Just about forgot I had a question....

[rotarysteve]

Wow, how sad is that, I got to thinking about a "20,000th post" party, and beer and almost forgot I had a question...........

Now the question.... It's about someone sending me a spam e-mail, using my own domain name.

I'm sure I've seen an explanation here in the forum, and I might of even asked the question, but can someone help explain this and why it can happen???

How can someone send me an e-mail with a e-mail address that has my domain name in it????????????

Advance Thanks..........

[China Tea]

but in the form of mail delivery failure . . . somehow, they woul attach names to my domain name . . . as in xox@shopdrops.com.

I don't know what their intention is - - - I guess they want you to open the mail and read whatever links they insert in.

I too want to know the answer. . . I will watch this thread with you Rotarian!

[davep4hpg]

Hi,

I'm less bothered about how they do it, I'd love a way to stop it happening. Spam to our business domain email address has doubled in the last few weeks since we started getting fake delivery failures. It makes it very difficult to pick out genuine failures where we need to contact a customer who genuinely hasn't received their order confirmation. Also pi***s me off immensely, especially as my spam filters struggle to tell the difference between real and fake.

[geordie joe]

If you have a "catch all" on your domain then any email sent to your domain will reach you.

That is @your-domain.com with anything at all before the @.

Someone sends out thousands of emails, spoofed from your domain and you get the undelivered ones.

The intended recipients addresses are all in the BCC field.

These emails are designed to make the recipient think they have accidently recieved another persons email. Which contains some "inside information". The ones I get are all about some shares that are just about to rocket, and strongly advising the recient to buy as many as they can afford.

[-=Seth=-]

careful you guys they could be generating spam via one of your own forms, the bounced emails could be genuine bounced emails which were generated by a spammer using your forms and come from your server, do the emails arrive in the same address you use for your mail to forms

[webado]

Ok, folks,

When an email is sent it has several "headers".

One is a replyto email address. That can be set to anyhting the sender, wants, it doesn't have to exist even. Spammer usually send messages through their own email address, but with a replyto set to an email address on some other domain. Usually the domain exists, but the account name may not, as often they are just random letters. They are banking on those people using catchall email account where anything@example.com gets accepted, not bounced or deleted for not existing.

But worse than that they send email thus purposting to come fom say xox@example.com with a long list of recipient addresses, some valid, some not.

Two things happen.
1) The valid recipients will probably flag and report the email as being spam and either the apaprent repoy to address gets banned or the actual sender's email server's IP address gets banned (depends on spam reproting service they use).
2) The invalid recpients at the destination domain may bounce the email back to its apparent sender - the replyto email address that is specified. If that replyto email address exists (or is accepted by the receiving mail server catchall email account) then the owner of that email account sees a bounce in the inbox, for an email they know has not been sent by them. The fun part is of that email account does not accept email to that email address and then bounces it back again to the sender which is the other email server bouncing it ....spam ping pong now . Soeme mail severs may be able to contian this ping-pong efect, but many won't . So this may have a snowball effect where all manner of sending mail servers get interpreted automatically as sending out or relaying spam when in fact neither had been involved in the original sending of spam.

Annoying. The only thing you ever have to be concerned with is to make sure your own email server was not exploited behind your back to send out the first set of spam emails - that woudl happen if you have vulnerable emai lforms on your site.

Otherwise, since most such bounces of mail you have not sent are really coming to email addresses that don't actually exist (made up names), what I do is not allow any incoming email to any email address whcih I have not specifically created - so I don't have a catchall email address. I either bounce such email or send it to :blackhole: and good riddance.

[motorwatchercounter]

Absolutly.

I never have a catch all and create and collapse email addresses as required. For example if I am looking for a new motor insurance quote I create quote@xxx.xxx Once I have finished with this I turn it off and back on the following year. This also means that I don't get any other junk trying to "upsell" other insurance products.

On the contact form side make sure that the script can only be sent from your server and that the you have no way of anyone entering any multiple email addresses in it.

You will still get some junk but it stops stacks of it.

Oh yeh. DO NOT put any email addresses on the web or your site as harvesters can read these.

[webado]

Quote:

Originally Posted by motorwatchercounter

On the contact form side make sure that the script can only be sent from your server and that the you have no way of anyone entering any multiple email addresses in it.

Of course that's the biggest difficulty - extensive validation of user input fields. There are numerous ways they can inject cc and bcc recipients in an innocuous field supposed to only contain the user's email address or the subject line. There also many ways they can injext html, javascript and pos into any input field which, if not disabled, can spawn tons of spam.

Javsacript validation is pretty worthless - it can and will be turned off. You need to do all the real validaiton in the form processing script. And I mean REAL and thorough validation. Most email scripts available on the web either don't do those validaitons or don't do the mproperly or only do a few. You need to modify it extensively to secure the script.

[China Tea]

Christina wrote in part:

Quote:

not allow any incoming email to any email address whcih I have not specifically created - so I don't have a catchall email address.

That explains it. When I set-up my merchant account e-mail from the get go, I chose the option to send ALL e-mails with my domain name (could have been misspelled) to a catch all mailbox.

Okay. I will revise that mail option and get rid of these mail delivery failure e-mails.

Thanks Christina. Thanks MW . . . so glad you are around.

[motorwatchercounter]

Quote:

Originally Posted by China Tea

.....Thanks Christina. Thanks MW . . . so glad you are around.

Hi CT,

I am not around ......... more rotund I would say.