Someone is Using my Email to send Spam

[StevenQ12]

I recently received a spam email and was shocked to see that the sender was from webmaster@.... from my domain name. How did they do this? No one knows my password so they can't log into my account. More importantly how can I stop them. I don't want my website to get a bad reputation because someone is using it to send spam.

[NineFingers]

Are you sure they were using your email account? Spoofing is rather easy to do. Look at the header of that email and maybe you can get more info.

[slinky]

Quote:

Originally Posted by StevenQ12

I recently received a spam email and was shocked to see that the sender was from webmaster@.... from my domain name. How did they do this? No one knows my password so they can't log into my account. More importantly how can I stop them. I don't want my website to get a bad reputation because someone is using it to send spam.

There are numerous ways this can happen but I would be 99% sure that nobody used your account to send the email. I'll explain but my advice is to forget about it unless there is a clear way you can do something about this.

It is easy to "spoof" emails so that the "From" field appears to be you but is really someone else. Tracking down who did this could be next to impossible. Frequently there are stock manipulation scams that don't have any addresses associated with them unlike, e.g. buy something from a store or an affiliate link where you can find out who is getting the credit for the referral. What will happen is that some unscrupulous person will find a server that is not secure and it will become a "zombie." They will upload a script or use an unsecured script that has a mailing component and send out thousands of emails. Your email address may be used for numerous reasons, maybe even just random. This way all the bad email addresses bounce back to you instead of the sending server alerting the admin of the spam sending!

While you should report the abuse, the chances of retribution are minimal. My point is just to say don't worry. Nobody probably broke into your account. But welcome to the Internet and the hell that is spam!

[StevenQ12]

Quote:

Originally Posted by NineFingers

Are you sure they were using your email account? Spoofing is rather easy to do. Look at the header of that email and maybe you can get more info.

I think you are right about the spoofing. The From says, "webmaster@...." <CanelaKayleighjfulkif@infodek.com> The webmaster is my email address and I don't know who the second email address is. How do I stop spoofing?

[StevenQ12]

Quote:

Originally Posted by slinky

It is easy to "spoof" emails so that the "From" field appears to be you but is really someone else. Tracking down who did this could be next to impossible. Frequently there are stock manipulation scams that don't have any addresses associated with them unlike, e.g. buy something from a store or an affiliate link where you can find out who is getting the credit for the referral. What will happen is that some unscrupulous person will find a server that is not secure and it will become a "zombie." They will upload a script or use an unsecured script that has a mailing component and send out thousands of emails. Your email address may be used for numerous reasons, maybe even just random. This way all the bad email addresses bounce back to you instead of the sending server alerting the admin of the spam sending!

How can I secure my server and remove the "zombie" script? Thanks for the all the information.

[slinky]

Quote:

Originally Posted by StevenQ12

How can I secure my server and remove the "zombie" script? Thanks for the all the information.

You can't and it's not on your server. Here's what happens. Joe owns an insecure server in the UK. Jerk is a spammer in the US. Jerk finds the hole on Joe's server and has emails sent from Joe's script on his server to thousands of people using your name as the sender. Why? Because some will buy into the spam and Jerk will make money. For those non-fully web savvy people who are angry about the spam, they will think that you sent the emails because you are "sender." A more experienced person might go after Joe because the IP address in the header traces back to Joe's server in the UK! Joe has no idea that his server was compromised and must then secure his server or else Jerk will keep sending the spam.

The best bet is to alert Joe his server has been compromised and then set up some type of spam filtering on your server to filter out or black hole the spam.

[AlienGG]

Solution:
Add a TXT record to your DNS control:

v=spf1 a mx ip4:REPLACE_WITH_YOUR_SMTP_SERVER include:REPLACE_WITH_ANY_OTHER_SMTP_SERVER_YOU_USE_IF_NONE_REMOVE_THIS -all

If it works, a little green is appreciated.

[Loco.M]

make sure you don't have any contact us, or feed back scripts on your site that are un secure..
I had this happen on a small site of mine and they where using a feedback.php file

[iamneo]

Good suggesting AlienGG. I was going to mention that too.

Setup your SPF (sender Policy Framework) and you are done

Will help a bit.

Quote:

Originally Posted by AlienGG

Solution:
Add a TXT record to your DNS control:

v=spf1 a mx ip4:REPLACE_WITH_YOUR_SMTP_SERVER include:REPLACE_WITH_ANY_OTHER_SMTP_SERVER_YOU_USE_IF_NONE_REMOVE_THIS -all

If it works, a little green is appreciated.

[AlienGG]

Add a nice randomized string verification would prevent that.

[AlienGG]

Quote:

Originally Posted by iamneo

Good suggesting AlienGG. I was going to mention that too.

Setup your SPF (sender Policy Framework) and you are done

Will help a bit.

Thanks. The same spoof happened to me a lot. I used to get more than 20 rejected emails a day for 1 domain alone. After setting the SPF, I've got none.

[iamneo]

No problem. I like the name mashup.com . what is the price you are expecting/asking for it?

Quote:

Originally Posted by AlienGG

Thanks. The same spoof happened to me a lot. I used to get more than 20 rejected emails a day for 1 domain alone. After setting the SPF, I've got none.

[falcondriver]

Quote:

Originally Posted by StevenQ12

I think you are right about the spoofing. The From says, "webmaster@...." <CanelaKayleighjfulkif@infodek.com> The webmaster is my email address and I don't know who the second email address is. How do I stop spoofing?

you shouldnt use webmaster@ as your email account, just because some people just send out spam to webmaster@everydomaintheycanfind, some with info@, contact@ and sales@. i recommend something like firstname@mydomain.
however, you cant stop spoofing. and always use a hotmail or yahoo email if you sign up at a page you dont know or if you do directory submissions.

[sarahtar]

So how would one go about actually doing this? I'm not a complete idiot (just a partial one!), but "Add a TXT record to your DNS control:" doesn't make a whole lot of sense to me.

Where would I find my DNS control in order to add the TXT record?

I've recently been the unhappy recipient of about 40 returned to sender emails every day. For about 5 days now. I'm ready for it to stop, but turning off that particular email account isn't practical.

[sarahtar]

hey hey I figured it out. Thanks, we'll see if that does the trick.

[mbarrus@socal.rr.com]

I am getting spam from my webform:

http://www.iwanttoquitsmoking.com/subscribe.html

Someone has written a script that fills it out with Rx and porn entries, and my auto reply is going out to the email addresses that the script enters.

Can someone please point me in the right direction?

MB

[designerz]

Quote:

Originally Posted by mbarrus@socal.rr.com

I am getting spam from my webform:

http://www.iwanttoquitsmoking.com/subscribe.html

Someone has written a script that fills it out with Rx and porn entries, and my auto reply is going out to the email addresses that the script enters.

Can someone please point me in the right direction?

MB

you can put a image verification on your form page....it prevents spam..