Urgent Help...Someone Been Spamming off My Domain Name

Millionaire

Hi Lads:

Can someone advise me urgently what to do on this...

This past week someone has been spamming off my work domain .ie I have been getting bounce backs all week long.

I contacted my email provider. and they told me this...

if you receive bounce mails like this, implying that a mail was sent from your domain to an address you've never heard of, then these mails are either virus generated and you will need to scan and clean your network of viruses, or the mail server is being used as an open relay and you will need to have it secured. The latter does not apply to your domain.
If your ip address is seen to be sending out spam mail you need to clean your network and all associated computers and access points, these matters are monitored by third party companies and you may end up blacklisted (unable to send mail) by one of these agencies.

Now, I do not have a virus as I checked my PC.

But I think I am getting blacklisted, as I cannot send from my work .ie email to my hotmail.com account.

I work into ireland and be back and forth from ireland to thailand, so right now I got a Thailand ISP.

I do not know WHO to contact about this???

Should I go to a local PC Support company and ask them for help.

I am not one bit techical at all, so an help or tips where to go would be great!

And how do I find out if I got blacklisted and how can I get unblacklisted asap!!!

Thanks

Gerry

irlrobins

Might have nothing to do with your system or setup. Some virus's can take addresses from an infected person's address book and forward their payload making it look like you were the sender.

For example:

Person A has your address in their address book (millionaire@domain.ie)
Person A gets infected by Virus X.
Virus X forwards it's payload to all people in Person A's address book, but sets the sender address to millionaire@domain.ie.

That way it looks like your the infected party when in fact your not. Have you checked to see if ur domain has been black listed and by who and why?

Khannie

Ask your service provider (I'd suggest talking to them over the phone tbh as they're less likely to pawn you off with a crappy mail response like that) how many mails have been sent from your address through their servers over the last month. Otherwise, as irlrobins said, it may be something that you've no control over.

Can you send a mail from yourself, to yourself? Sounds silly, but it's a good basic test.

cgarvey

The more likely cause is that you've been Joe Jobbed and that it's not your fault at all. I'm surprised that the ISP didn't mention that, as it is definitely much more likely (unless they know you to have a virus/open relay).

The reason you're being blacklisted is a lot of people assume the From address to be correct and report that as spam. Some lists correctly take this as gospel and blacklist.

Your SMTP provider (is that your ISP or your .ie host?) should be in a position to tell you if your outgoing mail count is unusually high (as was suggested).

You should also (after verifying it's not a local issue such as a virus, etc.) contact the blacklisters and explain.

It's also possible that your SMTP provider is being blacklisted for a different reason entirely.

.cg

Millionaire

How do I find out/tell I have been black listed?

As i mentioned... I cannot send form my work to my hotmail.

But i can send emails to both my work emails from my work emails.

My SMTP provider right now is a Thai ISP.... you would need to eat a jar of Valliumn before you would put a call into a Thai ISP...even though their the biggest in Thailand. Its like ages on hold, and you end up have to explain the problem to about 8 different people! :-(

I think I will try email first!

So there is no basic way of stopping this then?

Its quite worrying as I got an opt in list of which I send a monthly email to, in order to generate business. and if I am black listed... that will be bad!

Millionaire

Hi

can anyone recommend any good Anti Spam Mail Software?

Re my post above I contacted my ISP...here in Thailand...and they recommened the problem could be fixed with Anit Spam Mail software, and the problem could be on my machine.

I also contacted the compamy the hostes my .ie web site related to the email that is shooting out spam too. so waiting to hear back.

if my .ie has been blacklisted....how do I go about getting it Unblacklisted???

Thanks

Gerry

Static M.e.

Gerry,

I checked your Domain "http://www.netnation.ie" (if thats the one in question) and it currently isnt being blocked by any of the main Blacklist companies.

I have tested also what I beleive to be your IP address for the company above, and its also in the clear.

If you like you can PM your Actual IP address for the IE site and give you a more definaite answer.

I have been getting bounce backs all week long

I would need you to PM me or post me the full emails you are receiving inluding the headers etc to see if these are genuine or false. As others have mentioned these could very well just be noise

cgarvey

It's possible that there are two different problems here.

First is that you have been Joe Jobbed, and there's nothing you can do about that (you can use Spam filtering to reduce the bounces you get, but you have no control in stopping it).

Second is that your Thai ISP has been blacklisted.. either your IP, or your netblock (a group of IPs, basically). Check your IP (not that of your site/host, but the IP you're emailing from) with some black lists (1, 2) to see if that's the problem. If it is the Thai ISP at fault, then there's not much you can do about it only pressure them to resolve the problem.

.cg

Millionaire

Thanks for the help lads. yes it off netnation.ie and weird emails like hhsassas@netnation.ie and the stock market reports at the bottom...with all that "basian poision" blab text, to break through spam filers.

I will check out with the black listing orgs.

Better down load some anti spam software...though netsource(magnet) I have a spam product.

Thanks

G

jsbbroady

A handy tool for helping eliminate problems can be found at DNSReport I have found it to be very helpful for open relay, spf and other usual mail config problems. As cgarvey mentioned it could be all about IP addresses being blocked! If you are able to use a different smtp server you may be able to send mail.

JB

Millionaire

Here is an example of one of the spam emails.... it have left put the Stock Market report...which is at the bottom...

Its a bounce back I got...and I hae bolded the emails coming from netnation.ie

---

Original Message

---

From: Mail Delivery Subsystem
[mailto:MAILER-DAEMON@flpi113.sbcis.sbc.com]
Sent: 09 January 2007 00:03
To: kgmdao@netnation.ie
Subject: Returned mail: see transcript for details

The original message was received at Mon, 8 Jan 2007 16:02:36 -0800
from
www01.houseit.com [64.118.239.186]

---

The following addresses had permanent fatal errors

---

<lingua.academia@prodigy.net>
(reason: 554 delivery error: dd Sorry, your message to
lingua.academia@prodigy.net cannot be delivered. This account is over
quota. - mta102.sbc.mail.re3.yahoo.com)

---

Transcript of session follows

---

... while talking to
mx1.sbc.mail.yahoo.com.:
>>> DATA
<<< 554 delivery error: dd Sorry, your message to
lingua.academia@prodigy.net cannot be delivered. This account is over
quota. - mta102.sbc.mail.re3.yahoo.com
554 5.0.0 Service unavailable

Message/delivery-status

Reporting-MTA: dns; flpi113.sbcis.sbc.com
Received-From-MTA: DNS; www01.houseit.com
Arrival-Date: Mon, 8 Jan 2007 16:02:36 -0800

Final-Recipient: RFC822; lingua.academia@prodigy.net
Action: failed
Status: 5.0.0
Remote-MTA: DNS; mx1.sbc.mail.yahoo.com
Diagnostic-Code: SMTP; 554 delivery error: dd Sorry, your message to
lingua.academia@prodigy.net cannot be delivered. This account is over
quota. - mta102.sbc.mail.re3.yahoo.com
Last-Attempt-Date: Mon, 8 Jan 2007 16:02:38 -0800

Forwarded Message [ Download File | Save to Yahoo! Briefcase ]

From: "thunderous" <kgmdao@netnation.ie>
To: a7ator@acadling.com
Subject: wallow bray
Date: Tue, 9 Jan 2007 00:00:52 -0000

mickoneill30

They're nothing to worry about.

The most likely cause is this.

Spammer finds a mail server on the internet that allows relaying. Then the spammer runs their scripts to send mails from that server as dkdkd@yourdomain.com.

At no time in that process is your server being touched and they could use any domain name in the world. They probably do. I've got no server but I still have 7 or 8 domain names and I receive a few of those mails a week.

Millionaire

I still wonder though, why all of a sudden, my netnation cannot email my hotmail account. i sent over 10 emails to my hotmail...and they just do not show up in hotmail??? (but they do in my yahoo?)

ressem

It might be worth checking if you can add a SPF record to your domains DNS record.

http://www.openspf.org/
http://www.dnsstuff.com/tools/dnsreport.ch?domain=netnation.ie


This would mean that yahoo, google and others would have a list of ip addresses, which include your outgoing mail servers, or permitted relay and marketing mail services from which you send mail from @netnation.ie.

So mails in future from this ip range would be more likely to be accepted, and spam less likely.

So you might have a spf that includes the SMTP servers of your company, through which all laptops and desktops have to authenticate.
Either an internal server or something at netsource.ie.

There's a wizard that'll ask you a few qns at the openspf site above; then generate a string of text. You would then ask your domain provider to add this string to your domain record. If you're not sure about some of the questions then ask back here.