><font =face=3D"Arial" color=3D"#ff6600" size=3D"4">Order HGH Life™ =online</font></strong></a></p></font></BODY></HTML>------=_NextPart_000_0000_9E7D5C31.01A57A34--
I can confirm that the person who is doing this IS NOT using the 'nobody' user because I am keeping a spam_log for that.
How else is a user able to use our server for spam? Please help as I would like to get this sorted ASAP.
suppose my domain is mydomain.com, my sendmail may send email to any domain name except local domain, say, sendmail may send email to hotmail, yahoo or any other domain name, but when send email to emailbox under mydomain.com, sendmail log will say domain not found.
My situation is my server does not have DNS service, my DNS service is outsourced, and MX record also is outsourced.
One of my hosted domains have an email problem, every email account that is hosted on that site, is able to send and recieve email, but when sending to gmail or hotmail, it is delivered as SPAM.
Someone told me it is because this domain doesnt have a MX record at the DNS zone..
What is the sintax for the MX record ? I have enterd A(ddress) and CNAME records, but never MX records.. can anyone tell me how to do it so I can send mail in the way it should be.
i have a vps and although i can send mails without problem from my main root account, sending via any of the child accounts created for customers results in their email being picked up as spam (in hotmail at least).
To clarify, mydomain.com is my main name. Email can send without problem,
customersdomain.com, hosted on the same machine, when sending emails they are picked up as spam. The mx dns entries in the zone file are set (by default to) customersdomain.com. and for all the child domains customer1domain.com. etc.
Do i need to ask the datacenter to add a reverse dns entry for mail.mydomain.com?
Is this an issue with the mx records for the hosted domains? Should i change the hosted domaims mx entry on the customers domains to mail.mydomain.com?
I know the ip isnt blacklisted because exactly the same email goes through when sending from the mydomain.com email addresses.
I have two domains that I haven't set email up for yet. One is hosted on a good plan that uses cPanel. The other has some not-so-user-friendly interface.
Either case, I haven't set up email because I don't know what to seperate between truth and fiction. I know of the front end measures of cloaking an email link to your site using hex or some other hack so it doesn't show up to spiders and bots.
I also heard a rumor that using generic "webmaster@" on any domain is a surefire way for these bots to spam through. So is that true? Should I name my link like "thiswebmaster@" instead ? (or to that effect?)
What can I do to prevent too much (relatively speaking I guess) spam coming in?
I'm receiveing tons of "Mail Delivery Failure" emails lately, like hundreds a day.
Today I opened a few to check what's going on... And basically these emails say a message could not be delivery due to a random error.
What intrigued me was that emails from my domain were the alledged sender or were on the reply-to field.
Those email accounts not even exist under my domain. And the spam messages were not sent from my server as it's clear in the body of the delivery error email.
So the situation is I have a spammer sending out thousands of emails a day impersonating my domain.
You can see a copy of the emails I'm getting here: http://cl1p.net/delivery_error
Why's the spammer doing this? Why the need to impersonate my domain?
And how can I stop him?
I think I might have a problem with my SPF rules, too loose! How to tighten it?
Now the server is getting to many spam mails. We already have filters on the server, but we get spam mails with header which are not in English language. The header are normally in russian or arabic language.
how to stop these spam mails with header which are not in english.