Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Censorship Spam

Protecting Your Small Domain from Spam Hijacking? 103

Posted by Cliff from the autoreplies-should-check-the-"Received"-header dept.
Black Cardinal asks: "I have a small domain which I mostly use to post family photos and some software. I also use it to manage a few e-mail addresses that my wife and I use. A spammer recently hijacked my domain name, using it to construct fake return addresses for sending spam (without actually cracking my host account), and caused a flood of undeliverable mail messages to be sent to my domain hosting service, which promptly suspended my account. At the moment it looks like I may never be able to have any @gelhaus.net e-mail again. What can I and my domain hosting service do now to protect their incoming mail servers and my account from this kind of attack, and how can I protect my small domain from this kind of hijacking and allow me to keep it running?"

"My domain hosting service, CubeSoft, has been a good host for my domain for the past three years, and they have been very helpful in re-enabling most of my account, but at the moment they don't want to re-enable my e-mail because of the flood of returned spam coming in (30,000 messages per day). Since the return addresses are all invalid (e.g. 'nonexistent_address@gelhaus.net'), I would think it would be simple to filter out all messages that aren't specific ones I've set up (e.g. 'valid_address@gelhaus.net'). I can't believe my domain is the first to have experienced this problem. It would be a tragedy to have to just shut down my domain because of this. CubeSoft says there isn't any way to prevent it because there is nothing that stops a spammer from using a fake return e-mail address. What have others with small domains done to protect themselves?"
This discussion has been archived. No new comments can be posted.

Protecting Your Small Domain from Spam Hijacking? More

Protecting Your Small Domain from Spam Hijacking?

Comments Filter:

  • Just wait it out (Score:5, Informative)

    by Lord Grey ( 463613 ) * on Tuesday August 26, 2003 @05:31PM (#6799025)
    Your problem may be due to the worms working their way around the Internet rather than due to a spammer intentionally using your domain. My email server recently suffered the same fate (though not quite that high of a volume) and I spent a bit of time tracking down the emails' origins through the bounces. In my case, they turned out to be coming from just a few unique systems and the volume slowly trickled to nothing after several days -- presumably because someone finally got around to patching their systems.

    All the above is conjecture, of course. But it may be something for your ISP to think about. It may be possible to re-enable the MX for your domain in a short while without having to do anything.

    • Re:Just wait it out (Score:3, Interesting)

      by Otter ( 3800 )
      FWIW, I've had exactly the same experience and it has nothing to do with worms. The offenders are in Russia and there's basically nothing I can do about it except dump all bounces straight into a trash directory. I did take the precaution of notifying my hosting provider immediately, and haven't suffered any consequences from them. That may be due to graciousness on their part, or just to their usual laziness.

      The only upside is the hate mail I periodically receive, especially the threats of lawsuits, invoic

    • Call me crazy, but the first thing I would do is talk to the domain name provider and see what they have to say about it, see if there's anything THEY will do... but after that I think it's really out of your hands...
  • and that will be the end of it

  • Get a new domain host. (Score:4, Informative)

    by aridhol ( 112307 ) <ka_lac@hotmail.com> on Tuesday August 26, 2003 @05:34PM (#6799065) Homepage Journal
    Preferably one who knows how to read the headers in a bounce message. This includes the "Received" lines in the original message, which should show that none of them came from your domain. A little bit of due process before shutting you down wouldn't hurt, either.

    BTW, this is generally known as a Joe Job [everything2.com].

    • Re:Get a new domain host. (Score:4, Interesting)

      by deanpole ( 185240 ) on Tuesday August 26, 2003 @06:20PM (#6799584)
      A spammer did my domain too, but nearly every bounce claimed a different source, thus too much work to report every one.

      Luckily, in my case every email hawked generic viagra from China. After a week and a half I finally called Pfizer and reported the website. The emails stopped shortly after that and I was never sure if they were related. The website is gone now too.

      I have seen spam for anti-spam software, but why not for anti-spam retribution services. Of course, I would never advocate violence. :-/

  • One small thing that you can do (Score:5, Informative)

    by martinde ( 137088 ) on Tuesday August 26, 2003 @05:36PM (#6799078) Homepage
    We have had the same issue, unfortunately. I asked on the debian-isp mailing list about it and the only real suggestion was to report the spammer in question to their ISP, which I believe to be in Russia.

    The long and short of it is that we couldn't do much about it, other than try to minimize the resource waste. In our exim configuration we turned on "receiver_verify" in our exim configuration, which means before the incoming message enters the delivery phase, it's verified that there is a valid receiver. (Before doing this, the incoming message would run through spamassassin and then generate a bounce, using CPU time, memory, etc.) I know it's not much; I hope someone comes up with more suggestions.

  • Use SPF to protect against "Joe Jobs" (Score:5, Interesting)

    by Karl J. Smith ( 184 ) on Tuesday August 26, 2003 @05:38PM (#6799105) Homepage
    If everyone uses SPF, it will cut down on spam and joe-jobs.

    See http://spf.pobox.com [pobox.com] You can publish your DNS now, indicating which legitimate IPs are in use for mail from your domain.

    • If everyone uses SPF, it will cut down on spam and joe-jobs.

      Of course, if everyone would stop spamming, it would also cut down on spam.

      It's a good idea, but SMTP without SPF is far too integrated into our lives to eliminate any time soon.

      • Well, if the next version of sendmail, qmail, postfix, and courier support SPF lookups, then as people upgrade releases (Redhat, SuSe, whatever), they'll pick it up automagically. I'm working on getting SPF supported in Openwave Email Mx [openwave.com] (used by Verizon, AT&T, Bell South, etc...)
        • Unless everyone who sends me mail supports SPF, it's useless.
          • No, if only the domains which a spammer is joe-jobbing support SPF, then you can block those emails. But SPF isn't going to keep you from _getting_ spam, after all a spammer can just register a domain, setup DNS records with SPF and all and spam away. But if you publish SPF records yourself, you can be protected from spammer pretending to be you and spamming a million people and you getting all the bounces!

            • No, if only the domains which a spammer is joe-jobbing support SPF, then you can block those emails.

              That's not going to cut down on spam by any significant amount.

              But if you publish SPF records yourself, you can be protected from spammer pretending to be you and spamming a million people and you getting all the bounces!

              Instead you'll get 999,000 bounces from all but the 1,000 people who bother to check the SPF records.

              • And then the next time you get 880000 bounces, and then the next time you get 770000, and so on until everyone is running an MTA that supports SPF. Your argument is one of those "we can't solve all the problems right now so we should just sit here and contemplate our navel" arguments. I suppose you have better solutions in mind and you're just polishing up the RFC?

                • And then the next time you get 880000 bounces, and then the next time you get 770000, and so on until everyone is running an MTA that supports SPF.

                  Next time? I've only been joe-jobbed once so far. By the time the bounces go down to 550,000 it'll be 2050.

                  Your argument is one of those "we can't solve all the problems right now so we should just sit here and contemplate our navel" arguments.

                  No, my argument is one of those "why bother wasting your time implementing a solution which isn't going to actua

    • I don't see anything in his account of the problem that indicates the spam was sent from his domain - only that his domain was listed as a return address. So, I don't think SPF would have helped him, even though it is good advice.
      • I don't see anything in his account of the problem that indicates the spam was sent from his domain - only that his domain was listed as a return address.

        Isn't that exactly what SPF is supposed to control?

        the site [pobox.com] explains quite clearly it is to avoid spammers (from unknown IP adresses) from claiming that "From" (or "ReternTo: ") adresses are inside your domain.

      • Right, SPF stands for 'Sender Permitted From', and basically what it does is it allows an MTA to check that the sending IP address is a 'designated sender' for the domain in the 'mail from:' part of the SMTP transaction. So, if I publish SPF records for my domain, in the short term it's not going to mean much because almost no MTAs when receiving mail claiming to be from my domain will check them. However, over time MTAs will be upgraded to support SPF and when the spammer trys to send mail to 'foo@aol.co

  • As long as email isn't replaced... (Score:5, Insightful)

    by lightspawn ( 155347 ) on Tuesday August 26, 2003 @05:38PM (#6799107) Homepage
    by a secure protocol, I doubt very much anything can be done to protect against what is essentially a DDoS attack (which is, of course, a mere side effect of spam). But nobody seems interested in a modern-day email alternative. Whenever something bad happens, it's always the bad guys' fault, right? Remember, we don't need security, just a world with no bad people.

    • Re:As long as email isn't replaced... (Score:4, Informative)

      by anthony_dipierro ( 543308 ) on Tuesday August 26, 2003 @05:57PM (#6799337) Journal

      But nobody seems interested in a modern-day email alternative.

      Just about everyone is interested in a modern-day email alternative. The problem is getting everyone to agree on which particular one to use.

      • Re:As long as email isn't replaced... (Score:2, Insightful)

        by Anonymous Coward
        I'm interested in cruise missles and seal teams as a viable spam solution.

        If the spam comes from china, find their mailservers, routers, and even fiber links, and solve the problem in the most american way I can think of. Hot, fast lead. If it comes from florida, really with that state why aren't we testing our nuclear stockpile there instead of wasting valuable cpu cycles that could be running doom III? Russia? Disperse some anthrax, and leak a story about how some dumbass russian researcher trying to
      • ...and then getting the entire world to switch at the same time.

        --

  • The easiest thing to do would be to setup your own SMTP server, then point your MX record at that. At this point you own the server, and can do all of the filtering that you need at this point.

    This won't solve the 30K messages a day problem, you will still have to suffer under that bandwidth, but your destiny is in your hands, you can get spamassasin, or your favorite filtering application to handle the problem. It has sucked the last few days for me as well... Something like 400 copies of sobig coming a

    • The easiest thing to do would be to setup your own SMTP server

      Not everyone has a permenant net connection that lets them set up a personal mail server, and even if you do have that, those 30k messages will have to be routed via a service provider of some sort - okay, so you stop annoying your hosting provider, but you'll very quickly get on the wrong end of your network provider with that sort of traffic coming into a home account.

      Which is worse? Having your hosting provider pull the plug on your email,
    • Actually, I used to have my own server when I had a DSL net connection. 3 years ago I moved and DSL was not longer available, so now I'm on cable modem, and my ISP's contract explicitly forbids me hosting a server on my connection. Otherwise I would have. Having my domain hosted somewhere is my currently only legal option.
      • I have decided we should quit calling every cable modem company ISPs. They do not provide Internet Service - They provide Web Service so WSP.

        The reason that I say this is that with their Terms of service these WSP'ers remove the ability to use the internet the way that I want too. I want to be able to run VPNs, I want to be able to run services that are usefull to me as their custommer. About the only thing that the TOS allow is to surf the web for porn, and use their e-mail server to download mail to m

    • I would love to have my own mail server but wouldn't that require me to have my computer turned on and connected 24/7?

  • You have the Michael Bolton problem (Score:5, Funny)

    by utahjazz ( 177190 ) on Tuesday August 26, 2003 @05:40PM (#6799129)
    You need to change your domain name. Obligatory "Office Space" quote:

    Samir: You know, there's nothing wrong with that name.

    Michael Bolton: There WAS nothing wrong with it. Until I was about 12 years old, and that no-talent-ass-clown because famous and started winning Grammys.

    Samir: Why don't you just go by Mike, instead of Michael?

    Michael Bolton: No way! Why should I change it? He's the one who sucks.

  • MX Trickery (Score:5, Insightful)

    by sporty ( 27564 ) on Tuesday August 26, 2003 @05:41PM (#6799144) Homepage
    Well, why not kill the MX for your normal domain and simply use a subdomain for a while (maybe, me.mydomain.com vs mydomain.com. At least then, all bounces won't resolve, and you can have your domain back.

  • You're smart... (Score:3, Insightful)

    by anthony_dipierro ( 543308 ) on Tuesday August 26, 2003 @05:51PM (#6799261) Journal

    At the moment it looks like I may never be able to have any @gelhaus.net e-mail again.

    Since the return addresses are all invalid (e.g. 'nonexistent_address@gelhaus.net'), I would think it would be simple to filter out all messages that aren't specific ones I've set up (e.g. 'valid_address@gelhaus.net').

    See that, you answered your own question. Just block invalid addresses.

    I've had this happen before to my domain, and eventually it died down. If it doesn't die down for you maybe you could track the spammer down and sue her.

    Any sane protocol would never suffer from this problem. Yet people still claim that email is not broken...

    • Re:You're smart... (Score:5, Informative)

      by Just Some Guy ( 3352 ) <kirk+slashdot@strauser.com> on Tuesday August 26, 2003 @08:47PM (#6800695) Homepage Journal
      Exactly. I went through this about two months ago. I was getting about 2,000 bounce mails per hour until I added a bunch of lines to my Sendmail's "access" file, recompiled access.db, and restarted sendmail. Here's an example entry:
      erin@honeypot.net "550 This account was spoofed by some jackass spammer. It doesn't exist and never has."

      Add one for each falsified account. You will still get the incoming SMTP connections, but your server will reject the mail before the sending host transmits the whole thing. Advantage: you lose the bandwidth that it takes to build a TCP connection and send a single RCPT line, rather than losing the bandwidth and storage required to process and bounce a whole message.

      My SMTP bandwidth graphs dropped about 85% after adding those filters. Do the same on your end (or have your ISP do it for you) and sit back while the storm blows over.

      Oh, yeah: you may want to put a prominent notice [honeypot.net] on your website's main entry point stating that you are not the originator of the spams. The flood of mail to my "abuse@" address tapered off greatly once I explained things to visitors. I still get a few twits with an axe to grind but there's not much you can do about that.

    • >maybe you could track the spammer down and sue her.

      damn women and their spam.

  • This frightens me, knowing what their response will be to a Joe Job. Maybe I should start looking for a different host.

    Can't you just get a different host, then go to your registrar and change your DNS? That will work until your new hosting provider cries "Uncle" under the SPAM flood 8^)

    • Re:Oh no, I use CubeSoft too! (Score:4, Informative)

      by BrynM ( 217883 ) * on Tuesday August 26, 2003 @07:59PM (#6800388) Homepage Journal
      Can't you just get a different host, then go to your registrar and change your DNS?
      Just make sure that you own your domain name and not your registrar. A while back, a few registrars were offering dirt cheap registration, but they retained the rights to the domain name (essentially renting it to you). These types of registrars are trying to make money by forcing you to pay for hosting and since they own the domain name, you can't take your ball and go home. I don't think CubeSoft tries to pull any of this crap, but always read the TOS of a domain name contract very carefully. Even reputable registrars will try to hide stuff in there.
    • I've had an identical experience, and have had no repercussions from CubeSoft (yet, anyway). I did notify them as soon as it started.
    • Don't worry, I don't think they've been unreasonable at all. They've been working with me to get me back up. The person I've been in almost constant e-mail contact with has been very communicative and helpful, and has even taught me a few things about setting up my mail aliases that I probably should have picked up by reading the man pages. I intend to stay with them and after this experience I strongly recommend them because of their excellent service.

      BTW, we're now in the process of reinstating my val

  • There's not much you really can do (Score:3, Informative)

    by dacarr ( 562277 ) on Tuesday August 26, 2003 @06:03PM (#6799394) Homepage Journal
    If you get Joe Jobbed, there isn't much you really can do about the problem except weather it out and set up an autoresponder for those bozos that send you flames (and thusly are what keep spam going, you insensitive clods!).

    If you find that the jobber is indeed an American, though, if I recall correctly, you can sue for damages. Of course, you generally have to find the scumbag first.

  • Not much you can do at all (Score:5, Informative)

    by BrynM ( 217883 ) * on Tuesday August 26, 2003 @06:06PM (#6799419) Homepage Journal
    CubeSoft says there isn't any way to prevent it because there is nothing that stops a spammer from using a fake return e-mail address.
    Unfortunately, they are 100% correct. The spammer is just using your server as a destination for MX record lookups. When a spam is sent, most receiving e-mail servers will try to do a reverse lookup on the "from" or "recip" address via a DNS lookup or an MX lookup. This prevents the spammer from just blanketing a server with a completely made up "from" addresses (which used to be a popular tactic). The spammer now has to have a legit domain, so he used yours and just made up the account portion.

    So, what happens when the receiving e-mail server tries to verify account name too? The spammer has to use someone's real account name (which has happened to me more than once). Since the spammer is using his own mail server to send the messages, your account and domain names don't only get checked ageanst your mail server when the recipient server tries to verify that they exist and not when the spam is originally sent. Thus, it's almost impossible to prevent.

    Your only hope is finding the spammer somehow and making them miserable in some way (getting their ISP to cut them off, legal action), but that usually leads to the spammers friends making an exaple out of you (yet more unfortunate personal experience). I would just wait it out. Your ISP is doing the only thing they can by disabling your domain's e-mail. Soon, the "from" lookups will start failing for the spammer and he/she'll have to pick someone else to impersonate. I hope that your ISP will let you re-enable your domain's e-mail when it blows over. Good luck!

  • An Idea (Score:5, Interesting)

    by ewhenn ( 647989 ) on Tuesday August 26, 2003 @06:07PM (#6799434)
    My host is set up so that all emails recieved that have no account (invalid email address) are forwarded to an account with a quota of 1K. Of course the quota is full, so it is an instant bounce. Problem solved. Hope this may help you.
    • That would be bouncing a bounce. I don't see how that solves his problem.
    • Yep, would help the guy but _not_ his ISP. His ISP probably does not want to waste the bandwidth created by 30k messages and that is whey they disabled his email. Bouncing, forwarding to /dev/null etc do not help because he will already have accepted the email (and thus wasted the bandwidth).
      So either you scan already while receiving the email (as several people mentioned before, scan the header for invalid sender ips and then discard the bounces immediately BEFORE the whole email is accepted) or just wait

  • Eureaka! (Score:3, Funny)

    by rylin ( 688457 ) on Tuesday August 26, 2003 @06:15PM (#6799531)
    It's simple really!
    All you need to do is get a *really* long domainname.
    For instance, would you expect any spam to originate from llanfairpwllgwyngyllgogerychwyrndrobwllllantysilio gogogoch.com [llanfairpw...gogoch.com]?

    I think not!
    Yet I'm sure there's at least a postmaster account running there (and surely a real account or two, even if just for fun's sake).
    • It would be pretty easy to set up a spoof site and harvest credit card numbers (if it was ecommerce), since you could change just one letter and no one would notice!

  • Similar experiences (Score:4, Interesting)

    by Andy Smith ( 55346 ) on Tuesday August 26, 2003 @06:23PM (#6799604)
    I wish I could offer some helpful advice but I can't, so instead I'll relate similar experiences I've had.

    I have two domain names, one personal, one business.

    The personal one was 'hijacked' in a very bizarre way a few years ago. I annoyed the owner of a popular site (by publishing an article about him swindling his visitors) so he posted my address dozens of times, all over the front page of his site. Obviously he wanted anyone who still believed his side of the story to send me hate mail, and that's exactly what happened. That was mailbombing though. The 'hijacking' was secondary, because of course my e-mail address is now in the address book of hundreds, if not thousands of people who are, let's say, not spectacularly bright. You can imagine how many e-mail viruses I get as a result of being in those address books.

    The problem with my other domain is someone sending out viruses with my business address as the return address. This results in lots of auto-rejections from ISP spam filters. It's an inconvenience but it is NOTHING like as bad as the 30,000 you're getting, so you have my sincere sympathy. It must be very depressing to have something like this happen on such a large scale, and I do hope you figure out a way to prevent it.
  • You can't stop someone putting your domain in the 'from' line of their e-mail account any more than you can remove l33t spk frm teh intarweb.

    First of all, I'd recommend finding a hosting company which understands e-mail headers. To someone with basic knowledge of how e-mail works, it would be obvious that you haven't been spamming these people and that your account is innocent.

    Second, how about putting a link to this article somewhere on your site, with a little explanation to your visitors about what ha

  • Publish 'spf' records for your domain(s) (Score:4, Informative)

    by rthille ( 8526 ) <web-slashdot@ran g a t .org> on Tuesday August 26, 2003 @06:59PM (#6799934) Homepage Journal
    http://spf.pobox.com/

    Sure, not many MTA/MUAs check SPF records yet, but the fact that you are working to keep people from 'joe-jobbing' you should make your isp happy.

  • Host your own domain (Score:3, Informative)

    by Tor ( 2685 ) on Tuesday August 26, 2003 @07:03PM (#6799977) Homepage
    I am nearly in the same situation like you, except that I have complete control of my domain name (slett.net). I run my own DNS, my own SMTP server (Exim with SpamAssassin at SMTP Time [merlins.org]), etc.. A nice side benefit is the ability to teergrube [iks-jena.de] spammer hosts.

    If you are technically inclined, and you have a broadband connection, this is definitely the best way at present to take control of spam.

    Incidentally, I believe the ultimate solution to spam must involve banks and financial institutions - basically, an international mandate for these to not honor payment requests (e.g. credit card payments) to spammers. In the mean time, a mandatory upgrade or replacement to the SMTP protocol, to provide foolproof sender validation (by way of private/public keys or similar), will certainly go a long way towards solving the problem.

    -tor
    • Forgive my ignorance but which part of your setup prevents me from sending SPAM through another relay and set my From:, Reply-To:, etc. to tor@slett.net?
      • Forgive my ignorance but which part of your setup prevents me from sending SPAM through another relay and set my From:, Reply-To:, etc. to tor@slett.net?

        Nothing. I guess I forgot to mention the whole point of hosting your own MTA - namely, that:
        • Your email account will not be suspended by anyone but yourself (as a result of receiving tons of "Message Undeliverable" replies)
        • By controlling your own spam filtering, you can (temporarily?) weed out such messages.

        So, it does not solve the problem with fo

  • Just get rid of the email addresses (Score:3, Informative)

    by toygeek ( 473120 ) on Tuesday August 26, 2003 @07:20PM (#6800091) Journal
    I work for a hosting company, and yes we've had this problem, although not on such a massive scale. We found that by removing any catch-all type setup, and bouncing the email address, the end users are much happier. This of course doesn't change the loading on the server much. IF however you know which IP's the emails are being sent from, your ISP can block those IP's with iptables, or, even in their router.

    You shouldn't be so SOL, in my opinion.

  • Push the emails back toward the spammer (Score:5, Interesting)

    by Zocalo ( 252965 ) on Tuesday August 26, 2003 @08:15PM (#6800499) Homepage
    A former colleague of mine had one of her domains *seriously* Joe Jobbed like this a short while ago - thousands of bounces a day. Since the domain wasn't actually used for much she contacted the people that were using it, asking them to use an alternate domain as the obvious stop gap. Her next step was novel to say the least...

    A brief investigation of a few of the bounces revealed that the spammer was using a variety of email addresses and domains in the message as their contact point. Many of the domains shared the same mail server, which was obviously a co-lo box, so she simply pointed all of the MX records for her domain towards the spammers primary email server. Unfortunately it wasn't misconfigured to actually accept the bounces, but each bounce was tying up resources and bandwidth belonging to the spammer. When she reset the MX records back a month or so later it was all over.

    This is only applicable if you have your own domain like in this instance of course, I doubt an ISP would even consider this course of action with one of their subdomains as it's a dubious course of action to say the least. You also lose all use of your domain while the MX records as repointed, so you better be *damn* sure nothing sensitive is going to be received in legit email because the spammer could, if they wanted, accept and read your email.

    Interesting and apparently effective strategy though.

    • I'd happily use the bandwidth to forward all the bounces to the spammer. I can configure exim to send any mail not addressed to a real person on to the spammer. Except for the use of my bandwidth, is this any different than changing the MX records? And I think it would be safer too. If I set the MX record, they could send out genuine mail as me, rather than just forged mail.

      • Re:Push the emails back toward the spammer (Score:4, Informative)

        by Zocalo ( 252965 ) on Tuesday August 26, 2003 @10:09PM (#6801227) Homepage
        The beauty of setting the MX records to point at one of the spammer's servers is that it doesn't touch your bandwidth at all. The ISP generating the autoresponse resolves the MX records, gets the spammer's IP and tries to talk directly to that. Your server will stop seeing *any* email for the domain once DNS caches have expired, bounces or legitimate. Of course, if you want to continue accepting the bounces and forward them to the spammer via your MTA with the attendant resource costs, that's potentially more effective. For a start you can send the emails to the spammer's published contact addresses extracted from the spam bounces you are getting, essentially a mailbomb on thier mail box instead of yours.

        Setting the MX record has no bearing on whether the email is legit or not though, MX records are purely concerned with delivery, not dispatch. True, someone doing some investigation might notice the IPs matching and jump to the wrong conclusion, so you might want to use something like this in DNS:

        @ IN MX 10 send-bounces-back-to-spammer1
        @ IN MX 20 send-bounces-back-to-spammer2

        send-bounces-back-to-spammer1 IN A <spammer IP 1>
        send-bounces-back-to-spammer2 IN A <spammer IP 2>
        Which should make it a little clearer what's going on to anyone doing any digging.

  • Secure Mail (Score:3, Interesting)

    by Radical Rad ( 138892 ) on Tuesday August 26, 2003 @08:21PM (#6800532) Homepage
    I have a question. Since we have certificates from Trust Authorities to do secure http, why can't we use those same certificates to do Secure SMTP? Since it would be a new protocol, it wouldn't need to be backwards compatible with SMTP except that the MTA might fall back to that as a last resort. Being able to verify that a message is actually being sent by acmewidgetcorp.com would certainly make it easier to separate junk from business communications. It would be much more difficult to abuse since a certificate could be revoked by the CA and there is a cost associated with obtaining them as well as the time involved.
    • we can do that now. SMTP supports TLS (transport layer security) for encrypted mail transfer and you can either use bought cert's, or self signed ones. and you can config your email server to only accept properly signed cert's if you like. the problem is that a) hardly anyone uses SMTP over TLS and b) I've actually received spam via TLS before too.

      my server is configured with a self signed cert to advertise TLS and use it where possible, but to also allow normal SMTP too so that I can actually get most of
      • Sounds like you have a pretty good setup there. But is this built into the commercial email/groupware products like exchange, notes, and groupwise?
        • thanks, it is nice having your own mailserver to allow you to customise all this stuff yorself.

          often the functionality is there, it just needs configuring. after all, you do have to tell it what certificates to use (or to generate some if the software offers that option).

          I know that notes supports TLS. this needs checking but I beleive that some versions advertise TLS out of the box but then fall over as they have no cert's configured :). don't know about exchange and groupwise but I think that most MTA's
  • I ran across this Behind Enemy Lines [onlineconfessional.com] site recently.

    It seems to be describing a situation very similar to yours and a large number of actions taken to resolve it.

  • here's what you do (Score:1, Funny)

    by Anonymous Coward
    You hunt the spammer down like the dog that he is. Find yourself some "shady" characters to go pay him a visit. If he's in another country, that's even better. It's usually easier to find shady people in places like russia and china, and then, if you get busted for orchestrating his beating or death, it's harder for the authorities to do anything to you.

    Even better, you could find out who he is, and then start sending letters in his name to major organized crime members demanding money or taunting them.

  • Find a lawyer (Score:3, Informative)

    by bluGill ( 862 ) on Tuesday August 26, 2003 @10:00PM (#6801184)

    It is a long shot, but if you can track these people down, you have plenty of grounds for a lawsuit against them. Just prove they used your idenity without your permission. Even if they are in one of the few countries that won't help you out, there is a good chance that they have backers in a country, and you can sue the backers. Or if you can find who they are, and who the customers are, you can get the goverment to watch money transfers, and force all customers money inro your account (A very big maybe here). But you need a lawyer to 1) win the case for you, and 2) tell you how you can collect.

    Good luck, but I urge you to do this. You should have plenty of grounds, and you might join the few guys who have actually shut down a spammer.

  • Before I get modded down, hear me out. First of all, IANAL.

    Here's what would be fun. Find out what product is being sold by what company. Then, talk to a lawyer and see if there is a such thing as "accomplice to identity theft" or something along those lines. Sue the company who's product is being spammed. Profit? Who knows. It might get said company to either dump said spammer or tell them to clean up their act.

    Who knows, it might work!
    • whilst this may work in theory, in practice successful examples of people doing this are rare: it's all but impossible to prove that the seller authorised or knew about the unscrupulous tactics of the spammer.

      Most likely the spammer himself is taking advantage of an affiliate scheme, and is long gone.

  • Thanks for the replies (Score:5, Informative)

    by Black Cardinal ( 19996 ) on Wednesday August 27, 2003 @12:22AM (#6801987) Homepage
    Thanks to everyone who's posted replies on my topic. I've worked with my hoster to change my default alias to route messages with an invalid address to oblivion. Until this happened I didn't even realize that I had a default alias set up, which shows how dangerous a little ignorance can be. We're now re-enabling my aliases one at a time and watching closely to make sure these valid addresses are not being overrun with this returned spam.

    By the way, I should mention that my hosting service, CubeSoft, has been very good through all this. I've been in constant contact with them through e-mail (but not my domain e-mail, hah), and they have been very helpful in suggesting solutions and in trying to work with me rather than just blowing me off as not their problem. After this, I can strongly recommend them as a hosting provider.

  • what would happen if... (Score:2, Insightful)

    by bmac ( 51623 )
    (as I have done) instead of using your webhosting service's free email service, you just use a yahoo mail account? I don't think (tho I may be wrong) that yahoo would react the same way a normal webhost would because a) they should know that I at least didn't send all those spams from my account, and b) they probably filter a friggin' billion spams a day already.

    My general opinion is that a division of labor should be kept between web page hosting and email hosting, even tho, of course, the server is desi
  • As I mentioned in another reply, currently one of my domains is suffering from the same problem. Your question inspired me to mull over what one could do a little more.
    I was thinking since we host our own DNS, we could put in ACLs in our bind setup to disallow queries to the affected domain from the netblock that the spammer is operating from, and perhaps the first level of smtp servers that they are using. (If those are consistent.) This might provide a way to selectively DOS the people who are generati
  • This is all a giant conspiracy by the Level3's of the world trying to force us to get increased bandwidth... people (and ISPs) will be forced to simply accept that >30% of the bandwidth available is sucked up by digital "noise" in the form of spam, pop ups, etc...

  • Disable catch-all (Score:3, Informative)

    by Blackknight ( 25168 ) on Wednesday August 27, 2003 @08:36AM (#6803750) Homepage
    Your host should be able to disable the catch-all account for your domain, which will result in any message not sent to a specific account being bounced.

    You should also be able to set up filters in your accounts control panel. If your host does not support this, you need a new host [liquidweb.com].

  • E-Mail is starting to suck (Score:3, Interesting)

    by Goo.cc ( 687626 ) * on Wednesday August 27, 2003 @08:49AM (#6803832)
    I recently needed to respond to an e-mail from a small company. When I replied, my e-mail was bounced back to me because Comcast.net's SMTP server was blackholed. (This happened even though I have my own domain name and only use Comcast's SMTP server as a smarthost.)

    To get around this, I changed Sendmail to start sending out mail directly inside of using a smarthost. Now I get bounces from people with AOL addresses because AOL somehow knows that I am using a dynamic IP address to send mail from.

    The only reason I am having any of these problems at all is because of spam. Spam is ruining the Internet and what's worse, I can see no way of fixing it that doesn't destroy privacy.

    Thanks for letting me vent.
  • Your problem is Csoft. I have an account with them too. They offer a decent service at a good price, but they do enjoy their BOFH status. They're quick to blame their customers for problems. Because their prices are low, I don't think they give a damn about losing individual customers.

    I think the suggestion mentioned elsewhere about setting up a subdomain is best.
  • I run a small isp (300 domains) and we do web site hosting for $20 per month. Our mail servers take in about 130,000 emails every day 100,000 of it is undeliverable. In most cases like this we would simply weather the the storm. If your paying a host $5 per don't expect much.
  • I have a small domain ...don't link to it in Slashdot :)
  • Why do we chase the spammers, we should be chasing the q!?!!"@@s who pay them. Point those
    MX records at the web site they are publicising.

    If their employer gets hit, perhaps they will be fired...
  • The way to get spammers is to follow the money. This takes lawyers and banks, but it's quite possible.

    Work forward until you find the place where the credit card number goes in. Obtain a disposable credit card number from a cooperative bank and use it. Obtain the transaction information from the bank. Follow the money. Use subpoenas when necessary. Find out where the money goes. Sue.

    As for joe-jobs, first, trademark your domain name. (You can do this on line. [uspto.gov]) Then, a joe-job is a Lantham Act v

  • Having said that there's not much you can do in a previous post [slashdot.org], it occurs to me that one can use GnuPG [gnupg.org] to sign their messages or encrypt as necessary. Do this persistently and hope to God your correspondents have it or PGP or a clone thereof install.
  • no matter how much you like your host, there are others that are just as good if not better and just as cheap if not cheaper.. just take your ball and find a new home.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close