How is my domain name being hijacked?

[Rob]

I hope this question is appropriate to alt.html

I brought up my primitive website last week, and ever since, I've
been deluged w. email messages from email servers telling me that
A.) I sent an email to somebody at the domain served by that email
program that has been rejected
B.) because either addressee unknown, or the email contained a
virus, etc., etc.

Is this a consequence of webbots that troll for new websites and
flood the universe w. emails that show me as the sender?

Is there anything I can do to stop it?

Many thanks,
Rob

 

[J.O. Aho]

I hope this question is appropriate to alt.html

I brought up my primitive website last week, and ever since, I've
been deluged w. email messages from email servers telling me that
A.) I sent an email to somebody at the domain served by that email
program that has been rejected
B.) because either addressee unknown, or the email contained a
virus, etc., etc.

Is this a consequence of webbots that troll for new websites and
flood the universe w. emails that show me as the sender?

Is there anything I can do to stop it?

Your feedback/"tell a friend" script is allowing people to inject
mail-headers, which makes it possible for spammer to use it to send spam to
people. It don't take them long time to find these forms and when someone has
found it, it's soon known by hordes of spammers.

Spammers uses others e-mail addresses or fake ones, as they don't want to get
the mail bounced back at them and there are those spammers who delivery send
spam to a none working e-mail address, so that your ISPs spam-filter won't
filter it away, you get the mail and will open it to see what mail did fail to
be sent and the spammer hope you will read the whole mail and then hand over
your money to them.

 

[Tina Peters]

Your feedback/"tell a friend" script is allowing people to inject
mail-headers, which makes it possible for spammer to use it to send spam
to people. It don't take them long time to find these forms and when
someone has found it, it's soon known by hordes of spammers.

Spammers uses others e-mail addresses or fake ones, as they don't want to
get the mail bounced back at them and there are those spammers who
delivery send spam to a none working e-mail address, so that your ISPs
spam-filter won't filter it away, you get the mail and will open it to see
what mail did fail to be sent and the spammer hope you will read the whole
mail and then hand over your money to them.

I didn't see where he said he had a form on his site. My guess would be its
a Joe Job attack, where some spammer used the OPs email address as the
"reply to" address, so he's getting all of the undeliverables. We see it
happen all the time. A good rule of thumb to avoid this type of attack is
to not have a "catchall" email account setup, since a lot of the bounces
will end up there.

PS: Regarding the form mail type of attack you mention, we have on that
seems to work pretty good. So far, the spamming robots have ignored it:
http://www.formmailscript.com

--Tina

 

[(PeteCresswell)]

Per Tina Peters:

A good rule of thumb to avoid this type of attack is
to not have a "catchall" email account setup, since a lot of the bounces
will end up there.

I can support that from experience.

Before I caught on, my domain was getting 7,500-8,000 spams per day - most
dictionary attacks.

 

[Tina Peters]

Per Tina Peters:

I can support that from experience.

Before I caught on, my domain was getting 7,500-8,000 spams per day - most
dictionary attacks.

Yeah, we now set up all hosting accounts with the catch all account set to
:blackhole: - it doens't thwart Joe Job attacks entirely, but it does
help.

--Tina

 

[J.O. Aho]

I didn't see where he said he had a form on his site.

No he didn't, it was an assumption from my side, as he said he had setup a
primitive site, and at the same time provide other possibilities too.

My guess would be its
a Joe Job attack, where some spammer used the OPs email address as the
"reply to" address, so he's getting all of the undeliverables. We see it
happen all the time.

With help of mimedefang you can filter away false "bounces" and bouncing it
back to the sending server and let it take care of the mess it has made.

 

[Rob]

Tina is correct, I have no form, just <a "mailto: ...">Contact</a>

It bugs me that the Internet allows anyone to form an email and
provide <anything>@<mydomain> as the return address.

It looks like I need to make my email program funnel the email
bounces because I cannot eliminate them.

Thank you for all the help/advice. This is a good group.

Rob

 

[David Segall]

Tina is correct, I have no form, just <a "mailto: ...">Contact</a>

You might like to use <http://www.addressmunger.com/> to encode your
email address. It seems to help.