Intrusion alert!

September 18th, 2003 02:23 pm[personal profile] tinyjo
tinyjo: (Default)
OK, it's much worse than I thought. Someone else is sending out a ton of spam email purporting to come from my domain. It seems to be the style of spam that I've been getting recently (prescription meds stuff) so I assume that's where they found the domain name. Now the question is, how do I get them to fuck the hell off and stop doing it? I figured out that it's not being sent from my computer because after disinfecting it, I shut it down for a bit as a test and logged onto my email using webmail and my office computer. And I've just received another bounce message stating the original mail was received at 9:06 EST (i.e. 14:06 GMT). While my laptop was turned off, and had been for a good hour. On the plus side this means that I can turn the laptop back on, reassured that it's completely clean of mail sending crap but on the minus side, what the hell do I do about this?
  • Current Mood: angry
  • Current Music: Alabama 3 - woke up this morning
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: September 18th, 2003 06:29 am (UTC)From: [identity profile] angelsk.livejournal.com
someone keeps using my email to send spam too

Date: September 18th, 2003 06:33 am (UTC)From: [identity profile] sparkymark.livejournal.com
In a Guardian online article

Jack Schofield replies: Klez is dangerous because it can infect a PC without you opening an attachment: viewing mail in a preview pane is enough. However, when Klez mails itself to other people, it chooses email addresses at random. It is possible for someone to receive an infected email that looks as though it came from you but came from someone else. The fact that an infected email has your address on it does not prove your PC is infected.


Which Outlook [Express[ user would have both tinyjo and angelsk in their address book?

(i was actually searching for a more recent Jack Schofieled article about how Klez non-deliveries are the new Spam: how companies should black-hole them rather than advertising their lovely filters by bouncing them).

Oh, it wasn't Klez they were talking about, but its just as relevant...

Date: September 18th, 2003 06:37 am (UTC)From: [identity profile] sparkymark.livejournal.com
So many people are now using scanning software on their servers that bounced mail is becoming a significant problem. It seems to me that, under the circumstances, this bounced mail is basically advertising - Look at us, we blocked a virus! - and therefore little better than spam. If you are bouncing viruses, it is now adding to the problem, not solving it.

Close but...

Date: September 18th, 2003 06:38 am (UTC)From: [identity profile] tinyjo.livejournal.com
The thing is, it's not using my address - the emails all come from [randomlettersandnumbers]@tinyjo.net. I think klez does pick up actual email addresses, which is part of the problem.

I get the mails into my inbox because I have garbage collection on my domain pointed to my email address. Now I could turn that off, or point it to a spare account to view later at my leisure, but I would like to get whoever it is to stop bloody well doing it if possible

Re: Close but...

Date: September 18th, 2003 07:34 am (UTC)From: [identity profile] mzdt.livejournal.com
I'd love to be able to add something positive...

...but of course, the other thing to worry about is that the various spam bouncers (spamcop et al) are going to start bouncing anything from tinyjo.net... ;-(

I had a problem recently where my domain forwarders had added a spam bouncing service without asking, and started bouncing everything from another.com, just as I was organising something with someone who used it.

Re: Close but...

Date: September 18th, 2003 08:36 am (UTC)From: (Anonymous)
Spamcop shouldn't be a problem, as they blacklist based on IP addresses. It's unlikely that the spammers have actually hijacked the server at 80.94.195.240.

The best trick to be rid of all these bounce messages is to configure your mail server to reject all but valid recepient names at tinyjo.net.

- Adrian

Re: ...no cigar.

Date: September 18th, 2003 09:18 am (UTC)From: [identity profile] mzdt.livejournal.com
...just goes to prove I know nothing, but at least I use my ignorance for peaceful purposes.

I tend to use the company name@my domain as an email address when shopping; when anyone starts spamming me using that address, I set the forwarding to go to them. Lovely.

Not the same, but satisfying nevertheless...

Joe Job

Date: September 18th, 2003 08:32 am (UTC)From: (Anonymous)
It isn't a virus - it's a Joe Job (http://www.everything2.com/index.pl?node=Joe%20Job).

Just one of the hazards of having a domain, though you do seem to be unlucky. I normally only get one or two of these a day for my domains.

- Adrian

Re: Joe Job

Date: September 18th, 2003 01:56 pm (UTC)From: [identity profile] celestialweasel.livejournal.com
Technically this isn't a 'Joe Job'. A 'Joe Job' is done to deliberately cause problem for the person whose domain it is.

Otherwise I concur completely with this e-mail..
this is a hazard of having a domain, is nothing to do with any virus infection or worm or anything you have done (apart from having a domain) and there is nothing you can do about it (apart from filtering the bounce messages somehow).

I think that they come in storms i.e. someone uses your domain name for a while, then they move on to others - I have had an outbreak of these recently but seem to be at the tail end of it. I haven't had of these bounce messages yet today, I had 5 yesterday and 4 the day before.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

tinyjo: (Default)
Emptied of expectation. Relax.

June 2020

S M T W T F S
 1 23456
78910111213
14151617181920
21222324252627
282930    

Most Popular Tags

Page Summary

Expand Cut Tags

No cut tags
Page generated October 18th, 2025 07:17 am
Powered by Dreamwidth Studios

Style Credit