Someone spoofing my email address

[dingbat]

I'm sure I'm not the first to post about this. For 2 months now someone has been spamming with 'Top Stock picks' and various other garbage and using my email as the return or from address. I am getting rejected mail everyday either from closed email acoounts or from spam filters. 95% of the spam is to the same name as me before the @.

Using Microsoft Outlook is there any way I can track down where this is coming from? I would otherwise not bother if it was the odd one. But this is really peeing me off.

Thanks

 

[Chris Routledge]

Nothing in outlook to effectively help you.

You need to have good server spam protection, cloud based even, to stop all the incoming backscatter mail. And the correct DNS settings setup at your host, SPF record etc.

There is a real rink of being added to blacklists on a regular basis

What kind of email server are you using?

 

[pjperez]

If I correctly understood, you're getting messages rejecting the original spam message (as they use your address in the "from" or "reply to" fields). If that's the case I'm afraid there's not much you can do to stop these, but you can hide them setting up a filter that sends those to a separate folder. Filter keywords as "mailer-deamon".

As there's a risk you'll get a legitimate reject message from time to time I would review that folder twice per month or maybe even weekly.

 

[Jeff FV]

I had this problem a couple of months ago(?) Not a lot you can do about it, if its any help, it seems to have 'gone away' for me and I'm not getting them anymore.

HTH

J

 

[kulture]

It happens to many people. Look up Joe Job on google. It is so common these days that many anti spam services look deeper than just the reply to address or the from address to find the real spammer.

 

[dingbat]

Thanks for the response. I can only hope that it so common that spam blockers will see beyond that. Otherwise anyone is susceptible to be blocked from me to David Cameron.

I know that my 1&1 email stuff has been rejected for 24 hours odd from some servers because of of people presumably hacking into shared server space and spamming. That seems to have stopped now. Some months ago it was getting pretty bad.

 

[Paul_Rosser]

Nothing at all you can do about it, due to the way email is designed anyone can send an email from any address they like.

A lot of the more modern spam filters will now check the originating IP address of the email and then do a DNS lookup to see if it's listed as one of the MX (Mail eXchanger) records for that domain, but that doesn't help you much as emails will still bounce to the original address which is yours.

 

[ServWise]

Proper mail server setup, RDNS and especially SPF records are about the only defense against a "Joe Job" I am afraid.

http://en.wikipedia.org/wiki/Joe_job

 

[Karimbo]

OP, I had something similar - nothing is more frustrating then when a spammer exploits your web presence to do this kind of stuff.

I don't know how email tech has moved on hopefully the spam blockers will block the IP the email originated from and not your email address or domain.

This will obviously be problematic if your email/domain is now on spam lists and gets sent to spam - it will have a noticable decline in email responses if that is the case.

I had a spammer uses me domain karimium.com do tests using forum spam - I guess they were using my domain as a ginue pig and spammed thousands of forums with a targeted keyword. My website has now been blacklisted on Google and does not appear anywhere in the first 10 pages of Google. I am not getting any new enqiries at all and just have a few montly clients.

I have moved onto another business. I had both of them going at the same time, but when consulting work stopped coming in I just refocused my priorities on this new venture and it's doing a lot better.

 

[Sam@UTS]

This is a common problem faced by many email domains but it is NOT one that you have to meekly accept.

With the use of various technologies (primarily SPF records as Chris suggested) it is quite easy to mitigate this kind of spoofing. This mitigation relies on the recipient server using the same technologies but for most large companies and email providers these technologies have been standard for years.

If you have a self hosted solution then I would ask your technical department or IT Support company to look into it as they should be able to add SPF easily. If you using a hosting provider for your email (you mention 1&1 above) then I would raise the issue with them as any decent email host should have these technologies already in place.

If you need any help with your specific circumstances then please feel free to PM me.

 

[RoseHosting]

You can easily track down the origin of the bounced spam email via Outlook:

Double-click to select the rejected message and open it in a new window. Click File > Info > Properties. The header is displayed under 'Internet Headers'. Once you have the full header, look for 'Received from' toward the top of the header and in the next lines you should be able to find the spammer's IP address.

You can easily block bounced messages using SpamAssassin (if it is installed and enabled on your virtual server or shared hosting account).

 

[onlineshop1]

rDNS & an SPF record will most probably resolve this issue for you. If you're domain gets on a blacklist because of this it will be a real pain, more so than getting rDNS and an SPF record created!!

If you require any help drop me a private message.