Stop Spammers From Spoofing My Email Domain
May 4, 2007
Is there any way to stop spammers from spoofing my address? I've had issues ever since I started this server with getting bounced spam where the "From:" field was (jibberish)@mydomain.com which was annoying but not that constant.
I came online this morning to check my mail and had over 1200 e-mails and all of them have "online@wellsfargo.com" as the "From:" address, but the message-ID has my domain name in it..
Quote:
------ This is a copy of the message, including all the headers. ------
Return-path: <nobody@host.mydomain.com>
Received: from nobody by host.mydomain.com with local (Exim 4.63)
(envelope-from <nobody@host.mydomain.com>)
id 1Hju9b-0002y3-TH
for lwilder1999@yahoo.com; Fri, 04 May 2007 05:32:43 -0400
To: lwilder1999@yahoo.com
Subject: Update Your Account Records
From: Wells Fargo Online <online@wellsfargo.com>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1Hju9b-0002y3-TH@host.mydomain.com>
Date: Fri, 04 May 2007 05:32:43 -0400
There's gotta be some way (make that 1204.. just got 4 more bounces) to block spammers from doing this. Could someone help a newbie out?
View 6 Replies
ADVERTISEMENT
May 15, 2008
I've been getting a lot of "Undeliverable" emails sent to my email address. On these messages, the spammer is using my email on the "From" part of the email...... So whenever he sends out spam, the person(s) getting spammed think it's from me..... And the thousands of Undeliverable email error messages are also sent to me.
Is there a way to stop this from Happening? ....... Besides changing my email address?
View 3 Replies
View Related
Jun 30, 2008
I was wondering if anyone has any methods to stop spammers? Currently i am keeping watch on the mail queue and making sure nothing unsual. I have in WHM configuration setup to not allow more 200 mail messages per account per hour but for some reason it will hit thousands. WHMCS does seem to suspend them automatically or maybe its because of WHM BUT only when its too late.
Any thoughts or suggestions?
View 9 Replies
View Related
Jun 2, 2009
Have a persistent spammer who kept emailing my clients, even non existent domain accounts and getting the bounced emails to be send to a particular yahoo address. I tried to block in all ways but can't seem to stop him. His spams are from all over the world. Any suggestions?
View 3 Replies
View Related
Apr 30, 2007
I have a massive spam problem on my server, which I cannot seem to find a cure for. Here is an example of the headers from an example email (from WHM) that is stuck in the mail queue:
Quote:
1HiU0X-0006Y3-O6-Hmailnull 47 12<>1177932329 0-ident mailnull-received_protocol local-body_linecount 78-allow_unqualified_recipient-allow_unqualified_sender-frozen 1177932333-localerrorXX1vrroark@freemail.ru144P Received: from mailnull by host.zaggs.com with local (Exim 4.63)id 1HiU0X-0006Y3-O6for vrroark@freemail.ru; Mon, 30 Apr 2007 12:25:06 +0100045 X-Failed-Recipients: download@host.zaggs.com029 Auto-Submitted: auto-replied058F From: Mail Delivery System <Mailer-Daemon@host.zaggs.com>024T To: vrroark@freemail.ru059 Subject: Mail delivery failed: returning message to sender047I Message-Id: <E1HiU0X-0006Y3-O6@host.zaggs.com>038 Date: Mon, 30 Apr 2007 12:25:06 +01001HiU0X-0006Y3-O6-DThis message was created automatically by mail delivery software.A message that you sent could not be delivered to one or more of itsrecipients. This is a permanent error. The following address(es) failed: download@host.zaggs.com (generated from abraham@keysupplier.com) retry timeout exceeded------ This is a copy of the message, including all the headers. ------Return-path: <vrroark@freemail.ru>Received: from [220.157.245.77] (port=3648 helo=localhost.localdomain)by host.zaggs.com with smtp (Exim 4.63)(envelope-from <vrroark@freemail.ru>)id 1HiU0X-0006Xu-7rfor abraham@keysupplier.com; Mon, 30 Apr 2007 12:25:06 +0100Message-ID: <10fb01c78b19$683b6042$8bc8505a@freemail.ru>From: Noticeable <vrroark@freemail.ru>To: abraham@keysupplier.comSubject: I am 79 years young!Date: Mon, 30 Apr 2007 14:19:48 +0300MIME-Version: 1.0Content-Type: multipart/alternative; boundary="----=_NextPart_000_0000_9E7D5C31.01A57A34"X-Priority: 3X-MSMail-Priority: NormalX-Mailer: Microsoft Outlook Express V6.00.2900.2180X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180This is a multi-part message in MIME format.------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/plain; charset="iso-8859-1"Content-Transfer-Encoding: 7bit A few words about HGH LifeI have been taking HGH Life for five weeks and there is a noticeable improvementin me overall. Waking up without muscular pain is the most obvious! WhenI run out, I shall be ordering as much as my pension will allow. I am inEngland and am 79 years young!Order HGH Life online ------=_NextPart_000_0000_9E7D5C31.01A57A34Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><HTML><HEAD><META http-equiv=3DContent-Type content=3D"text/html; =charset=3Diso-8859-1"><META content=3D"MSHTML 6.00.2900.2912" name=3D"GENERATOR"></HEAD><BODY text=3D#000000 bgColor=3D#ffffff><font size=3D"3" face=3D"Times New Roman"><p align=3D"center"><font =face=3D"Arial" color=3D"#009900" size=3D"5"><strong>A few =words about HGH Life™</strong></font></p><p align=3D"center"><font face=3D"Arial">I have been taking HGH =Life™ <strong>for five weeks </strong>and there is a noticeable =improvement in me overall. Waking up without muscular pain is the most =obvious! When I run out, I shall be ordering as much as my pension will =allow. I am in England and am <strong>79 years =young</strong>!"</font></p><p align=3D"center"><a href=3D"http://worldwdefull.com"><strong><font =face=3D"Arial" color=3D"#ff6600" size=3D"4">Order HGH Life™ =online</font></strong></a></p></font></BODY></HTML>------=_NextPart_000_0000_9E7D5C31.01A57A34--
I can confirm that the person who is doing this IS NOT using the 'nobody' user because I am keeping a spam_log for that.
How else is a user able to use our server for spam? Please help as I would like to get this sorted ASAP.
View 5 Replies
View Related
Aug 4, 2008
I got an email "failure delivery notification" but i did not sent that email. It had my email address though.
So I contacted host and got a very quick reply:
Quote:
The is caused due to the email spoofing. Someone was spoofing your email account and sending mails by adding the mail header so that the appears to have originated from the actual source. By setting SPF record correctly in the DNS zone of the domain, we can almost prevent this.
Here The SPF record was not setup correctly. Now we have made some changes in the SPF record in the DNS zone file "/var/named/domainname.com.db".
------------
v=spf1 a mx ip4:67.21.1.226 ?all -----> v=spf1 a mx ip4:67.21.1.226 ~all
------------
Now I can understand that they have quickly fixed the problem. BUT I need to learn more on what is going on here.
I can understand that email spoofing is that spammer is sending email with header that shows it is my email address (which it is not).
But I dont understand the second part that a DNS record fix it.
What does that DNS line mean,
DNS stuff is really complicated and am lost when it comes to it.
View 8 Replies
View Related
Apr 16, 2008
I got a bounced back message that I never sent. I was profoundly shocked to discover (through the header info) that the message originated from dotworlds.net; a site that ostensibly is a spoof email service provider.
Should such sites be allowed to exist?
View 2 Replies
View Related
Oct 3, 2006
I have two domains that I haven't set email up for yet. One is hosted on a good plan that uses cPanel. The other has some not-so-user-friendly interface.
Either case, I haven't set up email because I don't know what to seperate between truth and fiction. I know of the front end measures of cloaking an email link to your site using hex or some other hack so it doesn't show up to spiders and bots.
I also heard a rumor that using generic "webmaster@" on any domain is a surefire way for these bots to spam through. So is that true? Should I name my link like "thiswebmaster@" instead ? (or to that effect?)
What can I do to prevent too much (relatively speaking I guess) spam coming in?
View 0 Replies
View Related
Oct 19, 2007
I think someone has successfully make my server to send out emails. Why i know this?
it's because I saw many return emails saying that the emails sent out to their inbox are consider spam. I mean a lot for instance within 1 second, there are more than 10 mails.
Can someone help explains me how I can find the culprit and fix the problem?
View 14 Replies
View Related
Jul 4, 2008
I'm receiveing tons of "Mail Delivery Failure" emails lately, like hundreds a day.
Today I opened a few to check what's going on... And basically these emails say a message could not be delivery due to a random error.
What intrigued me was that emails from my domain were the alledged sender or were on the reply-to field.
Those email accounts not even exist under my domain. And the spam messages were not sent from my server as it's clear in the body of the delivery error email.
So the situation is I have a spammer sending out thousands of emails a day impersonating my domain.
You can see a copy of the emails I'm getting here: http://cl1p.net/delivery_error
Why's the spammer doing this? Why the need to impersonate my domain?
And how can I stop him?
I think I might have a problem with my SPF rules, too loose! How to tighten it?
View 2 Replies
View Related
Mar 28, 2008
possible way to stop spammers from forging my website's domain in the "From" or "Reply To" fields? I just received 1700 bounced e-mails in my inbox from spammers using my domain in the "From" address. Really freaking annoying, and I don't want my website to get blacklisted.
View 6 Replies
View Related
Oct 8, 2007
This is something that has been playing on my mind for a while now and this may be the place to create a plan.
How many of you are recieving emails advertising pills, viagra etc.
And how many are recieving them from domains totally unrelated to the above, sometimes from even your own address??
Has anyone got any thoughts or ideas about how we can put a stop to this?
View 12 Replies
View Related
Aug 28, 2007
My server/website is now hijacking and they use my server for sanding spam.
Please help me to fix this error.
My server: Centos, Cpanel, Ldf
Mysite: Joomla 1.0.13
lfd email:
HTML Code:
Time: Tue Aug 28 20:16:51 2007
Path: /home/longpt/public_html
Count: 101 emails sent
Sample of the first 10 emails:
2007-08-28 20:16:40 1IQ7UO-0006AJ-Mf <= nobody@hn.luatgiapham.com U=nobody P=local S=6263 T="Automated Security Notice"
2007-08-28 20:16:40 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UO-0006AC-Iy
2007-08-28 20:16:40 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UO-0006AL-Od
2007-08-28 20:16:40 1IQ7UO-0006Ae-ST <= nobody@hn.luatgiapham.com U=nobody P=local S=6263 T="Automated Security Notice"
2007-08-28 20:16:40 1IQ7UO-0006Ag-Uk <= nobody@hn.luatgiapham.com U=nobody P=local S=6261 T="Automated Security Notice"
2007-08-28 20:16:41 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UO-0006Ae-ST
2007-08-28 20:16:41 1IQ7UP-0006Ak-1x <= <> R=1IQ7UO-00069O-06 U=mailnull P=local S=7333 T="Mail delivery failed: returning message to sender"
2007-08-28 20:16:41 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UP-0006An-6F
2007-08-28 20:16:41 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UP-0006At-B7
2007-08-28 20:16:41 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1IQ7UP-0006BB-Dv
Possible Scripts:
/home/longpt/public_html/configuration.php
/home/longpt/public_html/CHANGELOG.php
/home/longpt/public_html/configuration.php-dist
and I receive thousands of returning email but I don't send them.
Code:
This is the mail delivery agent at messagelabs.com.
I was not able to deliver your message to the following addresses.
<nolan1@mailbox.ulcc.ac.uk>:
128.86.238.34 does not like recipient.
Remote host said: 550 rejected
--- Below this line is a copy of the message.
Return-Path: <nobody@hn.luatgiapham.com>
X-VirusChecked: Checked
X-Env-Sender: nobody@hn.luatgiapham.com
X-Msg-Ref: server-13.tower-82.messagelabs.com!1188346634!60747442!1
X-StarScan-Version: 5.5.12.14.2; banners=-,-,-
X-Originating-IP: [203.162.168.24]
X-SpamInfo: filtered by Signaturing System
X-Spam-Flag: YES
X-SpamReason: Matched rules 111461236, 114223405
Subject: {Spam?} Automated Security Notice
Received: (qmail 19117 invoked from network); 29 Aug 2007 00:17:31 -0000
Received: from unknown (HELO hn.luatgiapham.com) (203.162.168.24)
by server-13.tower-82.messagelabs.com with AES256-SHA encrypted SMTP; 29 Aug 2007 00:17:31 -0000
Received: from nobody by hn.luatgiapham.com with local (Exim 4.63)
(envelope-from <nobody@hn.luatgiapham.com>)
id 1IQ8CZ-00071e-H1
for nolan1@mailbox.ulcc.ac.uk; Tue, 28 Aug 2007 21:02:19 +0000
To: nolan1@mailbox.ulcc.ac.uk
From: NatWest Bank <online.security@natwest.com>
MIME-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding: 8bit
Message-Id: <E1IQ8CZ-00071e-H1@hn.luatgiapham.com>
Date: Tue, 28 Aug 2007 21:02:19 +0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - hn.luatgiapham.com
X-AntiAbuse: Original Domain - mailbox.ulcc.ac.uk
X-AntiAbuse: Originator/Caller UID/GID - [99 32002] / [47 12]
X-AntiAbuse: Sender Address Domain - hn.luatgiapham.com
X-Source:
X-Source-Args:
X-Source-Dir:
<html><head>
<style><!--
body,td{font-family: verdana, helvetica, sans-serif; font-size: 12px; line-height: 1.5; color:#FFFFFF; text-decoration: none; }
a:link{color: #FFFFFF; text-decoration:none;}
a:visited{color: #FFFFFF; text-decoration:none;}
a:hover{color: #FFFFFF; text-decoration:underline;}
View 6 Replies
View Related
Dec 25, 2007
I have a VPS and I am wondering if anyone knows any way in which to make it so that emails sent from the server are not seen as spam by hotmail and the likes.
View 5 Replies
View Related
Jun 9, 2007
working as domain admin in a web company.
Well i generally mail newsletter and offers to my subscribers in different domain using 6 IPs in my domain but due to slowness and huge spam receiving from the sender domains i m now deciding to increase my IP to 20. In which i will be using 10 each IPs distributed in two domains.
Will it be good by doing this ? Will it stop the rate of spam? Will the domains where i m sending the mails block me ?
View 1 Replies
View Related
Oct 25, 2007
i have one server with cPanel/WHM use Exim mail server, how to stop receved SPAM from domain inews.inf.br, i receved many SPAMs from this domain.
OS: CentOS
View 8 Replies
View Related
Aug 10, 2008
How do you defend against browser spoofing? From the tutorials shown at [url]. it seems really easy to spoof a firefox useragent.
View 5 Replies
View Related
Nov 8, 2007
I'm concerned about dns spoofing
As explained here:
w w w. securesphere(dot)net/download/papers/dnsspoof.htm
I note the recommendations:
- To limit the cache and check that it's not keeping additional records.
- Not to make security systems to use/rely on DNS.
- Use cryptography like SSL, even if the problem remains the same, it increase difficulty level for the attacker (See article on Man in the Middle)
I did not on another site that the latest version of BIND for DNS should be installed.
I'm quite sure I'm being attacked in this way by a guy on the same network as my numerous commercial websites.
I'm setting a new server. I'm getting my own name server.
What steps should I take to best protect my self and my business against these attacks please?
(firewall? tips etc beside the above?) Please let me know as I want to set up and have a better than even bet I have shaken the guy.
View 2 Replies
View Related
Apr 29, 2009
I have similar problem that explained [url]
The detail of my problem is below:
Some people sent spoofing mails from our mail users sent to our user from Postfix/local that is listed in maillog like below:
Apr 29 16:57:02 ns1 postfix/local[3075]: EC2153565E3: to=<user-mydomain.com@ns1.mydns.com>, orig_to=<user@mydomain.com>, relay=local, delay=486, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Bu i do not know how to prevent this people not to use my Postfix/local delivery part. How can i prevent this attack?
When i connect to my mail server to sent or receive my mail it look like
Apr 29 17:25:28 ns1 dovecot: pop3-login: Login: user=<user@mydomain.com>, method=PLAIN, rip=***.***.***.***, lip=***.***.***.***
....
Apr 29 17:25:55 ns1 dovecot: POP3(user@mydomain.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0....
But the attackers connect directly like below:
Apr 29 17:29:59 ns1 postfix/local[2456]: 3192E357FD9: to=<user-mydomain.com@ns1.mydns.com>, orig_to=<user@mydomain.com>, relay=local, delay=261, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
....
Apr 29 17:29:59 ns1 postfix/qmgr[2218]: 3192E357FD9: removed
How can the spammer connect to Postfix/local part? My mail server not open relay. i test it from internet.
View 2 Replies
View Related
Jun 24, 2008
I currently have a domain on Server 1 (Linux, Apache, Ubuntu, Matrix control panel).
This server does not have any spam filter, so I have moved all the email accounts to Server 2 (Linux, Apache, Fedora Core, Plesk) which does have a brilliant spam filter; and have changed the DNS record for mail.domain.com to the IP address for Server 2.
Emails are being successfully received on Server 2.
On Server 1, when an email is sent through SMTP to an address at that domain, it does not send it to Server 2, it gets delivered to the hosting account for the domain on Server 1. So what I am guessing is happening is that Server 1 detects the domain has an account on the server, and instead of looking up the DNS info for that domain, just assumes it is on Server 1.
What I need to do, is force Server 1 to send email for that domain to Server 2. Is this possible, and if so, how can it be achieved? If more info about the server is required for a solution please let me know and I'll provide what I can.
View 5 Replies
View Related
Sep 29, 2009
I have created five different websites for different customers and I have never offered them the option of having their email with their own domain name (coustomer@yourdomainname.com) just because I don’t see an easy way for them to login to check their emails, something like www.yourdomain.com/username or something that can be easy to remember.
So I was wandering how you guy are doing it, what interface is the best Horde, SquirrelMail or Round Cube?
How are you guys checking your emails?
Is there a lot of spam?
I used Cpanel for all of these sites but I honestly have never use the email part.
View 8 Replies
View Related
Oct 16, 2009
I am running a blog with Blogger/Google and use my own domain. If I want to set up an email account using that domain, I need to move it to a host right? But that also means my blog cannot have that domain again? Is this correct?
View 5 Replies
View Related
Jun 8, 2007
Is it possible to create emails for a subdomain? For eg.
email @ sub.domain.com
email2 @ sub.domain.com
email3 @ sub.domain.com
What kind of setup is required for it? I mean, MX records etc..?
View 7 Replies
View Related
