Spammer using my site's email to spam

In the last few day i start receiving bound back email block by spam filter. The sender is a email address with company domain (but the address doesn't exist).

I check my email log, no outbound mail. And the situation is getting more serious as i get hundreds of mail every hour.

Anyone had similar situation or know how to stop it?

Since the fake address doesn't exist, the mail went into the catch all box (info@ccaus.com)

From - Wed Apr 11 09:58:59 2007
X-Account-Key: account3
X-UIDL: UID5654-1159805661
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
Return-path: <>
Envelope-to: [EMAIL="info@ccaus.com"]
info@ccaus.com[/EMAIL]
Delivery-date: Wed, 11 Apr 2007 08:57:25 -0500
Received: from cca328 by [URL="http://gator161.hostgator.com/"]gator161.hostgator.com[/URL] with local-bsmtp (Exim 4.63)
	id 1HbdK7-0008G9-K4
	for 
[EMAIL="info@ccaus.com"]info@ccaus.com[/EMAIL]; Wed, 11 Apr 2007 08:57:25 -0500
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
	[URL="http://gator161.hostgator.com/"]gator161.hostgator.com[/URL]
X-Spam-Level: 

X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.1.8
Received: from [URL="http://ns.sapmed.ac.jp/"]ns.sapmed.ac.jp[/URL] ([[URL="http://163.130.151.200/"]163.130.151.200[/URL]]:57375)

	by [URL="http://gator161.hostgator.com/"]gator161.hostgator.com[/URL] with esmtp (Exim 4.63)
	id 1HbdK6-00002j-Ks
	for [EMAIL="macccausdoc@ccaus.com"]macccausdoc@ccaus.com[/EMAIL]; Wed, 11 Apr 2007 08:57:23 -0500

Received: from [URL="http://rg.cc.sapmed.ac.jp/"]rg.cc.sapmed.ac.jp[/URL] ([URL="http://sains.sapmed.ac.jp/"]SAINS.sapmed.ac.jp[/URL] [[URL="http://163.130.201.170/"]163.130.201.170[/URL]] (may be forged))
	by [URL="http://ns.sapmed.ac.jp/"]
ns.sapmed.ac.jp[/URL] (/8.12.11) with ESMTP id l3BDvJ4X006467
	for <[EMAIL="macccausdoc@ccaus.com"]macccausdoc@ccaus.com[/EMAIL]>; Wed, 11 Apr 2007 22:57:19 +0900 (JST)
Received: from localhost (localhost)

	by [URL="http://rg.cc.sapmed.ac.jp/"]rg.cc.sapmed.ac.jp[/URL] (MOS 3.8.3-GA)
	with internal id AFP17033;
	Wed, 11 Apr 2007 22:57:14 +0900 (JST)
Date: Wed, 11 Apr 2007 22:57:14 +0900 (JST)
From: Mail Delivery Subsystem <
[EMAIL="MAILER-DAEMON@sapmed.ac.jp"]MAILER-DAEMON@sapmed.ac.jp[/EMAIL]>
Message-Id: <[EMAIL="200704111357.AFP17033@sapmed.ac.jp"]200704111357.AFP17033@sapmed.ac.jp[/EMAIL]>
To: <[EMAIL="macccausdoc@ccaus.com"]
macccausdoc@ccaus.com[/EMAIL]>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
	boundary="AFP17033.1176299834/sapmed.ac.jp"
Subject: ##SPAM## Returned mail: User unknown (from 
[URL="http://163.130.201.114/"]163.130.201.114[/URL])
X-Old-Subject: Returned mail: User unknown (from [URL="http://163.130.201.114/"]163.130.201.114[/URL])
Auto-Submitted: auto-generated (failure)
X-DSN-Junkmail: UCE(300)

X-DSN-Junkmail-Status: score=300/49, host=[URL="http://rg.cc.sapmed.ac.jp/"]rg.cc.sapmed.ac.jp[/URL]
X-Junkmail: UCE(58)
X-Junkmail-Status: score=58/49, host=[URL="http://rg.cc.sapmed.ac.jp/"]rg.cc.sapmed.ac.jp
[/URL]
X-Junkmail-SD-Raw: score=bulk(8),
	refid=str=0001.0A090209.461CD9D0.000D,ss=3,sh,fgs=0,
	ip=[URL="http://0.0.0.0/"]0.0.0.0[/URL],
	so=2006-12-09 10:45:40,
	dmn=5.3.10/2007-02-21
X-Mirapoint-RAPID-Raw: score=unknown(0),

	refid=str=0001.0A090209.461CD9D0.000D,ss=3,sh,fgs=0,
	ip=[URL="http://0.0.0.0/"]0.0.0.0[/URL],
	so=2006-12-09 10:45:40,
	dmn=5.3.10/2007-02-21
X-Mirapoint-Loop-Id: eef9282efd34757a018b7f42252f00bd


This is a MIME-encapsulated message

--AFP17033.1176299834/sapmed.ac.jp

The original message was received at Wed, 11 Apr 2007 22:57:14 +0900 (JST)
from localhost

   ----- The following addresses had permanent delivery errors -----

[EMAIL="tanigucm@sapmed.ac.jp"]tanigucm@sapmed.ac.jp[/EMAIL]

   ----- Transcript of session is unavailable -----

--AFP17033.1176299834/sapmed.ac.jp
Content-Type: message/delivery-status

Reporting-MTA: dns; 
[URL="http://sapmed.ac.jp/"]sapmed.ac.jp[/URL]
Arrival-Date: Wed, 11 Apr 2007 22:57:14 +0900 (JST)

Final-Recipient: RFC822; [EMAIL="tanigucm@sapmed.ac.jp"]tanigucm@sapmed.ac.jp[/EMAIL]
Action: failed
Status: 
5.1.1
Remote-MTA: DNS; [URL="http://163.130.201.114/"]163.130.201.114[/URL]
Diagnostic-Code: SMTP; 550 5.1.1 <[EMAIL="tanigucm@sapmed.ac.jp"]tanigucm@sapmed.ac.jp[/EMAIL]>... User unknown
Last-Attempt-Date: Wed, 11 Apr 2007 22:57:14 +0900 (JST)


--AFP17033.1176299834/sapmed.ac.jp
Content-Type: message/rfc822

Received: from localhost (localhost [[URL="http://127.0.0.1/"]127.0.0.1[/URL]])
	by [URL="http://rg.cc.sapmed.ac.jp/"]rg.cc.sapmed.ac.jp
[/URL] (MOS 3.8.3-GA)
	id AFP17024;
	Wed, 11 Apr 2007 22:57:14 +0900 (JST)
Received: from [URL="http://sms.sapmed.ac.jp/"]sms.sapmed.ac.jp[/URL] ([URL="http://sms.sapmed.ac.jp/"]sms.sapmed.ac.jp[/URL] [[URL="http://163.130.151.130/"]
163.130.151.130[/URL]])
	by [URL="http://rg.cc.sapmed.ac.jp/"]rg.cc.sapmed.ac.jp[/URL] (MOS 3.8.3-GA)
	with ESMTP id AFP16888;
	Wed, 11 Apr 2007 22:57:10 +0900 (JST)
Received: from [[URL="http://80.48.49.12/"]
80.48.49.12[/URL]] ([[URL="http://80.48.49.12/"]80.48.49.12[/URL]]) 
          by [URL="http://sms.sapmed.ac.jp/"]sms.sapmed.ac.jp[/URL] ([[URL="http://163.130.151.130/"]163.130.151.130[/URL]]) 
          with ESMTP id 2007041122:57:08:
384194.186.411
          Wed, 11 Apr 2007 22:57:08 +0900 (JST) 
Received: from [URL="http://74.52.58.130/"]74.52.58.130[/URL] (HELO [URL="http://ccaus.com/"]ccaus.com[/URL])
     by [URL="http://sapmed.ac.jp/"]
sapmed.ac.jp[/URL] with esmtp (3TD0IU1<8)- ZE87W)
     id [URL="http://87.io/?-08%29Y6L-.-"]87.IO?-08)Y6L-.-[/URL]
     for [EMAIL="tatsumi@sapmed.ac.jp"]tatsumi@sapmed.ac.jp[/EMAIL]; Wed, 11 Apr 2007 13:57:16 -0100

Date: 	Wed, 11 Apr 2007 13:57:16 -0100
From: "Jamar Manning" <[EMAIL="macccausdoc@ccaus.com"]macccausdoc@ccaus.com[/EMAIL]>
X-Mailer: The Bat! (v3.80.03) Home
X-Priority: 3 (Normal)
Message-ID: <
[EMAIL="979826081.97824884075535@thhebat.net"]979826081.97824884075535@thhebat.net[/EMAIL]>
To: [EMAIL="tatsumi@sapmed.ac.jp"]tatsumi@sapmed.ac.jp[/EMAIL]
Subject: ##SPAM## Summer is coming, time to tone up

X-Old-Subject: Summer is coming, time to tone up
X-Spam: Not detected
X-TERRACE-SPAMMARK: YES-XSPAMROBOT (SR:-4.65)           
 (SRN:spamrobot) -----------------                                  
X-Junkmail: UCE(300)

X-Junkmail-Status: score=300/49, host=[URL="http://rg.cc.sapmed.ac.jp/"]rg.cc.sapmed.ac.jp[/URL]
X-Junkmail-SD-Raw: score=confirmed,
	refid=str=0001.0A090207.461CD90F.0031,ss=4,sh,fgs=0,
	ip=[URL="http://80.48.49.12/"]
80.48.49.12[/URL],
	so=2006-12-09 10:45:40,
	dmn=5.3.10/2007-02-21
X-Mirapoint-RAPID-Raw: score=unknown(0),
	refid=str=0001.0A090207.461CD90F.0031,ss=4,sh,fgs=0,
	ip=[URL="http://80.48.49.12/"]80.48.49.12[/URL]
,
	so=2006-12-09 10:45:40,
	dmn=5.3.10/2007-02-21
X-Mirapoint-Loop-Id: eef9282efd34757a018b7f42252f00bd
X-Mirapoint-Loop-Id: 2bbfa191ce4f30235c2062027bff5f8c



--AFP17033.1176299834/sapmed.ac.jp-

Code (markup):

 

are you using hostgator server or account? have you tried to contact with them

 

Its very simple.

The mail was sent by gator161.hostgator.com

the ip of sender is 163.130.151.200

Contact hostgator with the email headers as you posted above. They will be only the one who can resolve it

 

Hostgator is not the sender of the mail..that's my host.....

 

I too face the same problem with my 2 sites hosted with hostgator.

 

Assuming here that your site uses php, have a look at this:

http://www.securephpwiki.com/index.php/Email_Injection

 

Anyway to prevent spammers from using my domains?

 

Or they're just using your mail-address as a from address and you get all the non delivery reports. If so, your pretty much f***ed. Wait a few days and they usually change to another address.

 

maybe you should stop publishing all your email addresses on the internet, including this posting...

 

the account they used is a made up one, i believe they do it randomly.

 

I believe that's what they are trying to do. It is gone now