Help - Search - Members - Calendar
Full Version: My domain is being abused by spammers?
The Planet Forums > System Administration > Mail Hosting
DocSavage
Sep 5 2005, 03:03 PM
I got a troubling e-mail via the abuse account for my domain.

QUOTE
Hello. The spammer below is either using your resources to send out bulk unsolicited commercial e-mail.

Hello. The spammer below is either using your resources to send out bulk unsolicited commercial e-mail or is deceptively trying to make it look like he is. In either case, a legitimate company like yours probably would not approve. The information below should be all you need.

--begin full headers--

Received: from dsl.dynamic8510018072.ttnet.net.tr
([85.100.180.72](misconfigured sender))
by sccrmxc11.comcast.net (sccrmxc11) with SMTP

X-Originating-IP: [85.100.180.72]
Received: from wamffk8 (LDQESC.billkatz.com[97.124.93.33])
by billkatz.com (qvrpfxe70) with SMTP

Message-ID: <2879787477.33141@billkatz.com>
From: "Burl Neff" <xgqtxvyvp@billkatz.com>
To: "-----" <--commented out--@comcast.net>
Subject: Re: was fly an dentures
Date: Wed, 31 Aug 2005 09:22:37 -0800
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="--YsB3nvRDeIFgDl4YD"


I commented out the recipients e-mail address, but it seemed like a valid abuse report. I thought I have my server locked down pretty tight. I don't even have the SMTP port available, and I assigned my MX records to a mail handler at a pure mail provider. The IP addresses in the e-mail don't correspond to either my server or my mail provider IP address.

So is this correctable? Can people just forge my domain name onto spam e-mail and get me on blacklists?

Thanks for any light you can shed on this.
Matt2k
Sep 5 2005, 03:49 PM
Is your servers address anywhere in the receipt envelope? I don't see it listed there. If not, it probably isn't a valid spam report.

You can use various testing utilities to see if your server is configured to allow relaying. I think there are some at ordb.net

You can put whatever you want for a FROM address in SMTP. I could put george@whitehouse.gov if I wanted to.

Blackhole lists do not look at the FROM address. They look at the servers involved in the relaying. Spammers will often use other people's real domain names forged as theirs since (I believe) lots of spam traps will score against an e-mail that does not come from a valid domain name.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.