Spammer is using my domain as a return address (HELP)

Some spammer has decided to use my domain as his return address and I am
consequently getting 100's of failed emails all addressed to
something@mydomain.

What on earth can I do about this ???!

Many of the latest viruses and trojans do this , try checking you current
security.

Be aware some of them disable your virus checker, try an online scan to
combat this.


"Anthony" <(E-Mail Removed)> wrote in message
news:bp3n59$mhi$(E-Mail Removed)...
> Some spammer has decided to use my domain as his return address and I am
> consequently getting 100's of failed emails all addressed to
> something@mydomain.
>
> What on earth can I do about this ???!
>
>

"Anthony" <(E-Mail Removed)> wrote in message
news:bp3n59$mhi$(E-Mail Removed)...
> Some spammer has decided to use my domain as his return address and I am
> consequently getting 100's of failed emails all addressed to
> something@mydomain.
>
> What on earth can I do about this ???!
>
You can do nothing except find out who you have sent an email to and they
have put your email address in their address book and now have a Virus.

As this is how its happening. its not spammers. A big problem is the fact
the OE puts addresses into the addressbook automaticly.

or hey it might be you who has the Virus.

Ian

Sounds like a Worm virus to me.

Have you got anti-virus software ?

Follow this link to Trend Micro's Housecall which is a free online virus
scan
http://uk.trendmicro-europe.com/ente...all_launch.php

Symantec do a free scan too on their website.

Some of the current worms get into the memory & you might need to disable
system restore to get rid of it, then switch system restore back on.

I think you guys are misunderstanding the problem. I just checked and I
don't have a virus - but I never thought it was. If it's a virus, how does
it know that I own the domain burning-petals.com and why are none of the
emails sent from my computer ??? I don't even use OE as a mail client ...

No, this is someone who is spamming the world with Viagra messages and
doesn't want all the complaints & bounces coming back to him. The header
is:

Return-path: <(E-Mail Removed)>
Received: from tcp-daemon.mta8.srv.hcvlny.cv.net by mta8.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
id <(E-Mail Removed)>
(original mail from (E-Mail Removed)); Sat,
15 Nov 2003 05:47:19 -0500 (EST)
Received: from automationeducation.com
(ool-18b83029.dyn.optonline.net [24.184.48.41]) by mta8.srv.hcvlny.cv.net
(iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
with ESMTP id <(E-Mail Removed)>; Sat,
15 Nov 2003 05:46:23 -0500 (EST)
Date: Sat, 15 Nov 2003 10:46:25 +0000
From: Des Culberson <(E-Mail Removed)>
Subject: US Doctors Approve all Order Sent Overnight Free
qiumrkbglesnbduph
To: (E-Mail Removed), (E-Mail Removed), (E-Mail Removed),
(E-Mail Removed), (E-Mail Removed), (E-Mail Removed),
(E-Mail Removed)
Message-id: <737901c3ab65$e8493953$28b74f84@wkcjmqb>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
Content-type: multipart/alternative;
boundary="Boundary_(ID_+1/ASrMBHcrOqd5JY0SoAA)"
X-Priority: 3
X-MSMail-priority: Normal



"jsp21c" <(E-Mail Removed)> wrote in message
news:bp3qtp$ilq$(E-Mail Removed)...
> Sounds like a Worm virus to me.
>
> Have you got anti-virus software ?
>
> Follow this link to Trend Micro's Housecall which is a free online virus
> scan
> http://uk.trendmicro-europe.com/ente...all_launch.php
>
> Symantec do a free scan too on their website.
>
> Some of the current worms get into the memory & you might need to disable
> system restore to get rid of it, then switch system restore back on.

"Anthony" <(E-Mail Removed)> wrote

> Some spammer has decided to use my domain as his return address and I am
> consequently getting 100's of failed emails all addressed to
> something@mydomain.
>
> What on earth can I do about this ???!

1. If you have control of your domain, set up a email forwarder to
:blackhole: emails to that specific email address

or

2. If you have a friendly domain host, ask them to do this.

or

3. Set up an email forwarded to forward emails to something@mydomain to a
throw away yahoo address

or

4. As a last resort, set up a rule in your email program to delete from the
server any emails to something@mydomain

HTH.

3iron

In article <bp3n59$mhi$(E-Mail Removed)>, (E-Mail Removed)
(Anthony) wrote:

> Some spammer has decided to use my domain as his return address and I am
> consequently getting 100's of failed emails all addressed to
> something@mydomain.
>
> What on earth can I do about this ???!
>
>
>
Nothing, it will stop soon enough.

For your own protection, make sure that you are fully up to date on your
AV, and consider using a mail client other than anything made by
Micro$oft.

In the mean time, set up some filters to divert them to the byte bucket !

- Steve

The prefix changes all the time, otherwise I would have done what you
suggested ..


"3iron" <(E-Mail Removed)> wrote in message
news:bp52d7$1kr1r0$(E-Mail Removed)...
> "Anthony" <(E-Mail Removed)> wrote
>
> > Some spammer has decided to use my domain as his return address and I am
> > consequently getting 100's of failed emails all addressed to
> > something@mydomain.
> >
> > What on earth can I do about this ???!
>
> 1. If you have control of your domain, set up a email forwarder to
> :blackhole: emails to that specific email address
>
> or
>
> 2. If you have a friendly domain host, ask them to do this.
>
> or
>
> 3. Set up an email forwarded to forward emails to something@mydomain to a
> throw away yahoo address
>
> or
>
> 4. As a last resort, set up a rule in your email program to delete from
the
> server any emails to something@mydomain
>
> HTH.
>
> 3iron
>
>

Only allow genuine email addresses.Set up your email service to bounce any
that are not genuine back to the senders. The problem can happen when all
email prefixes are allowed through as genuine basically endorsing any as
real email address. Sometimes the email system is set up like this to avoid
mis-spelt email addresses being binned in case they are real, this used to
be a sound idea but not these days.

Contact your own email host or ISP and explain your problem to them, they
may be able to trace it to a source network if not the actual user. The odds
are that it is from accross the pond, spamming had just been made illegal
over there and the source network might get pissed about their name being
associated with it and possibly block them leaving their network.

Then again they might not and you might just have to wait a while until they
find another domain to spam from.

On Sat, 15 Nov 2003 11:46, "Anthony" <(E-Mail Removed)> wrote:

>The prefix changes all the time, otherwise I would have done what you
>suggested ..

see if your hosting provider allows for all unknown mail addresses to
be handled the same way. I sell hosting which allows one to set the
default to (a) some specific address, (b) to bounce with a message
(but not a good idea when dealing with spamming like this problem)
and on other hosting with (c) drop in /dev/null to simply lose the
junk mail. Good luck. Peter Morgan