I keep getting a bunch of "Mail Delivery Failure Notice" return emails in my catch-all email account. Seems that someone is using a fake email address with my domain in the "reply to" line, like "ffjjk008fss@ann-s-thesia.com". I do not have a ffjjk008fss email account, so the failed/returned emails end up in my catch-all account.

I guess spammers can take any domain name, put a fake reply-to addy, and it looks like it originates from the innocent domain, rather than their own unscrupulous account.

I guess there's no way to stop this either on my side, is there? It really seems to be getting out of hand, and I don't want to end up on a list of spammers just because someone else is hijacking my name.

Suggestions?

BTW, I don't have a virus. I run a Mac and my virus subscriptions are up to date. I think this is something completley external.

i had a look at your message two days ago. I had no idea on how to fix this problem and it looks like everybody is clueless. You shouldn't worry too much. You make your way into a list if you send the spam (and you didn't ... right?) or the spam has an ad for your site (it had none ... right?). The lists of spamers ban the ip not the domain. There are 270+ domains on that IP and the AOH staff will help you for sure. I think there is an USA law (not the antispam one) which prohibits sending emails in your name (check with somebody who knows better). Gather all the info you get. Here is what you can do:
- Monitor the list of spamers. If you see your domain or ip (207.218.248.33) post a support ticket and explain the entire situation. You should get help.
- Track that guy and complain to his ISP
If you know the guy doing this:
- Sue!!!!
- Post his address here. Maybe somebody can pay him a visit. :chainsaw:

I hope this story will have a happy end and if somebody has other ideas, i would realy like to know.

Unfortuneately, it's very common for spammers to use forged headers to avoid detection. You'd be AMAZED how much we actually see this happen. Unfortuneately, there really is nothing you can do about it. You haven't had a hand in any step of the sending process, so you can't protect against your domain name being included as a reply to. However, forged headers are often easy to recognize and I've never heard of any of our customers that have had this happen experiencing any backlash as a result. So, while there's nothing you can do about it happening, I'd say your chances of having something bad happen to you as a result are somewhere between nil and non-existant.

An interesting addition to this thread:

Since January 27th (the day Doom-B first arose) one of my domains has been almost "flooded" with bounce messages. The most interesting feature of this is that they are using a great number of variables in the spoofed address. The only thing they share in common is the @domain.com.

In other words, they're spoofing names in addition to the address.

I have been experiencing the same thing for a few weeks now but more so just over this weekend. a lot of the mail seemed to be trying to send to users in Russia because of the .ru

It is very frustrating trying to even get a handle on the origination, but like another poster mentioned, it is so easy for people to just change the reply-to address. Fortunately, I have not experienced any issues receiving mail, so at least I am not on some anti-spam blocking list.

Joe
CyberSuperSales.com

Yesterday I became a new victim to this e-mail spam/hijack prank. I cannot believe there is no way to track down from where these messages were sent. As long as the path is not volatile, we should be able to track it reversely. I am not much a networking person but for this very valid cause I am willing to learn and fight against my hijackers! What I need is someone to help me to begin. Point me a way, drop me some hints. We can stop this!!!

Knowing where the messages originated from wouldn't help anything, the major portion are being sent by unknowing robots, one of them could be your machine.

The internet mail system as we know it today was not created for a commercial market, it was designed for scientists and universities who had no interest in creating problems for each other. The same goes for the http protocol, all the security that exists today has been tacked on as a result of the way the internet is used today, it was not designed for commerce in the beginning.

messages are delivered by mail servers. some can recognize suspicious ones; some have loose policies; some are trusted; some are not. there is however a site called spampolice.net. it helps to track down these spammers. they first identify the ip address where a message was last sent - the last node in a long chain, notify that server. when enough servers (admins) become aware of these activities, they can close in on the source.

I agree it may be difficult. but not without hope. we, the victims, often are spammed with large amount of messages which in turn can be used as information to track down the spammers.

I wonder if anyone has thought of any innovative way to battle this problem. I myself am a programmer. I feel very 'insulted' if I don't put up a good flight. Anyone feel the same way?

The latest breed of trojans/viruses are loaded with built-in smtp servers, they turn unsuspecting users computers into spam making machines, the reason for spam from so many addresses that are not spammers themselves.

Dvorak, in a recent issue of PC Magazine has stated that always on high-speed connections aren't such a good idea after all, on some users machines.

Research has produced these links:

http://news.spamcop.net/pipermail/spamcop-help/2002-July/007903.html
and
http://www.mailsbroadcast.com/email.broadcast.faq/45.email.hijacked.htm

Blackhole the unrouted email address, otherwise it's just a huge pain.