The e-mail address for my website is y-coach@y-coach.com. This is posted on my website and I think it is necessary to have for my visitors to contact me.

The problem is that it appears that some groups have hijacked it. they use something like bob246@y-coach.com and send out spam including porn.

My question is how do I stop this and how do I find out who is doing it?

Thanks,
Schann
http://www.y-coach.com

Well mate that is going to be difficult, check out this site: http://www.cert.org/tech_tips/email_spoofing.html it gives a good explanation on email spoofing , Specially this page http://www.cert.org/tech_tips/email_spoofing.html#III should be of interest as it explains counter measures. Goodluck

__________________
Max,
http://www.upcroft.com

noab

I hate to say this but I think your domain name just went down the dumpers.

The problem, may be that y-coach.com was picked out the blue by a spammer, not that they specifically targeted your name. However, now that you know the problem, you have to deal with it.

I am sure someone can give you the link to abuse something something where blacklists get created and see where you stand with them.

In the mean time I would be registering a new domain, and if things go from bad to worse get ready to move.

Spammers don't all use webpages to get the emails, they have used and probably continue to use Registrar information.

Remember when you registered your domain name and you had to give them your email address?

Well, that is public record and available to anyone who wanted to look up your domain name. Now, there are registration services who say they provide more anonymity to your domain records, but it ofcourse comes with a price.

To be honest, it is my personal belief that if you have a domain name, you are at risk for email spoofing and other problems associated with that. It's happened to me ... and it's very prevailent right now with this horrid email worm and other viruses skipping across the network.

Getting on Email Blacklists is easy when you have a spammer spoofing your domain. It's happened to my firms domain. Found out one of our clients wasn't getting email because their mail server filters from some blacklists and somehow our domain ended up on one.

I am electing to use a Flash button for my email addresses from now on. The button will have the email address on it, but since it's a Flash .swf file, harvesters can't pick it up because the email is encoded in the graphic and the button.

Just one trick out of many...

__________________
====================================
Sandy Johnson
Webmaster & Media Activist
http://www.staleyconcern.com :work
http://www.partytown.com lay
http://www.kqrp.com :community radio

I think the even bigger problem is the "Open Relay" issue. That's basically where you don't have any authentication set up on your SMTP server, so just anyone can spam through your own SMTP server.

I made this mistake a few months ago, not knowing enought about how e-mail servers work. Learn more...

Over 2 millions e-mails were sent out over the course of 4 1/2 days. Obviously, I worked for a day to rid of us on blacklists. If you've found yourself subject to this, go here for some blacklist tools.

__________________
Virtual Tour Software

I have to show my ignorance here. How do I confirm with my hosting company (hostway) that the SMTP server is se-up correctly?

I've had people use my domain name over and over, sending, primarily virus laden email. It hasn't hurt my business at all, except when my own host blacklisted my domain. All of a sudden, no email for 3 days? I got that taken care of. My host has log in security for email and no one is running email through my server, but spoofing. I've looked at the headers of the email for abuse but haven't noticed anything. Of course, I forward all the email to Outlook Express through my ISP which then changes all the headers again.

The last week I've been getting 400 virus laden emails per day, most from someone spoofing my domain.

I looked over some of the information above. Looks pretty difficult to stop these thing and technically, pretty time consuming.

__________________
kjohnson
www.discount-leather.net
Pat yourself on the back before they kick you in the a__

What exactly is "domain spoofing"? I think this is happening to my client right now too. I was checking out their site stats and noticed a whois lookup from some other site, and I checked it out. (The same happened to my own site recently too!) When I got to the WhoIs search page, a different url was listed at the top, and all the other information was correct. When I clicked on soandso.com's link, it brought me to my client's homepage!

I "sucked" the pages at that domain name (ftp) and found only the homepage, only the major buttons (no javascript or rollover buttons, etc.) and that was all that was there.

Regarding domain spoofing: When I sent a friend to that url, it was not available. So, is this spoofing my ISP? Or are they 2 different things?

I also have not been receiving any legitimate email from my own site for almost 2 months now! I AM however, getting plenty of "fake" web design requests using the forms on my site. I found out one of the senders was a hacker. So, is my email address on a Black List now too?
Since my site doesn't have email addresses posted anywhere in the HTML, how do you protect your site's forms from being filled out by hackers or their software? And is this a result of domain spoofing?

cyberserious. When I stopped getting email for 3 days, I had someone that has AOL send me a message. They received a message back that the address (mine) was undeliverable. That's when contacted my host and asked about it. They sent an abuse report in and within 2 days, my email was back to it's normal 50+ email's a day.

I truly don't know how you can stop someone from using your domain name as a spoofed address. I think it's probably impossible. The header reports, in outlook anyway, tell you where the original email came from. This assumes that your spam filter, virus checker and all these little gagets attached to our email don't s_itcan it first.

__________________
kjohnson
www.discount-leather.net
Pat yourself on the back before they kick you in the a__

Hi,

I will tell you my own story and experience with email spoofing, two years ago i was setting up an intranet with a DSL connection for a hotel, the hotel owner didn't want to spend much on programming security so he told me to leave the mail server as open relay ... because there was a proxy (squid) in between he felt with acl rules will suffice, well a wekk after that someone was spoofing their domain, I noticed it because the name of the hotel domain was in between < "..." > and the real ip was masqueraded.
I traced the ips and where all origination from proxys, then after that he received 200,000 spoofed emails, so I convinced him to add a firewall and close the sendmail commands for open relay ...

Today i had another nasty experience i was cheking my own mail from my own domain and I got a mail from 'admin' telling me my email account is expiring, really weird because I control the email accounts, this is the first time it happens to me so I decided to change the password immediately. But i really want to know what kind of technique they used in order to do that, since i don't control the mail server rules, my host provider does, I don't know where the security flaw might be and how to prevent this in the future.

Thank you,

Rick Fitzgerald
CEO
Outlet Season LLC
http://www.outletseason.com

__________________
Rick Fitzgerald
CEO
Outlet Season LLC
http://www.theoutletseason.com

Remember to "hide" the email addresses in your forms... for those still using their hosts default FormMail.cgi, make sure they have the latest version or install it yourself.

And it's not always spoofing. Just this week one of my hosting clients (who i've known 20 years) was suddenly sounding out thousands and thousands of spam emails (for viagra type products no less). The account was suspended until the problem could be determined. The only thing we were able to figure was their password was easy to guess (and directly related to the domain) AND someone had logged in and installed a spam script, which they were using to send these messages. File deleted, passwords changed and the problem is taken care of.

This is prompting a bit of a newsletter reminder to my clients to keep their passwords difficult to guess in order to keep their accounts (and domains) in the clear.

-Diana

__________________
Affordable Web Hosting and Affordable Web Design for businesses and individuals.

One poster to this thread has already made the point that using Flash graphics for e-mail addresses is one way to mask yours from the robot program that harvest e-mail addresses.

While I'm a long ways from being any sort of expert, I understand from people more knowledgeable than I am that using *any* sort of graphical representation of your e-mail address(es) accomplishes this.

I wish I had thought of that when I first put up my own site. I'm averaging around 400 e-mails a day. Until a few days ago, on average 10%-20% were legitimate, but for about the past week, that has dropped to a nearly steady 5%.

I believe one thing we can do over the longer term is to pressure governments to increase the severity of penalties for the people who steal and misuse our e-mail addresses. I feel there should be mandatory jail terms for any offense involving loss of revenue and/or expenses forced upon us by these criminals. And I don't mean "paper jail time" -- i.e., suspended sentences -- but real, behind-steel-bars time in a lock-up.

Firms around the world spend untold but certainly vast sums of money trying to protect themselves in cyberspace, sums of money that ultimately come out of our own pockets. Is that not theft? If someone picks my pocket and gets caught, he goes to jail; why should a cyberspace theif "picking my pocket" be treated any differently?

This is an issue that makes my blood blood boil, so I've had to really strive to keep this post halfway moderate, but that's just my 2 cents' worth.

__________________
http://BangkokAtoZ.com, Bangkok's Voice On The Web

Strongly Agree Mekhong! If we send some legit emails to people who have asked to be on our lists, then someone can't remember if they put their name on and files a complaint...It's our time and money proving that they did or face big $ fines.

We all know these guys are scammers and at least the big hosts such as AOL, Yahoo, NetZero, Earthlink, etc should take some time to figure out, by the headers what is masking and what is not. But they don't. They just blackmail and figure it's done. I've got lot's (LOTS) of AOL customers who have complained to me because I never responed to their email questions. I did, but AOL just blocks with the new spamblocker program, based on...? I don't know, they just block.

Spoofers should face serious jail time for their activities, plus fines.

__________________
kjohnson
www.discount-leather.net
Pat yourself on the back before they kick you in the a__

Well, that's a virus there.

The MiMail virus http://vil.nai.com/vil/content/v_100523.htm spoofs an admin@ e-mail address. Your server has not been compromised... there's no security flaw... don't panic. :-)

I've gotten e-mails claiming to be from every admin@ from every site I deal with, and it's all bunk.

Learn how to read mail headers... it's pretty simple, and it goes a long way to helping determine where stuff originates.

For instance, the new MyDoom virus that's sweeping the nation, starts out by casually appearing from one site, when it's really from another. The headers show this rather quickly...

Return-Path: <maria@www.bogusdomain.xxx>
Delivered-To: my@address.bogus
Received: from www.bogusdomain.xxx (297-977-159-186.in-addr.anotherbogusone.com [297.977.159.186])

So, my mailer shows the mail is from "maria@www.bogusdomain.xxx" but by looking at the headers, I can see the virus attempted to spoof the domain:

"Received: from www.bogusdomain.xxx"

but the server picked up the real IP address of the server it was sent from: "(297-977-159-186.in-addr.anotherbogusone.com [297.977.159.186])" so I could (in theory) send a note to the admin of anotherbogusone.com and tell him one of his users has the virus... but then we admins would all be swimmming in that kind of mail. :)

There is very little hacking going on, and lots and lots of viruses and worms that forge an e-mail address rather easily.

Also, don't assume that a spammer is sending out millions of e-mails with your domain name; it may just be targeted towards you since your filters are more likely to let something thru from someone at the same domain as you than not.

Good news! This is not the case with your mail server. How do I know this? Because I do our email admin and know how to check as follows:

telnet y-coach.com smtp
Trying 64.66.154.245...
Connected to y-coach.com (64.66.154.245).
Escape character is '^]'.
220 liza.siteprotect.com ESMTP Sendmail 8.11.6/8.11.6; Thu, 5 Feb 2004 22:24:53 -0600
ehlo y-coach.com
250-liza.siteprotect.com Hello rrcs-sw-24-153-191-251.biz.rr.com [24.153.191.251], pleased to meet you
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-SIZE 10000000
250-DSN
250-ONEX
250-ETRN
250-XUSR
250 HELP
mail from: anyuser@y-coach.com
250 2.1.0 anyuser@y-coach.com... Sender ok
rcpt to: jaydrake@inthecastle.com
550 5.7.1 jaydrake@inthecastle.com... Relaying denied
quit
221 2.0.0 liza.siteprotect.com closing connection
Connection closed by foreign host.

What's important to note there is the line that says "Relaying denied"

What that means is that I couldn't just fake an address and try to send mail through your mail server to myself. What you seem to be a victim of is spoofing, which means that while they send the mail through some other smtp server (not yours, possibly one that is an open relay) it appears to have come from your domain.

The bad news is that there is nothing you can do about this other than gather the email headers from the angry people who got these emails and try to track down where they really came from. Likely this won't do you any good.

The good news is MOST (and any that a sensible email administrator would use) email blacklists don't concern themselves with spoofed email like this, or at least don't blacklist the domain that was spoofed. (Because that domain had nothing to do with it and smart mail admins recognize this - and tell the less smart ones.)

What can you do about email spoofing? Nothing. Other than that, you're secure as need be.

__________________
Jay Drake
jdrake@planhouse.com
www.planhouse.com

Oh, and to get back on topic...

Brian Livingston wrote an excellent mini e-book outlining the best ways of masking your address, from using the aforementioned Flash trick to Javascript to obscure your address...

https://briansbuzz.com/spamproof/buy.php

Well worth the read... I would suggest signing up for his paid newsletter (pay what you can), since this was a freebie giveaway...

You may not be aware of this but most times when you end up with spoofed emails from your domain (not to mention lots of unwanted spam) it is because the email addresses were origionally "harvested" off of your web pages with a robot or spider built specifically to collect them.

You can protect the email addresses on your web pages by using the following Javascript code where you would like your email address to appear. I have aptly named it "Spam Bot Killer"

<script language="JavaScript">
<!--
// hide script
var stb_domain = "yourdomain.com"
var stb_user = "theaccountnamehere"
var stb_recipient = stb_user + "@" + stb_domain
var stb_url = "mailto:" + stb_recipient
document.write(stb_recipient.link(stb_url));
// -->
</script>

Change the "yourdomain", of course, to your domain name and the "youraccountnamehere" part to whatever is before the @. The link will show on your page as youraccountnamehere@yourdomain.com and it will be clickable. However the bots and spiders will not be able to harvest your email addresses any longer.

Hope this helps! Enjoy.