Client sending spam to himself?

[optimalwebsite]

I have a client who is getting the usual spam sent selling Viagra etc, but unusually the email appears to be sent from himself!?! The sender's email address is his own.

Has anyone seen anything similar, or know how to fix?

Warm Regards,


Joel

[MrGamm]

At one point there was a domain spoofing prevention measure put into effect called SPF...

SPF: FAQ/What is SPF

I think hotmail began enforcing this a few years ago...

Additionally you might want to make sure your server requires authentication before email is sent out. In some cases you can connect to anybodies mail server and send email in any manner you please. I believe the technical term is called "open mail relay"...

Open mail relay - Wikipedia, the free encyclopedia

Other than that... perhaps there is a form on that persons website which is being exploited. If the website sends out any email from the email address the spam is being sent from it would be the tip off. You could check your server logs for abuse. Typically if a spammer gets a hold of a poorly secured form on a website they will let loose...

[NetMassimo]

It almost certainly is a case of a spammer sending junk mail using your client e-mail address, which is public or got public someway. Unfortunately there's nothing you can do.

[optimalwebsite]

But how is it possible to send the email from the user's own email address?

Warm Regards,


Joel

[MrGamm]

Quote:

Originally Posted by optimalwebsite

But how is it possible to send the email from the user's own email address?

Warm Regards,


Joel

They might be sending the email from the users email software correct? There is no guarantee at this point that they are hijacking your email address although it is possible.

If your website allows people to send email it could be a breach on the website. If your computer is infected with malware your friends computer could be sending out email on his behalf.


Sometimes people don't set the mail server software up securely either. They will accept email from anybody without attempting to verify who that person really is. In which case it would be wise to make sure you are authenticating ( requiring the email server asks for a login and a password ) before the email is sent out. Outlook and Mac Mail will have a settings checkmark which will allow you to turn it on or off... if you can turn it off then other people can pretend to be you and send email to your server because you haven't protected it with a password.

The other option is to use SPF records in your dns record. It takes idenitity verification one step further and attempts to validate where the email orginated from. If it did not orginate from your domain and the email is said to have come from your domain when it was sent out via another method the mail will get rejected.

Spammers don't like having thier emails rejected and this can help them look elsewhere. Additionally the servers which do use SPF will prevent those spam emails from getting through.

These are all things your host should be able to help you out with. I am not an expert on it... I only know that if I wanted to forge an email so it looked like your email adress sent it I could. I would just type your email adress into the "from" field when I sent the email to the mail server for delivery.

[CarolSLC]

Most likely, the sender is just spoofing the client's email address as the "from" address. It's easily done. It happens to us all the time. Our email addresses are taken off our website by spammers. You can look at the email header and see what IP address it's coming from - it's not ours. I've been told by people I respect in this area that there's really nothing I can do - just use a spam filter, and ignore it. If the spam from a particular IP address gets bad, you can block that I think. I've had tech support with our web host help set that up on our server.

[wige]

Typically what you describe is referred to as spoofing, where the sender's e-mail address is faked.

As an example, think of the world e-mail system like the post office. This is effective, since the e-mail system was modeled after, well, the post office (hence e-mail being sent via the Post Office Protocol, or POP). When you send the letter, you will typically put the recipient's address in the center of the envelope, and your return address in the corner. The post office will then stamp the envelope with the town of origin, showing what post office originally handled the letter, and will also barcode the envelope.

In e-mail terms, the headers are like the envelope of a snail mail letter. Just like you can put any return address you want on a letter, you can put any return e-mail address on an e-mail you send. There are some defensive measures that are becoming prominent, such as the above mentioned SPF, but these measures are not yet commonplace.

[claybutler]

Happens to me all the time. The worse is when I get dozens of bounce backs from dead email addresses because the spammer spoofed my email as the "from". Nothing to worry about. Back in the day people would sometimes send me nasty "I hate you spammers" emails but now I think most people know these are faked and not to take the "from" seriously.

[Tech Manager]

I'd have to go with a 99.99% likelihood that the email is being spoofed. This has been going on for years. Over the past couple of weeks I've noticed a substantial increase.

One of the main reasons for spoofing an email address is to get the content (spam) past any spam filters. You can use SPF and several other techniques, but a simple technique is to blacklist specific emails to specific accounts. For example, you could specifically blacklist an address and prevent it from receiving email from itself.

Another good preventive practice is to use email aliasing. These are throwaway addresses that can be deleted anytime they end up on a spammers list.

[sharonjackson]

I was having this problem when spammers were going to MY WEBSITE and sending spam on MY FORM to ME. It was driving me insane...sometimes 20 a day. Yes, there was a captcha on the page and also my email address was heavily enkoded.

First thing I did was to google my email address and see where it came up and asked whoever to remove it from where ever.

The next thing I did was to find a little javascript thingy that would provide me with their isp address along with the form. Then I went to one of those international whois sites that tell you where the computer is...usually in my case China and Indonesia where they chop off your hands or something terrible if you are a spammer. I would forward all the information I had to whoever the server was...and in a VERY short time, it stopped completely.

Now I just have to get over the guilt of a bunch of handless spammers and get on with my life!

[newsblaze]

Carol is correct.
You can put any address you like in the FROM field.
Spammers put your address there because many people have their own address in their whitelist.
This trick will often allow their spam message into the system without being checked for spam.

Looking at the FROM address tells you nothing at all.
If you receive spam and it says Fron: georgebush@whitehouse.gov would you really believe the President has resorted to sending viagra spam?

The only way to tell where a message is really from is to read the message headers. You need to know how they work because spammers can spoof many of those, too, but the ones they can't spoof are those in your data center and its really hard to spoof the IP of the sending server that connected to your data center. If you don't understand how to read the headers correctly, you can go to a service like SpamCop and paste the complete spam message, including headers and SpamCop can tell you exactly who is at fault.

[deadhippo]

I have this issue but it is as Sharon says. One way to check if his own email form is to blame is to add a field that will be included in the email that identifies it as coming from that particular email form.

[Martinscholes]

It happens at my workplace. Sadly as I have at least ten email addresses feeding into my account (I work on four magazines for a publisher) I get loads of these damned emails. I, too, have noticed a major increase in spam in recent months.

I had over 600 items of spam in the spam filter after the Christmas holidays. Not to mention the 1,000+ that got through...

[Peter]

email is rapidly becoming a total waste of time, I have reputable hardware in place to deal with spam emails but the crap keeps getting through.

The appears to be from myself is a pain but is easy to fake. The most annoying is where spammers use someones email address as the "from" address. I have had instances of 40,000 non deliverable emails arriving overnight due to this.

[Clint1]

Quote:

Originally Posted by optimalwebsite

But how is it possible to send the email from the user's own email address?

Warm Regards,


Joel

Just about any email program if not all can be set to any "from" email address. There's also spam software (which should be illegal and punishable by death) that of course can also be use with any made up or real "from" email address slandering whomever the cyber-terrorist parasite chooses. As another pointed out, there's nothing you can do about it because they're all using this software to use bogus IP addresses, or those Asian cyber-terrorist-gathering internet cafés. I've been victimized by this many times. If one ever catches the person, they should be shot in a public area as a deterrent.

[sharonjackson]

Quote:

Originally Posted by Clint1

If one ever catches the person, they should be shot in a public area as a deterrent.

Clint you are a scream. I love it that on one hand you can state the above and then you sign it "God Bless"

Thanks for the laugh and I agree with you by the way!!

[Clint1]

Quote:

Originally Posted by sharonjackson

Clint you are a scream. I love it that on one hand you can state the above and then you sign it "God Bless"

Thanks for the laugh and I agree with you by the way!!

ROTFLMAO. Hee hee. Yeah, shoot 'em, but may God Bless 'em on the way out.

[wige]

Quote:

Originally Posted by Clint1

ROTFLMAO. Hee hee. Yeah, shoot 'em, but may God Bless 'em on the way out.

I like it! A new message to spammers:

May whatever God you pray to have mercy on your soul, because these bullets won't.

[Clint1]

I actually created email addresses before like "SpamItandDie@mydomain.com", that way.......well.......they were warned and I have an excuse. LOL.

[andr113]

It may be any virus or spamer's attack!

[Clint1]

Quote:

Originally Posted by andr113

It may be any virus or spammer's attack!

If you mean to say this could be a spammer or a virus/worm, yes. There have been dozens and dozens of virus type emails sent using someone's (valid) email address. In the past it was because the PC of that person's email address was infected and that was how the malware propagated, but in recent years that no longer has to be the case. They can be from a valid email address from a totally clean PC, but I'm not sure how that works. It's like the malware "scans something somewhere" and finds millions of email addresses and just picks some to use (at random).

[NetMassimo]

Well there are worms that scan the infected PCs mails to get all the addresses to use while they propagate. There are also spiders that scan web sites looking for e-mails to send spam to and sometimes to use as a bogus form address.

[Clint1]

Quote:

Originally Posted by NetMassimo

Well there are worms that scan the infected PCs mails to get all the addresses to use while they propagate. There are also spiders that scan web sites looking for e-mails to send spam to and sometimes to use as a bogus form address.

Indeed, that too!

[TrafficProducer]

Take Care...

validate where the email orginated from...

OK you may track it down, but there is not much can be done really... If you personally try to take action it could have dangers... These SPAMMER/SPOOFERS are breaking the law so they will think nothing of breaking legs, ouch!!

Tell the law; let them deal with it.. but they just move to another area, so they are difficult to catch...

SpamFilters