Home Page
   Articles
       links
About Us    
Traders        
Recipes            
Latest Articles
spoof/phishing emails

 
Post new topic   Reply to topic    Downsizer Forum Index -> IT Matters
Author 
 Message
sally_in_wales
Downsizer Moderator


Joined: 06 Mar 2005
Posts: 20809
Location: sunny wales
PostPosted: Thu Feb 07, 13 12:46 pm    Post subject: spoof/phishing emails Reply with quote
    

I've noticed a rash of emails in my spam filter that are 'returned to sender' but definately haven't been sent from me.

They are the type that are advertising work from home 'opportunities' and as best I can tell they are the type that have hoovered up my email address from somewhere and used it to disguise the real originator. I've checked all the usual spy/malware stuff and I'm as confident as I can be that they are being sent from somewhere else and have just added my email as the return path before starting a random email generator program to send them to as many people as possible.

Is there anything I can do about this? I have a nasty feeling I can't as they don't actually come via my email account, they are just bouncing back to me when the generated email destinations don't go anywhere.

I hate feeling that people are getting spam that appears to come from me, and although looking at it its likely the vast majority that d hit a real email address will go straight into the spam filter, its still deeply annoying.

Any fixes I can try?

Barefoot Andrew
Downsizer Moderator


Joined: 21 Mar 2007
Posts: 22780
Location: In the 17th century
PostPosted: Thu Feb 07, 13 12:50 pm    Post subject: Reply with quote
    

The few of those I've had are fake 'returns' - no actual email has been bounced.

Ignore them and let your spam filter do its thing.
A.

sally_in_wales
Downsizer Moderator


Joined: 06 Mar 2005
Posts: 20809
Location: sunny wales
PostPosted: Thu Feb 07, 13 1:09 pm    Post subject: Reply with quote
    

Barefoot Andrew wrote:
The few of those I've had are fake 'returns' - no actual email has been bounced.

Ignore them and let your spam filter do its thing.
A.


Thats reassuring. Hopefully in time they will get bored and go away

MarkS



Joined: 01 Aug 2006
Posts: 2626

PostPosted: Thu Feb 07, 13 6:12 pm    Post subject: Reply with quote
    

Just a few?

When this happened to me I got thousands.


If these are bouncing back as being from sallypointer.com then you could look into adding SPF records to the dns. Basically tells other servers that emails claiming to be from sallypointer.com are only real if they come from a given list of servers.

sally_in_wales
Downsizer Moderator


Joined: 06 Mar 2005
Posts: 20809
Location: sunny wales
PostPosted: Fri Feb 08, 13 8:55 am    Post subject: Reply with quote
    

MarkS wrote:

If these are bouncing back as being from sallypointer.com then you could look into adding SPF records to the dns. Basically tells other servers that emails claiming to be from sallypointer.com are only real if they come from a given list of servers.


how do I do that then?

Barefoot Andrew
Downsizer Moderator


Joined: 21 Mar 2007
Posts: 22780
Location: In the 17th century
PostPosted: Fri Feb 08, 13 9:51 am    Post subject: Reply with quote
    

That's beyond what you can do yourself, and I can't see your ISP agreeing to DNS mods without good reason.

What constitutes a 'rash'? If it's still only at the minor nuisance level, my advice to ignore them remains. If you're utterly swamped in them, further action with the aid of your ISP may be the way forward.
A.

sally_in_wales
Downsizer Moderator


Joined: 06 Mar 2005
Posts: 20809
Location: sunny wales
PostPosted: Fri Feb 08, 13 11:37 am    Post subject: Reply with quote
    

it was 245 of the little gits overnight, so its getting worse, I'll drop the helpdesk a line, they are really nice. Just didnt initially seem worth pestering them with

MarkS



Joined: 01 Aug 2006
Posts: 2626

PostPosted: Sat Feb 09, 13 10:43 am    Post subject: Reply with quote
    

depends on where your domain is registered.

If you're using 123-reg or one of the other common domain registrars then its very easy.

If your domain is through your ISP then it would depend, but it isnt complex (it is an extra text record) and any isp providing a control panel to manage dns (which many do) should support it.

my record is like this:

v=spf1 a mx a:mail.myisp.org a:mx-out.myisp.org -all
the a means that if the source of the email is an entry in my DNS the good
the mx means is the source of the email is listed as a mail server in my dns then good
the entries a:xxxxx.org lists the servers are not in my dns but which are legitimate sources of emails from my domain. so my ISPs mail servers
the -all means all others are bad


SPF doesn;t stop everything because it has limited usage, but I found that once the spammers had used my domain once, they came back to it on a periodic basis.

SPF is used by the big ISPs so their spam would be rejected by google/hotmail etc when they try to send it. That means that only smaller players accept it which reduces the amount of bounce back to me.

The clever spammers know that it isn;t worth using a domain with SPF because the spam doesn;t get through

You'll keep getting them for ages because different mail servers will keep on trying delivery for different amount of time before they try to tell the sender (who they think is you) that the mail didnt go through.

technically all these bounces are in breach of the internet rules because they shouldn't bounce to an address that they dont know to be legit, but thats in with it being illegal to hail a moving cab etc.

Post new topic   Reply to topic    Downsizer Forum Index -> IT Matters All times are GMT
Page 1 of 1
View Latest Posts View Latest Posts

 

Archive
Powered by php-BB © 2001, 2005 php-BB Group
Style by marsjupiter.com, released under GNU (GNU/GPL) license.
Copyright © 2004 marsjupiter.com