Our email address is being spoofed and used to spent out huge amounts of spam - help!

[Azam.biz]

Our domain name has an email address info [at] azam.net.

The email address is receiving dozens of emails every day which are as follows:

"
FROM: postmaster@mbrd.ru

SUBJECT: Delivery Status Notification (Failure)


This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

ekozhevnikova@ufa.mbrd.ru
737-615info@ufa.mbrd.ru


"

They all have attachments in Russian and also another one as follows:

"Reporting-MTA: dns;ufadc1.ufa.mbrd.ru
Received-From-MTA: dns;78-61-180-142.ip.zebra.lt
Arrival-Date: Wed, 5 Dec 2007 17:44:05 +0500
Final-Recipient: rfc822;ekozhevnikova@ufa.mbrd.ru
Action: failed
Status: 5.1.1
Final-Recipient: rfc822;737-615info@ufa.mbrd.ru
Action: failed
Status: 5.1.1"

Another email:

"This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

mow@deloitte.ru
mesk@deloitte.ru
nbubnovai@deloitte.ru
mtsygankov@deloitte.ru
moscowp@deloitte.ru
najoeva@deloitte.ru
msiraya@deloitte.ru
msidorova@deloitte.ru
nabrosimovat@deloitte.ru
msa@deloitte.ru
mkuv@deloitte.ru
nbilyushova@deloitte.ru
"

Many of my business contacts and friends are saying that they are not receiving my emails from our @azam.net addresses. This is severely damaging my business and causing me a lot of stress.

I have spoken to somebody and he said I should ask my webhost for private nameservers. Do you think that would help please?

He also recommended I get a private IP block from my webhost? Once again, do you think that would help?

Also he said the domain name hasn't be blacklisted but has some warning against it? Is there any way to check this and stop it being gray-listed?

Any advice on how to resolve this would be most welcome. Thank you in advance.

[wige]

Quote:

Originally Posted by Azam.biz

I have spoken to somebody and he said I should ask my webhost for private nameservers. Do you think that would help please?

Nope.

Quote:

Originally Posted by Azam.biz

He also recommended I get a private IP block from my webhost? Once again, do you think that would help?

Nope.

Quote:

Originally Posted by Azam.biz

Also he said the domain name hasn't be blacklisted but has some warning against it? Is there any way to check this and stop it being gray-listed?

You can, but until the problem is resolved, it won't do much good.

Quote:

Originally Posted by Azam.biz

Any advice on how to resolve this would be most welcome. Thank you in advance.

Often the bounce messages (those undeliverable messages that you cite above) reprint the headers of the bouncing e-mail. Check those headers for the originating IP address or hostname. Make absolutely sure that that IP address is not the IP address of your server or your mailserver. If it is, you only think your stressed now, as the server may have been compromised.

Next, you need to check with your hosting company and make absolutely sure that a reverse dns entry has been created for your domain name. This is frequently used to check for, and prevent, spamming as it allows the recipient of the e-mail to confirm that the message is coming from an authorized sender.

[bj]

I've had this spoofing happen, and constantly have emails bounced back to me that are obviously spam, but my webserver was never compromised, and there is a reverse dns entry for my domain name. So I never ended up on a blacklist. I suspect that you have.

[imvain2]

I don't see your domain or mx IPs (205.234.110.53/83.223.98.50) on any blacklists.

Checkout DNS tools, reports and Hosting tests, advanced network and domain name tools., you can run a check to see if you have been listed. I don't know if those were the correct IPs or not. You will want to make sure and find your correct IP address.

[netman4ttm]

Go to this site follow the instructions
SPF: Project Overview

Then add to your named servers' records

Or have your email host add to your records.

Won't solve the problem but will help alieviate it.

[jewillis]

There is absolutely you can do about someone spoofing your email address. There is SPF, Domain Keys, etc, but those are tools used by receiving mail servers. Spammers harvest email addresses and use them as FROM addresses in spam they send. It is no different than someone using your street address as a FROM address in mail then send using the Post Office, no way to stop it.

[kevinper]

My take on this is that you may have a trojan running in the background. There is a very bad one running loose right now that emails Russia with spam. Check for Malware/Viruses on your compters. I used HouseCall from Trend Micro - Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro USA . It's free but does take a while.

Kevin

[deepsand]

Quote:

Originally Posted by kevinper

My take on this is that you may have a trojan running in the background. There is a very bad one running loose right now that emails Russia with spam. Check for Malware/Viruses on your compters. I used HouseCall from Trend Micro - Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro USA . It's free but does take a while.

Kevin

What evidence is there that the problem at hand is not simply ordinary spoofing?

[RegDCP]

Quote:

Originally Posted by Azam.biz

Many of my business contacts and friends are saying that they are not receiving my emails from our @azam.net addresses. This is severely damaging my business and causing me a lot of stress.

I would strongly recommend getting an unique IP.

If you do not have one, then you are sharing the ip with other hosted sites and any one of them could cause spam problems and IP blacklisting.

Reg

[chandrika]

This has been happening on my domains for ages as well. It is really bad and I have been told there is nothing I can do about it.

My own solution may be a little extreme but I am so sick of it happening and like you say, the kind of crap they send out in your domain name, isnt good for you at all, so I am actually switching off email from my domain 100% and will only be using my gmail or some other email account to send and receive emails, together with a service called spamarrest which is very good and requires all email senders to authorise their mails by return mail before they are added to a white list.

Next is to setup total security on all forms on my sites so that all email addresses for send to for forms are totally secure and hopefully that will sort this out. Some form scripts can cause problems so when setting up a new email that is important to be 100% secure on.

I think that doing this has a less negative effect on me than having people send out crap from my domains and so this is the solution I suggest so that you can keep your domain for your website etc, but no longer have any email associated with it and find a suitable email address for your business that isnt from your domain, so you can shut that all down.

I am getting real mad at the vileness of the spam emails i get, the majority is so offensive and i know its not just me, but I am at the point where i dont want to check my emails because to do so get swamped with so many hideous things tha i just dont want in my head, in my eyes or anywhere else.

I use spamarrest which is pretty good, but still i am bugged by these ones from my own domains which so long as i am usin my domains for email i cant block, which is why i am just goin to stop using my domains for emails completely.

[deepsand]

Quote:

Originally Posted by chandrika

My own solution may be a little extreme but I am so sick of it happening and like you say, the kind of crap they send out in your domain name, isnt good for you at all, so I am actually switching off email from my domain 100% and will only be using my gmail or some other email account to send and receive emails, together with a service called spamarrest which is very good and requires all email senders to authorise their mails by return mail before they are added to a white list.

Next is to setup total security on all forms on my sites so that all email addresses for send to for forms are totally secure and hopefully that will sort this out. Some form scripts can cause problems so when setting up a new email that is important to be 100% secure on.

None of which will prevent anyone from spoofing your address.

[datetopia]

Yep. This happens a lot for our domain names also.

You probably will not get your domain blacklisted as the firewalls that do these things check the email headers, route, check back with your mail server and make sure the email comes from your domain before banning it. Otherwise, anyone could have the competitors or certain big sites blacklisted... people could have gmail, yahoo or msn blacklisted for spam.

[youds]

Yep, common problem.

Think it's already posted but your best bet is to make sure you can do what you can; so check out DNS tools, reports and Hosting tests, advanced network and domain name tools. - there are certain things you and your network provider can do, their tools will tell you what you have and have not done.

Best of luck

[zbatia]

Well, spam is a pain in *&^%, no doubts. It is why I am taking time to take care about filtering the spam from my major e-mail account.

I share my thoughts and solution here: Secure Cyber, to be exact:
Secure Cyber: * My War with the SPAM
Read entire article, and then follow the link to the .TXT file that contains the updated list of spam sites.

I cannot argue that this method is not the best one, but it works for me. I am updating the text file with new information monthly (sometimes more often). I am reducing spam by close to 90%-93% based on my estimate.
If you have any questions, feel free to ask.

[khurramali]

I am sure most of you know about this, but this is a good resource you can look into https://www.google.com/a/smallbiz/ by Google, which can certainly address this and many other problems completely.

compare free and paid editions Google Apps

[thehappysmoker]

I have NEVER knowingly sent unwanted email to anyone.

When my address was spoofed, it was apparently quite a long time before I realized that it was happening.

By then, AOL (who I didn't subscribe to) had put me on a blacklist which completely ruined communications with several others, not just AOL. I was severely punished for being a victim, and I couldn't complain to AOL about it because my address was blocked, and when I tried complaining via a different address, they didn't even bother to reply (they still haven't).

Eventually I got in touch with the BBC (the power of TV), and shortly after that I was (coincidentally ?) able to use my email again.

But there doesn't seem to be much you can do for yourself in this situation.

[deepsand]

Quote:

Originally Posted by thehappysmoker

When my address was spoofed, it was apparently quite a long time before I realized that it was happening.

By then, AOL (who I didn't subscribe to) had put me on a blacklist which completely ruined communications with several others, not just AOL. I was severely punished for being a victim, and I couldn't complain to AOL about it because my address was blocked, and when I tried complaining via a different address, they didn't even bother to reply (they still haven't).

AOL follows a practice best described as "execute first, and let the corpse appeal."

They take the same action even against their subscribers.

If a subscriber's address has been spoofed, and after a sufficient number of complaints, AOL summarily deactivates the subscriber's account, with no prior notification. The subscriber is afforded no access to the e-mails in question; and, should he succeed in reaching AOL via telephone, requests that he be provided with such e-mails, or that AOL look at the full headers of such, are rebuffed.

And, should AOL reinstate the account, it is not unlikely that it will be permanently closed owing to the continued use of its address.

As for getting a refund from AOL for the time period paid for but not usable owing to their actions, lots of luck.

It's not called AOHell for lack of reason.

[chandrika]

Quote:

Originally Posted by deepsand

None of which will prevent anyone from spoofing your address.

No there doesn seem to be any solution to spoofing, thats why I am doing that, as by not using the domain name for my own emails it averts the worst problem of having blacklisted email addresses that cause important emails to people that I have sent to go in their spam box.

My concern about it has been that my own emails are not getting received, I cant stop anyone using my domain name to send emails, but I do need to ensure that I can send and receive emails myself at the least. So thats why I am just quitting using my domans for emails, its a pity, but I can see what else I can do to ensure my won emails dont get mixed up and put in spam due to the spoofers..

[thehappysmoker]

Quote:

Originally Posted by deepsand

AOL follows a practice best described as "execute first, and let the corpse appeal."

This is not quite accurate. In my case it was "Execute first, and DON'T let the corpse appeal".