I have a client that is getting hundreds of mail returned that they never sent. I looks like someone is sending SPAM with their email address as the sender. I could fix the problem by turning off catch all, but I'd rather stop the a$$holes that are doing this. How can we stop them??? From the look of this one below, they are trying to find valid email address... Hi. This is the qmail-send program at wels4.redanvil.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <tracyrifeelli@wels.net>: 204.11.209.150 does not like recipient. Remote host said: 511 sorry, no mailbox here by that name (#5.1.1 - chkuser) Giving up on 204.11.209.150. --- Below this line is a copy of the message. Return-Path: <TerriizpHendrix@oldvillagelollies.com> Received: (qmail 18102 invoked by uid 9008); 13 Jun 2006 03:49:45 -0000 Received: from 204.11.208.15 by wels4.redanvil.net (envelope-from <TerriizpHendrix@oldvillagelollies.com>, uid 9001) with qmail-scanner-1.25 (clamdscan: 0.88.2/1536. spamassassin: 3.0.3. Clear:RC:0(204.11.208.15):SA:1(6.2/5.0):. Processed in 5.774597 secs); 13 Jun 2006 03:49:45 -0000 X-Spam-Status: Yes, hits=6.2 required=5.0 X-Spam-Level: ++++++ Received: from unknown (HELO mx1.redanvil.net) (204.11.208.15) by wels4.redanvil.net with SMTP; 13 Jun 2006 03:49:39 -0000 Received: (qmail 4686 invoked from network); 13 Jun 2006 04:19:57 -0000 Received: from p2113-ipbf01koufu.yamanashi.ocn.ne.jp (HELO 232CEA8) (222.145.134.113) by mx1.redanvil.net with SMTP; 13 Jun 2006 04:19:57 -0000 FCC: mailbox://TerriizpHendrix@oldvillagelollies.com/Sent X-Identity-Key: iD7 Date: Tue, 13 Jun 2006 00:16:50 -0500 From: Sharon Street <TerriizpHendrix@oldvillagelollies.com> X-Accept-Language: en-us, en MIME-Version: 1.0 To: tracyrifeelli@wels.net Subject: ***SPAM*** Re: CHANGE Content-Type: multipart/related; boundary="------------040005080108070508080006" X-Qmail-Scanner-Message-ID: <115017057973418090@wels4.redanvil.net> This is a multi-part message in MIME format. --------------040005080108070508080006 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=utf-8"> <META content="MSHTML 6.00.2800.1522" name=GENERATOR></HEAD> <BODY bgcolor="#FFFFFE" text="#A10E11"> <img src="cid:part1.09090700.05000908@AureliamtvShields@mellesgriot.com" border=0> </p><p><font color="#FFFFFD">Her mouth dropped open. Just tell No one official came by the following day, but lots of i unofficial people showed up. "Ill turn in after awhile.</font></p><p><font color="#FFFFF8">He believed that God would let him live to perpetuate his poor lost darlings memory for a long, long time. ""You � you dont like it? She put it in his numb hand. So why dont I get at it? ""Just three times, I swear. Only for the last few months shes been going every day instead of just on Saturday afternoons, and the Paul who takes her is her pet writer instead of her older brother. Now, breaking into these gloomy meditations, there came the healthy bawl of a child � his son, awake and more than ready for his afternoon meal. latitude footfall plush opposite extendible plagued minefield decadent lithuania appreciable chautauqua hercules patronage fivefold lingerie infestation horatio cork beplaster involutory clad affair dixie hecuba baklava dowry airy make crucial acknowledge squaw trial baseband barometer bert advisory </font></p> </BODY> </HTML> Code (markup):
You can't do anything really. Just turn off the catch all. Anyone with a bunch of domains has been through this numerous times so you kinda have to suck it up and get used to it.
I think if you found a way to stop this, you'd have an amazing product/service on your hands. I have several domains. I get about 100 legit emails a day. That includes a couple of mailing lists I belong to. I get about 500 junk emails per day and alot of those are bounces to messages that I never sent. And only one of my domains has a catch-all. I never read bounce messages anymore. If any of my real messages actually bounce, I'll never know. Jennifer
I average over 200 a day and about 40% are spam and stuff like that. I just keep blocking them with Spamfighter. It's the only thing you can do.
The spammers are not using my SMTP server. You must be authenticated to use my SMTP server. This type of spam is so simple. They are just simply changing the from address. I used to try to track down where the spam was actually coming from, but it takes time and most of the time it is from some country that won't do anything about it even if you report it. I don't have time to figure out PGP or anything like that right now, but wouldn't that only work with people that you already have established relationships with? I get email from new customers and I want to make sure that email gets through. I have an email address that gets tons of spam and I want to get rid of it, but it is a slow process because it's on business cards and catalogues etc. I don't want to lose that new customer. I'm thinking of telling as many people as I can think of and then setting up an autoresponder that says I no longer check the address due to spam and please contact me through my site. That will give a link with a form. The other spam I get is to abuse@ and postmaster@ Every domain is supposed to have these email addresses, but I never read any messages that come to them so what is the point? Jennifer