UNFLUX.net

[Ganceann]

hi,

I am just curious as to the origins of it and whether me having the contact form is enabling more spam to be accumulated.

Basically I have seen a surge in spam to my mailbox generally all showing topic titles like delivery status notification (failure) or other similar headings.

It is from multiple different domains but in the To address it is normally a random name @mydomain.net

I enclosed a sample of the full header view (I dont know how to fully interpret it and whether or not there is some bot automatically mailing out and creating fictitious addresses associated with my website.

I edited out my associated domain name just so that more bots dont pick it up and send even more spam (but it is the main domain in my profile)

Received: from ganceann by server1.unflux.net with local-bsmtp (Exim 4.52)
id 1H1xjR-00010O-CG
for my signon@ unflux server; Tue, 02 Jan 2007 22:28:25 -0600
X-Spam-Status: No, score=0.8 required=5.0 tests=AWL,HTML_10_20,
HTML_IMAGE_ONLY_20,HTML_MESSAGE autolearn=no version=3.1.3
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on unflux server net
Received: from [216.163.188.210] (helo=C9mailgw01.amadis.com)
by unflux server with esmtp (Exim 4.52)
id 1H1xjR-00010C-0o
for qhzoyg@my domain net; Tue, 02 Jan 2007 22:28:05 -0600
Received: from c9mailgw26.amadis.com (10.9.0.11) by C9mailgw01.amadis.com (NPlex 6.5.029)
id 458C24B30071A564 for qhzoyg@my domain net; Tue, 2 Jan 2007 20:25:00 -0800
Received: by c9mailgw26.amadis.com (Postfix)
id 86B1E87D63; Tue, 2 Jan 2007 20:18:19 -0800 (PST)
Date: Tue, 2 Jan 2007 20:18:19 -0800 (PST)
From: MAILER-DAEMON@name-services.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: qhzoyg@my domain net
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="6000087C9A.1167797899/c9mailgw26.amadis.com"
Message-Id: <20070103041819>

As I said this is just one sample and there are various different received from places as well as different alias names associated with my domain.

I am trying to figure out either how to prevent this or to find out if someone is automatically generating spam emails to other websites using my domain name (or whether it is all part of one big phishing attempt to try and get me to respond to one of the spam messages generated).

Any help would be appreciated as I expect you may have came across something similar since your inception.

Thanks.
Ganceann

[Bigwebmaster]

Spammers will often use fake return email addresses so that when they send out millions of emails all of the undelivered mail will not bounce back to them, and instead bounce to someone else such as yourself. This is likely what the problem is.

Things to make sure of is that your contact form page doesn't actually list any email addresses in the source. You should be very careful of where you have your email addresses since as you mentioned they can and will be harvested. Also spammers will brute force on domain names to find all available email addresses that work, so its probably a good idea to use email addresses that spammers cannot guess.

Finally if you have a catchall email address, I would send that to :fail: through cpanel. What I do on my domains is make one email box and then put a bunch of forwarders to that email box for the actual emails I want to accept. For the catchall it is set to :fail: so that it won't even accept email for addresses that do not exist. The affects the spammer directly as there is nothing even to bounce and takes more resources away from the spammer.

Occassionally spammers will guess your email address, or somehow it got leaked out from someone you have emailed in the past. Once an email starts getting really abused I usually remove it so that no email gets accepted there anymore.

I am not sure if any of this information helps or explains anything, but spam is a big problem on the internet and it is sometimes really hard to pinpoint exactly why you are getting what you do.

[Ganceann]

It helps inform of of how I can better protect myself at least.

I guess as one of the main terms for my website has 1000s of spammers associated with it, I always knew it was a matter of time before I started receiving it.

I have set it to :fail: now in the catchall email which should resolve most of the problems that I noticed - it basically was only in the last few days and especially yesterday where a load of undelivered type stuff turned up. Hopefully this cuts out all that type of random stuff.

I am all too familiar with the problem of spam on the internet - many sites outrank me and are nothing but spam and scraped content (sometimes content scraped from one of my sites and I suffer as a result of not having as many 'inbound links' and actually appear as the imposter site. Currently got thrown into google supplemental recently - but hopefully that is only due to not having many inbound links rather than anything else.