Email being spoofed?
Results 1 to 9 of 9

Thread: Email being spoofed?

  1. #1
    Senior Member
    Join Date
    May 2002
    Posts
    256

    Email being spoofed?

    Two days ago I started receiving a flood of mailer-daemon/postmaster emails stating an email could not be delivered. They are spam emails that I am not sending out, nor do I have a virus on my network sending them out. My concern is that I will eventually be placed on an RBL and never get legit email out to my clients. Is there a way to stop this? I can not really find out who is sending the email since the headers are showing the postmaster IP and not the actual original sender. It seems the person is sending the email from a program called "SquirrelMailer". Any suggestions?
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    A virus has infected a computer that has your email address in it somewhere. It harvested your address and picked you to put in the "From:" field and sent out all the email.... You are getting the NDR's... Delete them....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    Senior Member
    Join Date
    May 2002
    Posts
    256
    The funny thing is is that the email address "Stone at <insert my domain> dot com" has never been used...ever. I wonder how/where that address was harvested. All of the NDRs have the same "From" field of stone@...
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    They are made up.

    We get postmaster, support, tech, info, admin, sysadmin@ourdomain .com all the time.

    No such accounts...never has been...

    We also get mail...say they are from internal user...but when looking at the header...it is coming from an external account...local cable company....viruses harvest the email address books of the machines they have infected.

    Thats why you should be running an up todate AV......


    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    Senior Member
    Join Date
    May 2002
    Posts
    256
    Cool, so you don't think I would be placed on someone's RBL?
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    No... But unless you are running your own mail server that sends email directly to the recipient's ISP's mail server it wouldn't make any difference....

    Then again the RBL's work off IP addresses so it would be blackholing the IP address of the infected computer, (the sender).....

    Then again the RBL's deal with spam and these are NDR's from a virus and since it is you receiving them then unless you complain and give your IP address you probably won't be blocked....

    You're fine....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    usually the IP address gets blocked first. eventually your domain will be blocked, but it takes a long time.. and FYI squirlmail is just mail server software.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  8. #8
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    wildred,
    Don't feel too isolated in your dilemma. Our mail server is currently blacklisted because apparently our company was sending out emails (via Exchange Server) with virus infected attachments, which of course we never sent a single one of these emails. Once I checked the headers, I noticed these emails were originating from all over the place...yet we get blacklisted Too make matters worse, we have to fork over cash in order to remove ourselves from these blacklists that we were put on... from emails we never sent. lovely, isn't it?

    We get postmaster, support, tech, info, admin, sysadmin@ourdomain .com all the time
    LOL. morganlefay, we were laughing one time when we got an email returned to us saying it had an infected attachment. Oddly enough, the account didn't exist. It was merely posted on our website to make us look cool...like we actually have a finance department...(you know how small businesses are ) The sons of bitches took the fake email account from the website and used that.

    I do have one question though:
    Then again the RBL's work off IP addresses
    I'm still confused how our server got blacklisted. Hell I'm still confused about the black listing process. Do they simply look at the From: field, then grab the domain and block the whole domain? I ask this because if they were blocking by IP address, wouldn't the originating address of the email be blacklisted?
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  9. #9
    Senior Member
    Join Date
    May 2002
    Posts
    256
    Shag, that is exactly what I dont want to happen. I can already see every user with Outlook and some sort of plugin dragging the email to their blacklist or ignoring the user/domain. This means my potential customers may not get my email since they think I am spamming the hell ouf of them. Most of my customers don't even realize that email can be spoofed, so this tarnishes my reputation. I sure would like to take a flight over to some of the locations the emails are being sent from and kick some geek butt.
    Sex is like \"Social Security\". You get a little each month, but it\'s not enough to live on.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •