I'm Not Spamming You, Honest! | April 9, 2005

If you’re visiting this site because you’ve been sent some spam that appears to come from this domain, I’m afraid the we’ve both been had. Some lovely person has decided to “spoof” my email address and send out tens of thousands of spam emails pretending to come from me. Unfortunately, because it’s so easy to forge email headers, there is absolutely nothing I can do to stop this.

I’ve now become the victim of what’s technically known as a Joe Job. In the last 10 minutes I’ve had around 200 bounced emails get through my own spam filtering. Another 200 the 10 minutes before that. I’d hate to think how many are actually hitting the server, but I imagine it’ll be quite a lot.

If you’ve received one of these spam emails, it may be worth reporting the server they are coming from. To do this you’ll need to select “Show Full Email Headers” in your mail program, copy out the spam email and paste it into the SpamCop website. SpamCop will interrogate these headers, attempt to deduce who owns the IP address the spam is coming from and provide you with the email address you should report the abuse to. Send the spam you received, including the full headers, to this address along with a message that reads something like this.

“I am receiving spoofed messages from the server addressed in the headers of this email. Please shut down this server immediately, or close the relays on the box. You are hosting a machine that is spamming and may be held liable if you refuse to correct this issue.”

The spammer is probably exploiting a hole in this server and the company running it will want to know about this and shut down the hole as soon as possible.

Posted at April 9, 2005 4:06 PM

Comments

Mike D. said on April 9, 2005 4:59 PM

Oh man, I had that happen to me with my last domain. It actually forced me to change my domain because I was on so many block lists (based on domain… not originating server).

Sucks… really sucks.

rob said on April 9, 2005 7:06 PM

Ack. This happened to us recently and all I could really do is configure anything not matching exisiting email addresses to be ditched before POP delivery.

A real pain in the √•rse — hope your experience of this is shortlived!

Neil Ford said on April 10, 2005 11:35 AM

So, just for clarity, I CAN’T buy Viagra here?

It’s for a, erm… friend you understand…

Andy Budd said on April 10, 2005 1:00 PM

Send me an email and I’ll see what I can do :-)

Rob Winters said on April 10, 2005 1:58 PM

This is happening to me at the moment too. I get home from work to find 3000 bounce-backs in my inbox. Sucks big time aye.

Dave Marks said on April 10, 2005 9:32 PM

I’ve had this before with client domains…

Quite often those, these emails are coming from end user Pc’s which have been turned into spamming robots by a virus/backdoor whatever, so its hard if not impossible to block or stop it.

Eventually it just fades out on its own - machines getting patched, or the spammer moving onto fresh domains.

Andy Budd said on April 10, 2005 9:36 PM

Dammed Zombies.

Wouldn’t the web be a much nicer place if everybody used a MAc :-)

viagra said on April 11, 2005 2:34 AM

use viagra. gamble ONLINE. you know you want to do both at the same time.

Ara said on April 11, 2005 10:30 AM

Yeah, had that happen to me before. Had to kill the email account and set up an apology page. The blowback only lasted a day or two though.

Keith Bell said on April 11, 2005 10:39 AM

I’m afraid it’s a case of “join the club”, Andy. Every so often some bastard spoofs one of my domains for the same purpose. Like Dave Marks, I find it dies out after a few weeks. Then a few months down the line, they start using it again.

Unfortunately the solution isn’t as simple as notifying Spamcop or an ISP, as they use multiple open relays and I could spend hours reporting or writing to them all. And given that they are usually in China, Taiwan or Korea, it’s pretty much a waste of time: it’s seems that sysadmins there just don’t give a toss about leaving SMTP relays open.

Brady J. Frey said on April 11, 2005 5:12 PM

I feel your pain, our company is going through this right now — sending out spams as if it came from our address, much less spam bombing the snot out of our company. We’ve gone so far to take aggressive legal action to track the user - and we’re turning our hosting internal to deal with it. I hope it works out for you — and for us.

In the end, I have to say I’m tired of this — all the years of wasting time on such a stupid venture. Their killing their own potential business in the end.

alan said on April 12, 2005 4:57 PM

it’s ok…even if i was spammed, i should be grateful, cuz it would have led me to your site!!!