Shifted from Scam Email section
This morning I have had about 200 'bounced' emails which I never sent. Someone has hijacked my email address, again.
Margaret,
We've had exactly the same, over the last year. Nothing to do with rental sites, another business altogether.
It's serious for us, as not just the address, but the domain gets blacklisted wherever domains gets blacklisted, so although we can change the email address, the domain becomes useless.
Have you discovered a solution? We're tried, without success.
We also suspect who's done it, but no proof.
MG
Hijacking email addresses
-
Mountain Goat
- Posts: 6070
- Joined: Wed Apr 19, 2006 1:31 pm
- Location: Leysin, Alpes Vaudoises, Switzerland
- Contact:
Hmmm, I could also hazard a guess as to who has done it to us!
OK, in our case, the bounced emails show the originating address as being all sorts of nonsense @zzzzz-zzzz.com. Although we owned the website, we never used email addresses related to the domain name. We use my @btinternet.com address for absolutely everything. We sold that business, including the domain, to another company last year. But there is a disgruntled former partner out there who could have done this. The bounces are coming back to our email address, not the @zzz email address appearing in the header. Quite a lot of them are China related in some way although the people I could suspect have business in China it could also be that it is just straight spam.
A proportion of the emails request verification from us. Which also makes me think it could be straight spam. We very rarely get those verification requests, but then we regularly email hundreds of companies for our publishing business and we are very well known worldwide so I suppose a lot of them get through because our address is recognised.
In this case, I am concerned that our email addresses may be blacklisted because of the spam - one of the bounces said that email address was never used for commercial emails and that they were planning to sue us in the Californian courts! I kept it just in case. After all I have done nothing wrong.
Not sure if any of this helps!
OK, in our case, the bounced emails show the originating address as being all sorts of nonsense @zzzzz-zzzz.com. Although we owned the website, we never used email addresses related to the domain name. We use my @btinternet.com address for absolutely everything. We sold that business, including the domain, to another company last year. But there is a disgruntled former partner out there who could have done this. The bounces are coming back to our email address, not the @zzz email address appearing in the header. Quite a lot of them are China related in some way although the people I could suspect have business in China it could also be that it is just straight spam.
A proportion of the emails request verification from us. Which also makes me think it could be straight spam. We very rarely get those verification requests, but then we regularly email hundreds of companies for our publishing business and we are very well known worldwide so I suppose a lot of them get through because our address is recognised.
In this case, I am concerned that our email addresses may be blacklisted because of the spam - one of the bounces said that email address was never used for commercial emails and that they were planning to sue us in the Californian courts! I kept it just in case. After all I have done nothing wrong.
Not sure if any of this helps!
Margaret,
I don't know exactly how your email is set up, but I wouldn't attribute this to someone you know, it's not very likely.
If it's related to a domain name you have sold, then the problem is coming from a mistake by the Registrar of the domain name during the transfer process. The new owners would not know about this unless they are using the email themselves, and have deliberately configured it to point to you on the off-chance that a spammer is going to attack you. It's much more likely that it is something that someone forgot to do during the transfer process, not something new that they have done. Here's what I suggest you do:
Call customer service at the Domain Name Registrar and alert them to their error. You need to tell them that when they switched the domain name registration over to the person who bought it, they forgot to make the changes to the email catchall. They need to switch it off. By doing this, you are not stopping spammers using the domain name in the replyto: field, but you are stopping the bounces and replies coming back to you. If the new owners switch on the catchall, spam will go to them instead of you, or they will bounce back at the server if the catchall function is off. Either way, it's not your problem any more, it's theirs.
If you still own the domain, then switching off the catchall will also fix the problem, although personally I don't like to do this, I prefer other workarounds.
I think both you and MG may be victims of what's called "Dictionary spamming", which is where they send email blasts to: everything-in-the-dictionary@yourdomain .
This is why it is not a good idea to have your email address exposed on your website and there are discussions here about adding javascript code so that the bots can't read the email contact. I found a dramatic drop in spam when I implemented that on my site, also Gmail has fixed the rest and I rarely get any spam at all now, even though I have most spam filters at my ISP switched off.
It's a nightmare when it happens, so you have my sympathy, but it could be worse. You could be receiving 200 an hour! At that rate, you can't function properly because the PC is so busy downloading email, you can't get an email opened or sent out. In that situation, where you need emergency relief, you need to call your ISP (Internet Service provider) and have the sending ISP blacklisted, so all mail from that server is stopped completely. Too bad if a genuine customer on the same server sends you an email, they won't get through, so it's a decision that is not to be taken lightly, and probably lifted again after you have done a more permanent fix. We had this problem with Wanadoo a couple of years back, in fact there's even a conversation on LMH somewhere about it.
Regarding irate responses, these are coming from people who do not grasp how email works, and they assume the replyto address is genuine. I would ignore them, you are not going to get sued. It's common knowledge that spammers put someone else's address in the replyto: field. Nobody can hold you responsible for this.
So far as blacklisting a particular domain name on a server, I'm not sure that can be done, only the ISP can be blacklisted. Ask your ISP if that can be done, I don't think it can, but I could be wrong about that. It just doesn't make sense. All ISPs know about this problem, and implementing a policy whereby all spam replyto: addresses were banned would result in huge numbers of genuine domains being made redundant because of dictionary spamming. I could send spam as gobbledegook@ibm.com and they would ban IBM? I don't think so, and who are they to make a value judgement call about your domain? So they only ban names they don't recognize? It defies logic.
I would also call customer service at your ISP and talk this one through, but deal with the Registrar of the sold domain name first, because they are the source of the problem. If you can't remember who that is, then you can run a Whois search on the ,com database.
Hope this helps.
I don't know exactly how your email is set up, but I wouldn't attribute this to someone you know, it's not very likely.
If it's related to a domain name you have sold, then the problem is coming from a mistake by the Registrar of the domain name during the transfer process. The new owners would not know about this unless they are using the email themselves, and have deliberately configured it to point to you on the off-chance that a spammer is going to attack you. It's much more likely that it is something that someone forgot to do during the transfer process, not something new that they have done. Here's what I suggest you do:
Call customer service at the Domain Name Registrar and alert them to their error. You need to tell them that when they switched the domain name registration over to the person who bought it, they forgot to make the changes to the email catchall. They need to switch it off. By doing this, you are not stopping spammers using the domain name in the replyto: field, but you are stopping the bounces and replies coming back to you. If the new owners switch on the catchall, spam will go to them instead of you, or they will bounce back at the server if the catchall function is off. Either way, it's not your problem any more, it's theirs.
If you still own the domain, then switching off the catchall will also fix the problem, although personally I don't like to do this, I prefer other workarounds.
I think both you and MG may be victims of what's called "Dictionary spamming", which is where they send email blasts to: everything-in-the-dictionary@yourdomain .
This is why it is not a good idea to have your email address exposed on your website and there are discussions here about adding javascript code so that the bots can't read the email contact. I found a dramatic drop in spam when I implemented that on my site, also Gmail has fixed the rest and I rarely get any spam at all now, even though I have most spam filters at my ISP switched off.
It's a nightmare when it happens, so you have my sympathy, but it could be worse. You could be receiving 200 an hour! At that rate, you can't function properly because the PC is so busy downloading email, you can't get an email opened or sent out. In that situation, where you need emergency relief, you need to call your ISP (Internet Service provider) and have the sending ISP blacklisted, so all mail from that server is stopped completely. Too bad if a genuine customer on the same server sends you an email, they won't get through, so it's a decision that is not to be taken lightly, and probably lifted again after you have done a more permanent fix. We had this problem with Wanadoo a couple of years back, in fact there's even a conversation on LMH somewhere about it.
Regarding irate responses, these are coming from people who do not grasp how email works, and they assume the replyto address is genuine. I would ignore them, you are not going to get sued. It's common knowledge that spammers put someone else's address in the replyto: field. Nobody can hold you responsible for this.
So far as blacklisting a particular domain name on a server, I'm not sure that can be done, only the ISP can be blacklisted. Ask your ISP if that can be done, I don't think it can, but I could be wrong about that. It just doesn't make sense. All ISPs know about this problem, and implementing a policy whereby all spam replyto: addresses were banned would result in huge numbers of genuine domains being made redundant because of dictionary spamming. I could send spam as gobbledegook@ibm.com and they would ban IBM? I don't think so, and who are they to make a value judgement call about your domain? So they only ban names they don't recognize? It defies logic.
I would also call customer service at your ISP and talk this one through, but deal with the Registrar of the sold domain name first, because they are the source of the problem. If you can't remember who that is, then you can run a Whois search on the ,com database.
Hope this helps.
The domain is still registered in our name but I am insisting that it is now moved - the company who bought it is part of a very major group, so no underhand behaviour there, just slow moving.
Thanks for the advice but I am not going to hide my email address. I have been using it for at least 10 years and it is far too widely known. The spam lasted for one day and was irritating but not a major problem. I could always clear the spam off the webmail function rather than donwloading it.
I prefer to be easy to contact and live with the spam. Widely publicising our address, contact numbers and email address also gives confidence to potential guests that we actually exist.
Thanks for the advice but I am not going to hide my email address. I have been using it for at least 10 years and it is far too widely known. The spam lasted for one day and was irritating but not a major problem. I could always clear the spam off the webmail function rather than donwloading it.
I prefer to be easy to contact and live with the spam. Widely publicising our address, contact numbers and email address also gives confidence to potential guests that we actually exist.
If you get a lot of spam I can recommend a filter like Mailwasher Pro. I get about 600 spam emails a day and I use MailWasher Pro to deal with it. This is a filter which 'learns' what is spam and what is not. Before downloading my emails I can look at them on MailWasher - it puts what it thinks are good ones in green and the bad ones in red. It never mislabels a good one bad, it only labels some bad ones good, and I can go through ticking these so they turn red. When I am happy it has identified all the good ones, I click to delete all the spam while it is still on the server rather than on my computer, and then download the good ones. This takes about 2 minutes for a day's worth of emails, if I didn't have it, it would take at least half an hour.
Paolo
Lay My Hat
Lay My Hat
It's the same on btinternet. It puts all the emails it thinks are spam into a bulk mail box. I just check it quickly on their website to see if any good ones have got in there by mistake. Very few spam emails actually make it through to my computer and most of those are picked up by Norton and put in the spam box there.
This can be done by anyone at any time with no effort. If you look in your mail client (Outlook , Outlook Express etc.) you will see that there is a box where you can enter a "reply address". You can simply enter any email address you wish into this box and this will be the adress to which any reply is sent - including any rejection replies. If the spammer also sets up the account identifying name to match yours too then it will appear, in every obvious way, to the recipient that the email has come from you. Only when you start to look at the email properties will you find the real originating address.
There is no way of protecting yourself from anyone using your email address in this way. This is why some spam filters will reject any email where the "sent from" address doesn't match the "return address". In fact it's a very good idea to check that you are using the same address as the reply address in your mail client as this will reduce the risk of some of your genuine emails going astray.
Titch.
There is no way of protecting yourself from anyone using your email address in this way. This is why some spam filters will reject any email where the "sent from" address doesn't match the "return address". In fact it's a very good idea to check that you are using the same address as the reply address in your mail client as this will reduce the risk of some of your genuine emails going astray.
Titch.
Margaret, I widely publicize my email address also and get almost no spam. My understanding is that anyone with javascript can see the email address on the website, which is the vast majority of human beings these days if not everyone. The javascript coding is only added to prevent spider bots from reading the address, instead they see "you need javascript to see my email address". So it has nothing to do with how easy it is to contact you - only a bit more effort to do the coding. Considering the time it takes to delete spam, (even using an efficient method like Paolo's,) it was still well worth the effort in my opinion. Spam was the bane of my life and persuading myself it was manageable was fooling myself, it was a boring chore and I am glad to be free of it. Thanks to Brooke who gave us the code (somewhere in these archives). I also gave up downloading email to my computer a long time ago as well, it was slowing everything else down, so now I use all web-based email.Margaret wrote:I prefer to be easy to contact and live with the spam. Widely publicising our address, contact numbers and email address also gives confidence to potential guests that we actually exist.
-
ravetildon
- Posts: 205
- Joined: Wed Mar 09, 2005 2:11 am
- Location: I love Travel! - We Are Based Around San Francisco, California
info
You need to look in the email address header field and check for the IP address of your email server.
Most likely they are not using your email server but simply pretending to. They are forging your email address. It's quite easy to do, but you have nothing to worry about getting blacklist or banned. - As long as that's the case. If you are unsure on how to do that you can forward an email to your host and they can check.
Most likely they are not using your email server but simply pretending to. They are forging your email address. It's quite easy to do, but you have nothing to worry about getting blacklist or banned. - As long as that's the case. If you are unsure on how to do that you can forward an email to your host and they can check.