Stopping Spoofed Mail From My Domain
15 October 2006, 09:25 AM
#1
Moderator
Thread Starter
iTrader: (5)
Join Date: Nov 2001
Location: Not all those who wander are lost
Posts: 17,863
Received 0 Likes
on
0 Posts
Stopping Spoofed Mail From My Domain
How do I stop it ? I'm getting hundreds of "Mail delivery failed: returning message to sender" type emails because some ****** is spoofing mail from my domain 
In all of the the replies it has this, the domain remians the same, IP changes:
Received: from 201.37.27.129 ([201.37.27.129])
by c9259278.virtua.com.br (8.13.2/8.13.2) with SMTP id k9F7CRRc032248;
I'm guessing this is where the spammer is sending from, but how do I stop it ? The company is Brazilian so I can't understand their site
In all of the the replies it has this, the domain remians the same, IP changes:
Received: from 201.37.27.129 ([201.37.27.129])
by c9259278.virtua.com.br (8.13.2/8.13.2) with SMTP id k9F7CRRc032248;
I'm guessing this is where the spammer is sending from, but how do I stop it ? The company is Brazilian so I can't understand their site
15 October 2006, 04:27 PM
#3
Scooby Regular
Join Date: Jun 2006
Location: Northampton
Posts: 173
Likes: 0
Received 0 Likes
on
0 Posts
To block messages from a sender or domain
You can block messages from a particular sender or domain. The domain is the name following the @ symbol in an e-mail address.
When you block a sender or domain, no e-mail or news message from that sender or domain will arrive in your Inbox or in the news messages you read. E-mail from blocked senders goes directly into your Delete folder. Newsgroup messages from blocked senders are not displayed.
From your e-mail Inbox or the list of messages in a newsgroup, select a message from a sender you want to block.
On the Message menu, click Block Sender.
Blocking a sender applies to standard POP e-mail only. It does not apply to HTTP e-mail or IMAP messages.
Virtua:
Contact
Our address is:
73 Highland Rd
Stamford, CT 06902
USA
You can contact us via the following e-mail addresses:
General inquiries: info@virtua.com
Consulting services: consulting@virtua.com
Website problems: webmaster@virtua.com
Domain Name: virtua.com
Status: REGISTRAR-LOCK
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: Web Hosting, web site design and domains from Network Solutions
Expiration Date: 2007-08-29
Creation Date: 1995-08-30
Last Update Date: 2006-10-05
Good luck
Daniel.
You can block messages from a particular sender or domain. The domain is the name following the @ symbol in an e-mail address.
When you block a sender or domain, no e-mail or news message from that sender or domain will arrive in your Inbox or in the news messages you read. E-mail from blocked senders goes directly into your Delete folder. Newsgroup messages from blocked senders are not displayed.
From your e-mail Inbox or the list of messages in a newsgroup, select a message from a sender you want to block.
On the Message menu, click Block Sender.
Blocking a sender applies to standard POP e-mail only. It does not apply to HTTP e-mail or IMAP messages.
Virtua:
Contact
Our address is:
73 Highland Rd
Stamford, CT 06902
USA
You can contact us via the following e-mail addresses:
General inquiries: info@virtua.com
Consulting services: consulting@virtua.com
Website problems: webmaster@virtua.com
Domain Name: virtua.com
Status: REGISTRAR-LOCK
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: Web Hosting, web site design and domains from Network Solutions
Expiration Date: 2007-08-29
Creation Date: 1995-08-30
Last Update Date: 2006-10-05
Good luck
Daniel.
16 October 2006, 12:01 PM
#5
Moderator
Thread Starter
iTrader: (5)
Join Date: Nov 2001
Location: Not all those who wander are lost
Posts: 17,863
Received 0 Likes
on
0 Posts
I had the email catch-all removed from my domain so I don't get quite as many now, but Titan advised me that nothing can really be done to stop this. Just have to hope that they move on to someone else.
16 October 2006, 08:51 PM
#6
Scooby Regular
You may well find that it is this....
W32/Kalel-A is a worm and backdoor Trojan for the Windows platform that targets peer-to-peer file sharing utilities.
W32/Kalel-A may arrive in email with the following characteristics:
Subject line:
Mail delivery failed: returning message to sender...
Message text:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of
its recipients. For more details read the attached document.
Attachment:
errors_details.zip
W32/Kalel-A is a worm and backdoor Trojan for the Windows platform that targets peer-to-peer file sharing utilities.
W32/Kalel-A may arrive in email with the following characteristics:
Subject line:
Mail delivery failed: returning message to sender...
Message text:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of
its recipients. For more details read the attached document.
Attachment:
errors_details.zip
16 October 2006, 09:03 PM
#7
Scooby Regular
Join Date: Dec 2000
Posts: 338
Likes: 0
Received 0 Likes
on
0 Posts
Indeed you may well be correct Jeff but I am getting these and I am exclusively on the Apple platform !
'tis f*cking annoying to say the least . . . . almost 30 today and still going strong.
If you look into the long header you should see all sorts of information and some of it can be used within the email client to disciminate between the good and the ugly !
X-Spam-Score: 77
X-Spam-Bar: (+++)
SpamBar can help as well
It is a nightmare for everyone as an open relay tends not to be the cause now more likely a legion of bots all with open access to port TCP25.
Rich
ps Say hi to Stef
'tis f*cking annoying to say the least . . . . almost 30 today and still going strong.
If you look into the long header you should see all sorts of information and some of it can be used within the email client to disciminate between the good and the ugly !
X-Spam-Score: 77
X-Spam-Bar: (+++)
SpamBar can help as well
It is a nightmare for everyone as an open relay tends not to be the cause now more likely a legion of bots all with open access to port TCP25.
Rich
ps Say hi to Stef
Trending Topics
16 October 2006, 10:22 PM
#8
Scooby Regular
They are attempts to spread the trojan...They aren't really failed Mail Messages...you haven't sent anything, it's the way of getting you to run the Trojan by clicking on the file that is attached. Which is why you can get the mail message appear, even on a Mac.
18 October 2006, 12:17 PM
#11
Scooby Regular
Join Date: Feb 2004
Location: High Wycombe
Posts: 3,763
Likes: 0
Received 0 Likes
on
0 Posts
You can't stop this unfortnately.
The two tools I use to remedy the problem (or at lease make it bareable) are:
mailwasher (sits in between you & your pop account) (free version available)
or
spamarrest - active whitelist which only allows e-mails through that have been auth'ed (paid for service)
The two tools I use to remedy the problem (or at lease make it bareable) are:
mailwasher (sits in between you & your pop account) (free version available)
or
spamarrest - active whitelist which only allows e-mails through that have been auth'ed (paid for service)
18 October 2006, 08:20 PM
#12
Scooby Regular
Join Date: Nov 2001
Posts: 2,576
Likes: 0
Received 0 Likes
on
0 Posts
I have reduced mine a lot by implementing spf records for my domain's.
The record basically says that email from this domain can be sent by a certain group of servers. This is information is used by the receiving mail server.
Not every isp have implemented this yet (very few have), but it has helped a bit.
Ask the people that look after your domain to see if they are willing to set it up, if willing, the may ask you for the string to add. Google about for spf, there are web sites that help you format the string correctly.
Apart from that, not much else you can do..
H
The record basically says that email from this domain can be sent by a certain group of servers. This is information is used by the receiving mail server.
Not every isp have implemented this yet (very few have), but it has helped a bit.
Ask the people that look after your domain to see if they are willing to set it up, if willing, the may ask you for the string to add. Google about for spf, there are web sites that help you format the string correctly.
Apart from that, not much else you can do..
H
05 January 2007, 02:28 PM
#13
Scooby Regular
Join Date: Dec 2000
Posts: 338
Likes: 0
Received 0 Likes
on
0 Posts
I know I have dragged this one from the grave . . .
but enough is enough . . . SPF here I come ! My ISP Zen will put the relevent entry against my MX record so at least it will be just the Viagra/Rolex/IPO Boyz to worry about.
Rich
Edited to add -
This was sooooooooo easy ! ! ! !
Go here - The SPF Setup Wizard
Type in your domain name i.e. muppetheaven.org
then fill out the rest of the form to finally give you the SPF MX record entry required !
"v=spf1 ip4:100.100.100.100/29 a mx ~all"
Note - The <100.100.100.100/29> element being the external IP addresses of your Internet connection or external IP address space, which you may or may not want to allow hosts to send SMTP from.
email off to your DNS support chappies at the ISP when confirmed as completed test using the SPF test auto-responder email service as listed here - SPF: Tools
The usual stuff, do not make any changes without fully appreciating the implications to you and/or your company so read the background SPF detail throughly - SPF: Project Overview
Have a good weekend
R
but enough is enough . . . SPF here I come ! My ISP Zen will put the relevent entry against my MX record so at least it will be just the Viagra/Rolex/IPO Boyz to worry about.
Rich
Edited to add -
This was sooooooooo easy ! ! ! !
Go here - The SPF Setup Wizard
Type in your domain name i.e. muppetheaven.org
then fill out the rest of the form to finally give you the SPF MX record entry required !
"v=spf1 ip4:100.100.100.100/29 a mx ~all"
Note - The <100.100.100.100/29> element being the external IP addresses of your Internet connection or external IP address space, which you may or may not want to allow hosts to send SMTP from.
email off to your DNS support chappies at the ISP when confirmed as completed test using the SPF test auto-responder email service as listed here - SPF: Tools
The usual stuff, do not make any changes without fully appreciating the implications to you and/or your company so read the background SPF detail throughly - SPF: Project Overview
Have a good weekend
R
Last edited by rich101; 05 January 2007 at 03:12 PM.
Thread
Thread Starter
Forum
Replies
Last Post
fatboy_coach
General Technical
15
18 June 2016 03:48 PM
Mattybr5@MB Developments
Full Cars Breaking For Spares
28
28 December 2015 11:07 PM