Very high volume bulk email apparently from addresses @ my own domain
Thread poster: Luca Tutino

Luca Tutino  Identity Verified
Italy
Local time: 19:01
Member (2002)
English to Italian
+ ...
Jul 13, 2008

Lately I am receiving a very high number of 'delivery failure' reports or 'returned mail' warnings for messages apparently coming from fantasy addresses in my website domain (hosted at pair.com). The high number of failure reports, about 100 per day, lets me think that the total number of messages sent is in the realm of the thousands. I am not suffering special consequences, although I am always worried that my domain could be included in antispam blaklists around the word.

I know that spammers can set whatever address in the from field, and I have been wating for a while that this wave might just pass. It did not. I have checked the access statistics on the server, and it appears that web access rate is just normal, while no FTP access as been attempted in the last few weeks. Now I could just stop collecting the failure reports (disabling the forwarding of all messages directed to addresses not corresponding to actual mailbox set by myself). However I am under the impression that these high number might be signaling an actual exploitation of my domain server in sending the spam messages.

Can you confirm whether my server could be physically exploited in this way? Could I take some kind of action to try and stop this possible exploitation, without disturbing the normal functioning of my website, ftp and email servers?

Luca


Direct link Reply with quote
 

Ralf Lemster  Identity Verified
Germany
Local time: 19:01
English to German
+ ...
Welcome to the club Jul 13, 2008

Hi Luca,

Lately I am receiving a very high number of 'delivery failure' reports or 'returned mail' warnings for messages apparently coming from fantasy addresses in my website domain (hosted at pair.com). The high number of failure reports, about 100 per day, lets me think that the total number of messages sent is in the realm of the thousands.

I get between 500 and 2,500 such failure reports per day (peaks usually on weekends).

I am not suffering special consequences, although I am always worried that my domain could be included in antispam blaklists around the word.

That risk is there, but it's remote - I had one occurrence over 2-3 years, and this one was sorted out by my ISP within a couple of days. No negative effects at all.

I know that spammers can set whatever address in the from field,

Usually, it's the 'reply to' field they're using.

However I am under the impression that these high number might be signaling an actual exploitation of my domain server in sending the spam messages.

Ask your ISP to check, but I'd be surprised if they were using your server.

Can you confirm whether my server could be physically exploited in this way? Could I take some kind of action to try and stop this possible exploitation, without disturbing the normal functioning of my website, ftp and email servers?

According to my ISP (Claranet), it's not worth the effort even following up. Just make sure your spam filter catches them.

Best, Ralf

Luca


[/quote]


Direct link Reply with quote
 

Rad Graban  Identity Verified
United Kingdom
Local time: 18:01
English to Slovak
+ ...
Spoofed e-mail. Yes, it is possible. Jul 13, 2008

Hi Luca,

Looks like your e-mail has been spoofed. You can find more info about it on http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci840262,00.html

Rad

[Edited at 2008-07-13 10:48]


Direct link Reply with quote
 

KSL Berlin  Identity Verified
Portugal
Local time: 18:01
Member (2003)
German to English
+ ...
This, too, may pass Jul 13, 2008

I would occasionally see this sort of thing in individual spam messages until about a month ago when about 700 showed up in my mailbox. Fortunately, this flood of trash mail was an isolated incident, and I'm back down to the usual 50 to 100 daily "special offers" for drugs, financial services, lottery, etc. Maybe you'll be lucky and this will fade away soon.

Direct link Reply with quote
 

Luca Tutino  Identity Verified
Italy
Local time: 19:01
Member (2002)
English to Italian
+ ...
TOPIC STARTER
Thank you Jul 13, 2008

Should it reach the high figures of Ralf, I could start getting a slight problem of slow mail reception (ADSL through home access point). Until then, if it is just spoofing, I will keep adjusting my filters, in the attempt not to discard the legitimate failure delivery messages only.

Thank you for your reassurances,

Luca


Direct link Reply with quote
 

Tomás Cano Binder, BA, CT  Identity Verified
Spain
Local time: 19:01
Member (2005)
English to Spanish
+ ...
Clearly, spam Jul 14, 2008

Hello there. We had the same situation some time ago. Some of our accounts are over a decade old and are in all spammer's records for one reason or another. We got tons of spam until our ISP started to implement measures.

The last big wave was tons of delivery failure messages which, once you opened them, were spam. I encourage you to get a desktop antispam filter (we use FireTrust Mailwasher and are happy with it as ti keeps us in control) and to talk to your ISP about this. They might want to implement server-based measures to protect their users from this.

I mean to say that I don't think your email server is being exploited to send spam (we don't have our own server and had the same situation). It's just fake delivery failure messages using your domain name to lure you into opening the messages.

[Edited at 2008-07-14 07:29]


Direct link Reply with quote
 

Jenny Forbes  Identity Verified
Local time: 18:01
Member (2006)
French to English
+ ...
I used to get these mystery "undeliverable" messages too Jul 14, 2008

Kevin Lossner wrote:


I would occasionally see this sort of thing in individual spam messages until about a month ago when about 700 showed up in my mailbox. Fortunately, this flood of trash mail was an isolated incident, and I'm back down to the usual 50 to 100 daily "special offers" for drugs, financial services, lottery, etc. Maybe you'll be lucky and this will fade away soon.


I used to get these mysterious "returned undeliverable" messages too, Luca. It was annoying but didn't seem to do any harm. Now, touch wood, they've stopped. Like Kevin (and everyone, I suspect) I still get junk about on-line poker, replica designer goods and invitations to enlarge a part of the body I don't have, all of which go direct to the Spam folder and I delete them in bulk.
Best of luck
Jenny


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Very high volume bulk email apparently from addresses @ my own domain

Advanced search






Déjà Vu X3
Try it, Love it

Find out why Déjà Vu is today the most flexible, customizable and user-friendly tool on the market. See the brand new features in action: *Completely redesigned user interface *Live Preview *Inline spell checking *Inline

More info »
Anycount & Translation Office 3000
Translation Office 3000

Translation Office 3000 is an advanced accounting tool for freelance translators and small agencies. TO3000 easily and seamlessly integrates with the business life of professional freelance translators.

More info »



All of ProZ.com
  • All of ProZ.com
  • Term search
  • Jobs