Results 1 to 11 of 11

Thread: Spam emails

  1. #1
    New Lounger
    Join Date
    Sep 2012
    Posts
    15
    Thanks
    1
    Thanked 1 Time in 1 Post

    Question Spam emails

    Lately I've been getting spam emails from my own domains. Now I realize these are probably spoofed and not really coming from me. But If I'm getting these then other people are probably getting these emails from "me" as well?
    I guess my big concern is - will this put my domains on a "blacklist" list?

    Jennif

  2. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Blacklists usually include email servers that have been used to send spam email. Even with your spoofed email address as the sender's address, the emails will have been sent from other servers. This being the case, just because your email address shows up in spoofed emails, it doesn't mean your email server will be blacklisted. I am not sure everyone respects this procedure, but most blacklist maintainers will do. So, while I cannot assure you that your domains won't be blacklisted, it's very likely that they won't.

  3. #3
    New Lounger
    Join Date
    Sep 2012
    Posts
    15
    Thanks
    1
    Thanked 1 Time in 1 Post
    Good to know, thank you.

    Jennif

  4. #4
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I would definitely change your password on your email.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  5. #5
    New Lounger
    Join Date
    Sep 2012
    Posts
    15
    Thanks
    1
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Medico View Post
    I would definitely change your password on your email.
    Why? Are they actually accessing my domain account?

  6. #6
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Ted: since the mail appears on face value to be coming from a domain hosted account it's a bit more complicated than changing the password on the email (that's gong to be linked to many other items through Active Directory)....but the sentiment is correct: The admins of the server need to verify that it's not the spam host.

    Jennif: Ruiri is correct, I've never seen a blacklist pickup a mail host just because the sender address was spoofed. However, you should verify that your mail server has not been compromised.

    Assuming you have a local mail host (Exchange) check the mail transport logs and the mail headers to ensure the spam mail is not coming from your server. Ensure that you have no open mail relay to a public IP address. If you do, that could be exploited and that will result in your host being added to a blacklist.

    If your mail server is hosted in the online, check via your mail control panel that no additional accounts have been added and that the hosting account security is maintained.

    You can check some of the above using mxtoolbox.com, which will help you determine if your host is blacklisted or if you have an open relay.

    Assuming that your host is not compromised and not blacklisted, there is little that you can do. There is always the risk that a recipient could add your domain to their blocklist, but that shouldn't affect a public blacklist. The only danger there is if a recipient does block your domain locally and you need at some point to send them correspondence.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  7. #7
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Quote Originally Posted by Jennif View Post
    Why? Are they actually accessing my domain account?
    Quote Originally Posted by Jennif View Post
    But If I'm getting these then other people are probably getting these emails from "me" as well?
    They may not be accessing your account, but somehow they obtained info from you account. The first line of defense in any case like this is to change your password. After this I would contact your ISP or email account server and try to have them begin investigating how this could have happened.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  8. #8
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Sorry, Ted, I disagree with you. If there was activity from the account itself, yes, I would change passwords, but this doesn't seem the case. Usually these spoof emails are even from sender email addresses that do not exist. When they are from email accounts that exist, it's easy to check the messages and see where they were actually sent from. All that's needed to do this is to know that the domain exists or access a public email from a website page.

    Personally I have never seen a spam email spoofed message resulting from actual account breaches.

  9. #9
    New Lounger
    Join Date
    Sep 2012
    Posts
    15
    Thanks
    1
    Thanked 1 Time in 1 Post
    Tinto and Medico...TY for the detailed info, I will certainly look into this.

    Jennif

  10. #10
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    Sorry Rui, but I have seen these especially with others receiving email from this particular account. That tends to indicate some sort of breach and should be investigated. In any event, many security experts suggest changing passwords regularly in any event. Many employers require a monthly password change to stay on the safe side. Any time I see something suspicious coming from my email (I do not see these often any more because of my multi-layered approach to security) I automatically change my password. It's an easy thing and could solve a problem.
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  11. #11
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    I have had many messages returned to my catch-all account from email accounts supposedly from my domain, which don't even exist. I "have been" the sender of emails to myself. Never, in any of these circumstances, have I changed my passwords. All you need to do is to check the email server from where the messages were sent, which any decent client will allow, to confirm it was not sent from your email server. If it's not (and I have never found it to be), there is absolutely no point in changing passwords.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •