spam being sent using my domain

Jesse Stay jesse at thestays.org
Thu Jan 18 22:15:23 MST 2007


One thing I noticed recently that these spammers seem to be doing is
they will send you an e-mail, no links in it, with some random message
in it - sometimes it's just a series of numbers.  What they are doing
by doing this is determining if your e-mail address returns to them or
not.  If not, they know it's possibly a valid e-mail address and they
can now use your domain to send more e-mail.

Usually they've hijacked some SMTP server/open relay elsewhere when
they do this, and they keep it just long enough to harvest some good
domain names.  Now they can use your domain, you get all the returned
e-mails from the spam, and they get all the money from the spam!

One thing you could do is find some of those no-link e-mails.  Chances
are some of them are from actual valid e-mail addresses.  If the
spammer hasn't left the hijacked server (or is on a real server),
start forwarding all your mail but the exact addresses you know people
send to to those addresses.  I haven't confirmed if this actually
works or has an effect not yet, but the thought is amusing at least.

Jesse

On 1/18/07, Derek Davis <derek.davis at gmail.com> wrote:
> I own the domain name dnadavis.net.  I set up a catch all mx entry, so
> that all email that I don't specifically account for gets forwarded to
> my gmail address.  This way, I can make up email addresses on the
> spot, which I like doing.  Like using oldnavy at dnadavis.net if I shop
> at Old Navy, so I know if they sell my email address to spammers. :)
> I have my home computer setup with postfix, but it's not configured
> for receiving mail.  At least not intentionally.  Recently, I started
> periodically receiving bounced or rejected messages, maybe 1 or 2 per
> week.  However, I didn't send out those messages, I don't know the
> intended recipient, and they are spam.  I looked through
> /var/log/messages, and I didn't see any entries that looked like these
> messages were sent from here, but I don't know where else to look.
> So, here are my questions:
>
> 1) How can I determine if people are relaying spam through my machine?
>  If they are, I think I can wade through the postfix config and figure
> out how to stop it.  Any other suggestions?
> 2) If they aren't, but they are just sending mail spoofing my domain,
> what can I do about it?  What should I do?
>
> Thanks.  I'd hate for people to think that I've turned into a spammer.
>
> --
> Derek M Davis                                derek.davis at gmail.com
> -------------------------------------------------------------------
> "Man has no choice about his need for self-esteem.
>  He can only choose by what standard to gauge it."
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>


-- 

#!/usr/bin/perl
$^=q;@!>~|{>krw>yn{u<$$<Sn||n<|}j=<$$<Yn{u<Qjltn{ > 0gFzD gD, 00Fz,
0,,( 0hF 0g)F/=, 0> "L$/GEIFewe{,$/ 0C$~> "@=,m,|,(e 0.), 01,pnn,y{
rw} >;,$0=q,$,,($_=$^)=~y,$/ C-~><@=\n\r,-~$:-u/
#y,d,s,(\$.),$1,gee,print



More information about the PLUG mailing list