[Dshield] Spam and spoofing my from address

Andy Brown andy.brown at interv8.co.uk
Tue Aug 9 14:45:53 GMT 2005


This has been going on for some time now, and I've tried many ways to 
stop the issue, however other than closing my mail account it just seems 
to get worse.

Several months ago I started to receive bounce messages saying unknown 
recipient, to domains/sites I'd never contacted.
Examining the bounce it showed that the message was spam, using my 
address as the FROM address (nothing spectacular so far really).
I looked closer, and they're being more clever than that, they're 
actually spoofing my server headers also, as the headers show my server 
name, IP address, etc as a legitimate email would.
Now thats not that difficult to do, I know, just grab MX records, etc, 
etc but the problem I've got is that some VERY dumb sysadmins out there 
are now mailing my postmaster account saying stop sending or they'll 
contact my upstream and have me cut-off.

Luckily my upstream is myself! and the upstream from that is via 
business contacts, so very little chance they'd get me cut-off, but what 
I'm worried about is getting blacklisted, etc, etc.

Does anyone have similar experiences, and have any suggestions on how to 
combat this problem?
I'm starting to get upwards of 500+ bounces a day now, so the spammer 
out there is really sending them through at some rate.

I can paste headers, etc to anyone who thinks they can shed light or 
provide possible answers (its not the email addresses i use here)!

Thank you in advance folks, I'm starting to loose my hair....

----
Andy

<andy @ thebmwz3 .co .uk>
http://www.thebmwz3.co.uk/


More information about the list mailing list