Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Anyway to Deal With Spammer Repeatedly Using my Site's Main email Addresses
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Anyway to Deal With Spammer Repeatedly Using my Site's Main email Addresses

MTUser2012MTUser2012 Member
edited April 2013 in General

A spammer is using the main email address for one of my sites to spam people for a VPN service running out of Eastern Europe (sent from). I've contacted the VPN service. They say the emails are being sent by an affiliate not them, and they have no control over the affiliate, and don't know who it is. I am not sure that I believe this as the email is generic and does not seem to contain any information to identify a particular affiliate.

I am getting the bounces, and am concerned about my domain being blacklisted. Does anyone know how to fix/deal with this kind of situation?

Comments

  • curtisgcurtisg Banned

    Delete the email. Problem solved for... well not really solved, but if you delete the email if someone replies it won't be shown up, it'll just give them a postmaster error.

  • MaouniqueMaounique Host Rep, Veteran
    edited April 2013

    @MTUser2012 said: I am getting the bounces, and am concerned about my domain being blacklisted.

    No worry there, I used to get at my former job thousands of bounces a day, many from virus using contacts lists to masquerade as someone you know, but also genuine spammers using it. Never got blacklisted.

  • herbyscrubherbyscrub Member

    Would a DMARC record work here? You can probably set it up initially to receive reports from other hosts and maybe later set it to reject emails when you're comfortable.

  • EllimistEllimist Member

    Set up an SPF record, sign your emails using DKIM and then set up DMARC with "p=none". You'll see which hosts are sending emails using your email addresses. Use a service like DMARCian to parse your XML files.

    When you are sure that all your legitimate emails are passing DMARC validation, change to "p=reject" and illegitimate emails will be rejected by the providers.

  • RaymiiRaymii Member

    Set up an SPF record with hardfail on. If that doesn't work also set up DKIM/DMARC. But make sure all your mailservers are configured correctly. DKIM will give you a lot of extra work, SPF not that much.

  • natestammnatestamm Member

    @MTUser2012 good info above message headers can be totally forged but receiving servers are smarter than you think +1 Ip reputation

  • MTUser2012MTUser2012 Member

    Thanks for the help. I am excited about trying these fixes. Little did I know when I waved good bye to my Hostgator reseller account there was so much to learn.

    I'd like to try the suggestions of @Ellimist and @Raymii. Seeing as I am a beginner at all of this, I guess I should start with SPF record and DKIM and try DMARC latter when I understand the results of the first fix.

    After Googling around, I can find decent tutorials for SPF and DKIM for google apps, but not for a generic Linux system - I am hosting my sites with Virtualmin running on Centos. Please can someone point me to a good tutorial?

  • MaouniqueMaounique Host Rep, Veteran

    http://www.virtualmin.com/node/4889

  • sleddogsleddog Member

    @MTUser2012 said: A spammer is using the main email address for one of my sites to spam people

    Sounds like a JoeJob. Happens all the time, don't lose any sleep.

  • MTUser2012MTUser2012 Member

    @Maounique: Thanks, I should have thought of including Virtualmin in my search.

  • ReeRee Member

    One of my domains was joejobbed. Tried SPF and it did nothing, so eventually I just abandoned the catch-all I had in place (didn't REALLY need it anyway). Might have to look into DMARC to see if it could help.

  • RaymiiRaymii Member

    @MTUser2012 said: @Maounique: Thanks, I should have thought of including Virtualmin in my search.

    SPF is very easy, it is a DNS record:

    $ dig TXT relst.nl
[...]
;; ANSWER SECTION:
relst.nl.       3600    IN  TXT "v=spf1 include:_spf.google.com -all"
[...]

    If you don't use Gapps, you probably want to have something line "v=spf1 mx a -all" (Which says that all your MX and A records can send email, and all others should fsck off).

    DKIM is handles by your MTA, postfix, sendmail, exim etc. Find out which one runs on your system, then search tutorials for for example postfix dkim (if you run postfix).

  • MTUser2012MTUser2012 Member

    Update from OP:

    I received great suggestions here that took me a while to put into practice. With help, I had to teach myself about all this stuff and figure out how to install it on my VPS. First, I worked on installing and getting DKIM working. I found the verification system at port25.com helpful. Once I got DKIM going, I worked on DMARC, with no policy and a request that I got the bad emails sent to me. Sure enough, I got lots of spam for the private VPN service. Once I had that working I took it out of test mode and set my DMARC policy to reject. Lastly, I changed my fail option in the SPF record from neutral to hard fail.

    Through this process, I learned who was using my domain for their spam promoting private VPNs, it was mostly coming from the Russian Federation, but I found lots of odd people using it too; I had some edus and postini.

    This was just one domain. Now, I think I can implement it on all my domains, even if they are not getting hammered with SPAM.

Sign In or Register to comment.