returns from emails I didn't send?

[philjeffs]

Can anyone help please. I'm getting loads of 'returned' emails saying the recipient doesn't exist, etc but they have been apparently sent from all sorts of names I don't use on my email.

All are prefixed before my [email protected] so appear to be originating from me in some way. If I'm getting so many returns how many are getting through, and to whom?

I've disabled my email account on my PC so emails can't be sent, but that isn't stopping the problem so I assume its on the web and not on my PC?

Any ideas?

 

[Rob Holmes]

Hi,

It looks like you do not have an spf record for your domain.

This means spammers can easily fake your email address and send email that looks like it came from your domain.

You need to speak to your webhost and ask them to add the record.

It looks like a spammer has faked your email address and the bounces are coming back to you!

This can make your domain look bad (if the recipient thinks you really sent it), and can cost you time and money (when people complain to you, rather than the spammer)

I've run a check and your IP is currently on one of the smaller blacklists for sending Viagra emails..

See: http://bl.csma.biz/cgi-bin/listing.cgi?ip=212.84.175.24

Thats the best case scenario.

Worst case is that your system has been compromised and the email has been sent directly from your account. I have to say from what you've said I believe it is the first explanation that is the problem.

Hope this helps,

Rob

 

[kyber]

Tell me more about spf please. I get this problem a lot but I did not think anything could reduce spammers spoofing my domain name on emails they send out.

Stuart

 

[Rob Holmes]

Hi,

It's probably best to just give you the link to the site..

http://spf.pobox.com/

But if you've got any specific questions ask away!

We set up spf records automatically for all our clients.

Rob

 

[Rob Holmes]

Tell me more about spf please. I get this problem a lot but I did not think anything could reduce spammers spoofing my domain name on emails they send out.

Stuart

Stuart

I just ran a check on your domain it does NOT have spf records.

SPF's do not stop spammers attempting to send the emails but the emails will get rejected at server level by any mailserver checking for spf records (and I believe most now do or should do)

I believe they would rather locate domains without spf records to save jamming their mail servers up with bouncebacks.

I read somewhere that Hotmail started checking for spf in October 2004.

So, although they are pretty important to have there is still a debate as to their overall effectiveness.

Rob

 

[Top Hat]

This is all new and interesting to me.

How do I check my domain?

Should I get my host to set it up?

and we send alot of mail, how do we test?

 

[kyber]

Rob,

Thanks for the link. I get it now.

I have a bit of a hang up about this approach as it has not come through the IETF as an extention to DNS but is just an extra bit of text. If it helps though...

It would be of no use to me for many of the domains I use because, at home, our broadband service comes from OpenWound but none of the domains are registered by BT and therefore we can not use their MTA but use a commercial relay service so the confirmation signature would not be practical.

It is good to see steady progress on addressing the spam problems though.

Thanks for the link, most useful.

Stuart

 

[Rob Holmes]

Tophat...

you can check all your setup at http://www.dnsreport.com

Stuart,
You still should have an spf record as mail servers will check to see if you published them or not. It at least prevents what is happening to PhilJeffs. No body wants to be labelled a spammer and it's really upsetting if your IP gets blacklisted (as above) because of this. The impact can be disastrous if you rely on email for business.

The spf records are nothing new or out of the ordinary - they should be standard setup when the host configures the domain records.

Rob

 

[kyber]

The spf records are nothing new or out of the ordinary - they should be standard setup when the host configures the domain records.

I am not sure it is a must have as the debate is still open and many are opposed to spf and some suggest that it is harmful:

http://homepages.tesco.net./~J.deBoynePollard/FGA/smtp-spf-is-harmful.html - lots of useful links.

(or the somewhat older http://www.interesting-people.org/archives/interesting-people/200401/msg00037.html )

Regarding the link you gave me, with regard to how it could help me, frankly it can't:

If you run a personal domain, you can either not publish SPF records at all, or set up "v=spf1 ?all" for your domain, and you'll be able to send mail from your laptop no matter where you are.

I do not get the impression that it is something that should be set up automatically by your host.

However, probably a debate for another forum.

Stuart

 

[Top Hat]

Thanks Rob,

Looks like we don't have one.

Does that mean our mail to Hotmail accounts will be spam washed, more harshly than if we had one?

 

[Rob Holmes]

Stuart I hear the argument

As a host I have to set my clients up in the best way possible for their own interests. Currently that involves adding spf records.

I know there are flaws, but I feel that in this case the positives to having an spf record far outweigh the vulnerabilities and risks to business for not having one.

With personal domain names they still have to be hosted somewhere and IMHO wherever they are hosted the host should provide the option to add spf's - we provide the option to remove the spf records if thats what our client wants.

None have ever asked for the records to be removed, none have ever encountered mail delivery problems because they have spf records and more to the point because they have spf records none have suffered from having their email successfully spoofed.

I'm not actually in favour of verifying email by sfp - which is why we don't but we add spf records for all domains hosted so if any potential email recipient does check for spf then our clients mail will get through. Thats as close as we can get to the best of both worlds!

Rob

 

[Rob Holmes]

Thanks Rob,

Looks like we don't have one.

Does that mean our mail to Hotmail accounts will be spam washed, more harshly than if we had one?

Frankly - I don't know how Hotmail are currently treating SPF's

I feel this is something I should know so I'll drop a note here once I've found out

Rob

 

[I, Brian]

Being spoofed seems to be a pretty common problem - and SPF or not, I'll be surprised if there's anything that UCE users can't figure how to exploit in terms of spoofing - got a spam using the Yahoo.co.uk domain name the other day, of all place...

 

[Rob Holmes]

Unfortunately where theres a will theres a way.

Rob

 

[philjeffs]

Wow, I go out to work and come back to war and peace!

My email host (Names.co) pointed me at the same website and said it was down to me to set it all up. They were totally uninterested that the domain was being used incorrectly.

Now, being a complete technophobe, I've seen the website but what do I do to put it right - in simple english please?

 

[Rob Holmes]

Wierd that they don't care - oh well.

There are instructions on the site that *should* walk you through it.

We do it a different way so I've never used the site in question.

Hope you get the issue resolved without too much hassle

Rob

 

[Ian J]

Now, being a complete technophobe, I've seen the website but what do I do to put it right - in simple english please?

Me too. I checked at the SPF site and at the DNS Reporting site mentioned earlier and they could have both been written in a foreign language for all that I understood.

I use Mailwasher to examine mail on the mailserver as I receive so much spam and quite a few appear to come from myself.

I have several domains hosted with two different webhosts and in every case all emails are diverted to my personal email account with ntlworld. Does that make a difference to combatting spam from myself

 

[philjeffs]

I think I've followed the wizard through OK, and I now have a script that needs adding to my 'BIND' file. Where is that located?

 

[Rob Holmes]

I think I've followed the wizard through OK, and I now have a script that needs adding to my 'BIND' file. Where is that located?

Your Webhost looks after these - they're your dns zone files on the server - they should be able to add them easily but they'll have to login as root.

Rob

 

[bitsnstuff]

I have had the same problem with my other site www.play-on-words.com and get extremely regular messages saying couldn't be delivered or contained virus. I didn't think I could do anything about it.

However, having seen your post about the spf.pobox site, I have taken a look, but don't understand all the necessary requirements/terminology, would anyone be able to help as I would really like to sort this out, now I know it is possible?

Thank you.

 

[Rob Holmes]

Hi,

Why not have a chat with your webhost?

They should be able to help.

Rob