How to? Protect my domain from SPAMMERS?

[doublez]

I've owned my main domain name for several years. A while ago it was used for several massive SPAM campaigns by some jerks.

As far as I could tell: the emails were not originating from my (Vortech) email servers. They were made to look like they came from my domain and when people hit reply with their rants & raves I would get them.

I even had people track down my phone number and address via DNS look-ups. They called screaming at me, they sent nasty letters, etc.

I tried everything to get it under control as I had a lot riding on that domain name. I got threatened with a couple lawsuits so I had to request that Vortech shut off all incoming & outgoing email on that domain.

No more complaints. It was nice not getting threats... but it sucked that I had to start all over with a new domain.

Long story short: I got a new domain name and use it solely for email. There is only one email address used on the new domain and I am the only one that uses it... but flash back to a year or so ago: I'm getting complaints about SPAM again!

Again, it looks like someone is using my new domain name to SPAM people with junk mail & possibly viruses via some file called: message.scr

How do I protect my domains from this abuse? It only happens with my popular domains. I have close to 30 other domains that have never seen any SPAM complaints. Only my "important" domains are getting abused.

Any help and or suggestions is greatly appreciated!

[Silverbug]

in short, there isnt really alot you can do unfortunatly.

[bootNumlock]

i have a different issue, but along the same lines. Currently vortech has NAMESERVERS that are listed on the Spamhaus SBL

This is the first time i have ever seen NAMESERVERS listed -- this is much more of an issue than the mailserver as this effects all domains that reference this name server regardless of the mail server they use!

Moreover, the customer that caused this was blatantly advertising bullet proof email hosting on our network

Sure, these jerks were shut down and have hopefully been booted from our network, but it has been 3 days and we (vortech NAMESERVERS) are still on the list.

The saddest part is that my main customer that this is affecting doesn't even use vortech mail servers, they have their own with custom MX here, etc.

This is a real issue for them as they transact many email communications that are vital to their sales operations.

just wanted to vent.

[dpyers]

Not a whole lot you can do to protect yourself from a Joe Job (http://en.wikipedia.org/wiki/Joe_job) other than put something on your contact form about the problem and maybe a link to an article explaining to people how to read headers to determine where the spam really came from.

I use a registrar that obfuscates my contact info - it changes every few hours. Mail for my domains from internet organizations (ARIN, etc.) however is forwarded to an email address that I gave my registrar. I also don't use catch-all accounts. Keeps joe-job bounces out of my inbox unless they used an actual email address or postmaster, webmaster, or abuse. Once I can figure out how Vortech got spf set up, I'll be using that as well.

[Silverbug]

Quote:

I use a registrar that obfuscates my contact info - it changes every few hours.

care to share the link?

[dpyers]

registerfly, but I believe there's others who do similar.

[Garreg]

doublez: That really sucks! Sorry to learn you've had such a hard time.

[generic]

doublez, I would guess there is a connection there somewhere. A competitor, an ex-employee, ex-girlfriend something...

Wondering why would you have to have vortech shut off your email. You can do it from the cp.

[newmem]

"message.scr" is a virus. Not necessarily that you are infected Doublez. It seems that someone who keeps in touch with you is infected. He may have added your email address in his Address book, and the virus reads your email address from there and sends out mails using that address, and any other address it finds there.

If you want to accept mails from an important domain, then use a contact form and don't publish your address there. Then send all replies using another common domain's email address. Thus, no one will know what email address you have setup on the important domain to receive your mails.

hope this helps...

[CelticRaven]

Is there a light at the end of this tunnel?

I have had problems with joejobs too and it sucks BIG TIME.

Anybody know where any of the proposed methods (spf, domain keys, email caller id) for stopping joejobs are at? IIRC seems like some of these were dropped because of industry disagreements and ease of deployment and spf isn't quite what it should be yet. All of which is hard to swallow!

[tbliss]

First, let me say that I am technically challenged. I'm new to reselling even though I've had my account for 3 years. I'd like to learn more, so I'm doing the "learning by doing" method. Please excuse my ignorance and point me to "how to" articles if they are available.

Having said that, I'm dealing with alot of spam messages being bounced back to me due to fake email addresses being used by someone. If I understand the posts correctly, I could eliminate or lower spam by not having any email addresses posted on my site, and using a contact form instead?

I thought I read somewhere that contact forms would make your site less secure. Is this true? Do contact forms use formail?

Are there settings I should be using in my email to help eliminate fake addresses?

I read another post that said something about port 2525. Is this what I need? If so what is it? How do I use it?

Sorry to be a stupid user, but we all have to start somewhere.

[etruitt]

Quote:

Originally Posted by tbliss

If I understand the posts correctly, I could eliminate or lower spam by not having any email addresses posted on my site, and using a contact form instead?

This is true. Many spammers will use web spiders (spam bots) to find email addresses on web pages, even in hidden form tags in the html. By not posting your info in plain text, the bots can't read your email address. If you can see an email address in the source code of a page, so can the spam bot.

Quote:

Originally Posted by tbliss

I thought I read somewhere that contact forms would make your site less secure. Is this true? Do contact forms use formail?

This is not true. Using formail is not a good idea, however there are many email forms based on php or asp and .net that will allow you to hide your contact information in the code where the spam bots will not be able to find it. I use an asp form that posts to a file that runs on the server and takes the form fields and spits them out in an email back to me. Even if the spammer knew where the page was on the server it would just spit out a blank page for them.

Quote:

Originally Posted by tbliss

Are there settings I should be using in my email to help eliminate fake addresses?

It has been suggested that you should disable any catch all address. Then all replys to the fake email address will bounce to the users sending them. You can also use a service to hide contact information in your WHOIS listing. You should also make sure not to display your email address in plain text on your site. On one of my clients sites they had to have their email address viewable on the site, so I created an image with the email address on it. Spam bots can't read images however real humans can. Note: don't use the image idea and then use a mailto: link as this will just post the actual address in the html code where the spam bots can easily read it. Just a few ideas.

Quote:

Originally Posted by tbliss

I read another post that said something about port 2525. Is this what I need? If so what is it? How do I use it?
Sorry to be a stupid user, but we all have to start somewhere.

Vortech has set this protocol up to discurage spammers from using Vortech mail servers. It also allows real users like us to use a port that will allow us to send mail without worrying if it will be delayed by server stress. At least that is my understanding.

Hope that helps. e.