Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




77 posts

Master Geek


Topic # 116586 3-May-2013 12:11
Send private message

I couldn't find anywhere else to put this so hopefully "Off topic" is a suitable spot.

This morning I have started receiving thousands of emails bounced back from various email addresses that have 'apparently' been sent from 'info@<my domain>'.

This is attached to my domain but not an email account I have setup. I don't how or why these emails are coming back to me apart from maybe a spammer using 'info@<my domain>' as the reply address.

I have just created an info@<my domain> now with a limit of 1MB to stop them coming to me but I am concerned that this will somehow affect my other email accounts due to being marked as spam

I have emailed this through to my Email Hoster (GoDaddy) also and will apparently hear back in the next day.  Assuming they have any advise here.

Is there anything else I can do here?

Thanks in advance

Darren

Edit: corrected the subject text

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
BDFL - Memuneh
60286 posts

Uber Geek
+1 received by user: 11342

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 810740 3-May-2013 12:41
Send private message

Nothing much you can do to prevent people sending or trying to send emails from a domain name. You can though specify a SPF record in your DNS to make sure those receiving servers that can check DNS will look at the record and know where email for your domain is allowed to come from or not.




13919 posts

Uber Geek
+1 received by user: 1754


  Reply # 810745 3-May-2013 12:46
Send private message

It's possible your email account is hacked. Check the email headers for the ip it is being sent from. Possibly time to change providers if the support is to slow. You shouldn't have to wait more than a few hours for support.

 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software
1917 posts

Uber Geek
+1 received by user: 110


  Reply # 810746 3-May-2013 12:48

Not really much - it happens all the time. Check the headders for the route.

BDFL - Memuneh
60286 posts

Uber Geek
+1 received by user: 11342

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 810748 3-May-2013 12:50
Send private message

A "hacked account" is a lot less likely than a spoofed email address in the sender field, which anyone can use. Also if the OP didn't have an info@ email account it couldn't be hacked.






77 posts

Master Geek


  Reply # 810751 3-May-2013 12:53
Send private message

Here is the contents of one of the many emails I have received so far, not sure exactly how to read it as far as if it sates where it came from, etc...

---------------
Message from yahoo.co.nz.Unable to deliver message to the following address(es).

 

<nz_procurement@yahoo.co.nz>:

This user doesn't have a yahoo.co.nz account (nz_procurement@yahoo.co.nz) [0]

 

<nz_redrooster2004@yahoo.co.nz>:

This user doesn't have a yahoo.co.nz account (nz_redrooster2004@yahoo.co.nz) [0]

 

--- Original message follows.

 

The original message is over 5K. Message truncated.

 

Return-Path: <info@fnd.co.nz>

X-YahooFilteredBulk: 70.43.63.18

Received-SPF: none (domain of fnd.co.nz does not designate permitted sender hosts)

X-YMailISG: fEtHutIWLDsdkwA8R54jG8F.Xss8GajAse5I.VZC0Xydb9xV

 hKNFBK7uBXDwDDr9zm3PtFgC6EWYZq0Cjhwlvoio54zQPXGvrF761CqBkxT7

 LQsloxrwx8rm_PRyl5wjr3Npn_fSq2Zmd48BTNYKVWH30YbcTNvN2W6PDIPy

 JuVOFEbihlkUFMPlAKberP7VAJL1JtXEQfRearbRgGgTzgQ2lt218n.QbnoO

 lRKkpaub4ghSbP_ZgpPvexe2f_4iJTKkEqBV4E6IW4fSJL13fWxQgKaJC2Ar

 l8cBKNsG1J0lr1zMOTQAmpgQOM39KeEZSW2BIucDasoBz7HL0Z8Io.58l1cB

 9AeEAox8UmS0pdnrZr8H1nopR9d05MEC2gzwUm7J2VZtTEvC1IQZ1coC4WUZ

 JscKniQqPR_I7ry6ZU2jEvCkx5fv5ldpugameLQrNtAKaCw5ADmiu.2CojHF

 VoRDH19VKqig_EYt5GY.71Q645bFDuhynZ.1eiL92C9LgqSmXrJp2esOHG28

 vElV12QKt0pxLzsgdno9KF7vQPVoGdprtGmG5gmmKkjg6x217XfPck6N8RL3

 5mfj8NlDZCG0tuazAZHxEx0pTQbWVndn.sCH0OfT0gAHCmksYfSAVfod7BM4

 xzTofyezB1q8dxLf1URglI.MwhNZz6MTjBNCdXT9DwtyYttUannmvwcQuQdk

 XL3eyM.JPa.sK.wEFu9zdM9dUs6c8.L0h_oYqs4aYzp2l3PEevVWF.ajSxpt

 OHCgpZm5QhlhfVFLcNQBFbNnpRrXJw8cI6sv7cswNRureAWeVxVCjpPZ6mdC

 bJ4BK4BH5UyASgc.S1I92YD8Z4EyPYp75HrNSJAX16WTtkuXaV5zNs0iZ_vC

 rwkWb0ISxxpYAa7U9hCgGwLqLBw9rw_hSCHwCKkZzkKXbQr27JbWKheij6yJ

 0dRFGARuRaoxBNez15yAu3rRgexHMfkbKKSgPLrzNGAfe6WBxPQUtJXzoVC1

 3iZzQQJFb.TfI9cOH5j7RlDEqDWKL.o2aozMx6nn_OOqBttS8.CmhR7dtq_L

 5XZMTfmkf7wRD88yTNLoOJW90ag7QCtytIEQ08lZBWFnU.V46ArmVvHc6brS

 LNaQ3m.rRWzbaa6GdAV7gNd89W3.k1yGOSC1.Eg3nC.Y4yTUcPYKTPtfV.vo

 KZPpOqRKgcoq3hbSLoyHJhPGhaTR2ryBQamQ0k13QVFTLAJB_9QtoDJa_mrw

 NaYh_Y14w9gzNAy5GItqB4EPFNcmAjzCGUj38YYTphEPu.tavbPDiNQbaAgK

 KRYisum2tDKbtixyeLW08L1p3OPI9XMSGw0nOx8ZALVu6qKBCGULMpmO8zIn

 TQ_udS_aBtyNo7MsHSzwHM3YS.zvNRqytM9R7PaijjezMJlQ2SLMKhkXLe9i

 E_jwS1_sknKZTh2sNWl2P1x82epkwhA8VKUeZli.FtOWii9Xqb2mv7HJl9nl

 RwfbwArLLnHuWkNcwhQrzSW_a_DmZvROQJmxLfc8c2tzASn487MF7Kg_BOnS

 3A--

X-Originating-IP: [70.43.63.18]

Authentication-Results: mta1268.mail.bf1.yahoo.com  from=fnd.co.nz; domainkeys=neutral (no sig);  from=fnd.co.nz; dkim=neutral (no sig)

Received: from 127.0.0.1  (EHLO smtp01.atlngahp.sys.nuvox.net) (70.43.63.18)

  by mta1268.mail.bf1.yahoo.com with SMTP; Thu, 02 May 2013 16:44:04 -0700

Received: from artots01.ARTO.local (66.148.214.220.nw.nuvox.net [66.148.214.220])

      by smtp01.atlngahp.sys.nuvox.net (8.13.1/8.13.1) with ESMTP id r42NP82k023490;

      Thu, 2 May 2013 19:39:19 -0400

Message-Id: <201305022339.r42NP82k023490@smtp01.atlngahp.sys.nuvox.net>

Content-Type: multipart/alternative; boundary="===============0375986271=="

MIME-Version: 1.0

Subject: Resolve The Issue On Your Account.

To: Recipients <info@fnd.co.nz>

From: "ASB" <info@fnd.co.nz>

Date: Thu, 02 May 2013 18:45:59 -0500

 

You will not see this in a MIME-aware mail reader.

--===============0375986271==

Content-Type: text/plain; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body

 

 

    =

 

  =

 

 Dear Valued Customer:

 =

 

 We need your help resolving an issue with your ASB account. To give us tim= e to work together on this, we've temporarily limited what you can do with = your ASB account until the issue is resolved.

 =

 

 To help us with this and to find out what you can and can't do with your a= ccount until the issue is resolved. click on the link below to resolve issue  =

 

 Log in here to Resolve issue.

 =

 

  =

 

 =

 

   Yours sincerely =

 

 =

 

 =

 

 ASB Bank Limited,

 Digital Banking Director     =

 

       =

 

=20

--===============0375986271==

Content-Type: text/html; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body

 

<html><

*** MESSAGE TRUNCATED ***
---------------

BDFL - Memuneh
60286 posts

Uber Geek
+1 received by user: 11342

Administrator
Trusted
Geekzone
Lifetime subscriber



77 posts

Master Geek


  Reply # 810760 3-May-2013 12:55
Send private message

And after checking quite a lot of emails, none of the addresses are any that I have ever seen before so I am confident it isn't coming from my address book.  

Some emails have a large number of similar email addresses but don't appear to be randomly generated.  Must have a massive email database somewhere.

I iz your trusted friend
5779 posts

Uber Geek
+1 received by user: 137

Mod Emeritus
Trusted
Lifetime subscriber

  Reply # 810764 3-May-2013 12:59
Send private message

This happens all the time...




Internet is my backyard...

 

«Geekzone blog: Tech 'n Chips Takeaway» «Personal blog: And then...»

 

Please read the Geekzone's FUG

 




77 posts

Master Geek


  Reply # 810782 3-May-2013 13:04
Send private message

chiefie: This happens all the time...


So what do people normally do here?

I have created the account with a 1MB limit to stop all the spam coming back to me.  Do i just assume that the spammer will move on to another address after a day or two?

4123 posts

Uber Geek
+1 received by user: 842
Inactive user


  Reply # 810799 3-May-2013 13:26
Send private message

On our email server (Mdaemon) we have enabled backscatter protection to stop this happening.

2344 posts

Uber Geek
+1 received by user: 373

Trusted

  Reply # 810800 3-May-2013 13:33
Send private message
3343 posts

Uber Geek
+1 received by user: 1088

Trusted
Vocus

  Reply # 810824 3-May-2013 14:28
One person supports this post
Send private message

As Mauricio has noted, SPF records will help with this.  The majority of email platforms (especially the large ones) will check these for mail from a domain, and if the sender is not listed will reject the mail out of hand (and likely blacklist the server attempting to spoof your email address).  So the SPF record is not just good for your reputation, but bad for spammers too.

There is also DKIM - but it's a bit more complicated to set up and SPF is probably good enough for these purposes.

As for the bounce backs, all you can really do is ignore them :)

Edit: Just note that if you're using SPF records, don't use SMTP servers to send mail that you've not put in your SPF record - for obvious reasons!



77 posts

Master Geek


  Reply # 810860 3-May-2013 15:13
Send private message

ubergeeknz: As for the bounce backs, all you can really do is ignore them :)


Thanks for that.  I won't see them anymore they have been diverted away from any accounts I check, I was more concerned that my domain would get marked as a spammer and affect my actual emails.  Hopefully that isn't the case.

4366 posts

Uber Geek
+1 received by user: 826

Moderator
Trusted
Lifetime subscriber

  Reply # 810864 3-May-2013 15:16
Send private message

You can check if your domain has been blacklisted and request it be whitelisted by using some online searches. One is at MXToolbox.com. Just click on the Blacklists tab and put in your domain name or server IP address.

601 posts

Ultimate Geek
+1 received by user: 44

Trusted

  Reply # 810866 3-May-2013 15:16
Send private message

Alot of email filter software has inbuilt spoofing rules.

Where it will block email that appears to be from its own domain, but the IP is different.

if that makes sense.




The little things make the biggest difference.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Exhibition to showcase digital artwork from across the globe
Posted 23-May-2018 16:44


Auckland tops list of most vulnerable cities in a zombie apocalypse
Posted 23-May-2018 12:52


ASB first bank in New Zealand to step out with Garmin Pay
Posted 23-May-2018 00:10


Umbrellar becomes Microsoft Cloud Solution Provider
Posted 22-May-2018 15:43


Three New Zealand projects shortlisted in IDC Asia Pacific Smart Cities Awards
Posted 22-May-2018 15:14


UpStarters - the New Zealand tech and innovation story
Posted 21-May-2018 09:55


Lightbox updates platform with new streaming options
Posted 17-May-2018 13:09


Norton Core router launches with high-performance, IoT security in New Zealand
Posted 16-May-2018 02:00


D-Link ANZ launches new 4G LTE Dual SIM M2M VPN Router
Posted 15-May-2018 19:30


New Panasonic LUMIX FT7 ideal for outdoor: waterproof, dustproof
Posted 15-May-2018 19:17


Ryanair Goes All-In on AWS
Posted 15-May-2018 19:14


Te Papa and EQC Minecraft Mod shakes up earthquake education
Posted 15-May-2018 19:12


Framing Facebook: It’s not about technology
Posted 14-May-2018 16:02


Vocus works with NZ Police and telcos to stop scam calls
Posted 12-May-2018 11:12


Vista Group signs Aeon Entertainment, largest cinema chain in Japan
Posted 11-May-2018 21:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.