How to stop somebody sending spam from my domain?

Hi,

some joker out there is sending spam and makes it look like I send it from one of my domains. I know this of course because I get a lot of failure messages, not to mention stop spamming me requests.

Is there anyway you can stop such activities? I fear me my website is going to get blacklisted at this rate by many a spam filter.

Anyway, it's not doing my rep. any good
The spam is sent in the name of www.zgallery-art.com, a small and until now respectable art site.

 

This is a valid concern, and there is no sure way to stop that. They can simply add "reply-to" field to the header and use an e-mail at your domain if they wanted to.
However, you can at least make sure they are NOT using your site's resources for spamming, which is an entirely different matter. If you are on a VPS or a dedicated server, you can use CPanel/WHM to set "On behalf of" header to all outgoing messages leaving your server. It is under Service Configuration/Exim Configuration Editor If you do not have access to WHM, do ask your hesting company to set that up for you.
Note that your e-mails are going to look a bit funny in MS Outlook if you do that: the return address will show as your server's, not your personal, and then there will be the additional "On behalf of:" and then your personal e-mail address.
So, if someone forwards you spam that has your e-mail address AND the "on behalf of" from you, you'll know that you have much bigger problem to deal with - they have gotten a hold of a faulty CGI script or something on your server and they are using you resources and not only your good name to spam.

Good luck!

 

Thanks for the tip 1-script, I'm going to have to look into that.

 

I am also having this issue. It looks like spammers are trying to make it look like their emails are coming from my domains. (I don't think they are actually using my resources, because the addresses are just jibberish like "dsfgjhdksfghj@mydomain.com"

Are there any surefire ways to prevent this?

 

same here.
are the emails you see bounce emails? one that say email address dont exist?

 

yes they are - and i suspect thats the only reason i'm seeing them. the ones that spammers send to active emails are probably going through just fine, and the recipiant thinks they are from my site.

The only reason im getting the bouncebacks from those jibbersih email addresses on my domain is because I set up a "catch-all" in my email system to catch any emails that legitimate senders maybe mis-typed.

GOD i hate spammers.

 

Seems like a common concern -- I've had the same problem...my web host has taken some action but I'm getting no sense from them as to what they have done...let you know if I find out.

 

heres a reply i got when i posted this problem on my hosts forums

 

there are indirect ways to protect yourself from getting into blacklists and from being abused as a fake senders address

1. make sure your mail server is NO open relay ?? - if your MTA = postfix - then use in shell
postconf
and look at the entire mail configuration - if postfix, then study all parameters available
http://www.postfix.org/postconf.5.html
2. remove your catch all and add the precise eMail addresses INCLUDING all commonly required service mail addresses such as abuse@ info@, etc - this alone may reduce possible spam abuse by 50-90% or more
3. make sure your MTA checks for existing mail users as valid sender/recipient addresses
4. optimize your SPF record - best add your server's IP and make sure when ever possible you have a single or small number of precisely known mail servers - with recise IP - and then of course make sure absolutely NO mail is ever sent out thru any other mail server.

hence a SPF record could look like
"v=spf1 ip4:xxx.xxx.xxx.xxx a mx -all"

with xxx.xxx.xxx.xxx = being your precise mail server IP

SPF records require you have full control of your own DNS
easily done in all cases - except free hosting plans !
a good way to start is
http://www.zoneedit.com
then make those 2 NS slaves AFTER having setup your own master NS on your site and after having verified your NS config using
http://www.dnsreport.com/
best is to have master NS on your own domain/server and all others defined as slaves - thus you have full control of your own NS records = SPF records!

this above precise procedure assures that all world knows that ALL and ANY mail coming from ANY other mail server/IP is spam and that ONLY the mail coming from your domain VIA published mail servers truly is YOUR mail. hence this procedure prevents you from being blacklisted.

 

I agree with Hans...I was going to mention the SPF Records as well. (Sender Policy Framework) - for more info: http://www.openspf.org/

 

my domain name / my email addresses have been used/abused since years as spam-senders-address

now since oct 2006 i havemy own root server and since then i have setup the most strict SPF record I know of - and it seems to take a while for such record to become really active - but if i look back the last months and weeks of having such strict SPF - then I realize that the past few weeks I had less and less senders address abuse.

This slingshot effect may have to do with the delay of all spam control mechanism to become updated and aware of your SPF record

to make sure that my own mail server is clean - i have canceled all private accounts on my mail server that i have offered to friends and "customers" before. with exception of family members there is no one on my mail server with an account that ever could get involved in spam or monkey business to jeopardize the mail server's reputation and records.

to have x number of free mail accounts is a tempting situation to offer free accounts to friends and others - and it also is a sure way to have your domain-name/mail server sooner or later involved in spam and uncontrolled mail situations.

 

My particular problem was hackers using a copy of thesitewizard feedback form that I had on a couple of my sites to send spam. Easily remedied, I deleted the form, but you can also upgrade...

http://www.thesitewizard.com/faqs/feedbackform.shtml#spammed

 

Damn it. I have the same problem here... Allmost 700 emails - "Message Delivery Failed" per day! What can I do to stop this?

Please help!

Server:

WHM 11.15.0 cPanel 11.18.5-R24214
CENTOS Enterprise 4.6 i686 on standard - WHM X v3.1.0