Page 1 of 2 12 LastLast
Results 1 to 15 of 26
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Chicago Illinois USA
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Problem with hijacked domain name

    I have my own domain name which I have had for years. Over time it has been occasionally hijacked and somehow used for the generation of Spam emails. This has caused me a lot of grief and frustration. I have taken steps to try to reduce or eliminate the problem but none have been successful.

    One of the steps recommended by a couple of professionals was to create a Sender Policy Framework (SPF) record. SPF is defined as a simple email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is being sent from a host authorized by that domain's administrators.

    This was supposed to solve my issue; the SPF is supposed to check that the sender is the valid sender as specified in the SPF. You can read more about SPF at: http://emailuniverse.com/ezine-tips/?id=1202

    The SPF appears to not work; either that or the spammers have devised a way around the SPF.

    The symptom that tells me they are at it again is that I begin to receive quantities of Delivery Status Notification messages telling me that my email cannot be delivered. The reasons for not being delivered vary: some use a 550 error; among other things this indicates the sender is an identified spammer. Not true in my case, I do not spam. Others are just rejected due to a non-existent address. Some are caused by a rejection due to either white or black address lists. 554 Denied [SHPBL] Denied by Spamhaus as a spammer. 554 5.7.1 Access denied; also related to spam. There are other notification replies that are too numerous to mention.

    I am not the author of any of the rejected email messages. This current crop of messages appear to be sent to recipients in the United Kingdom and Australia. I donít even know anyone who lives in either place.

    Please do not suggest that I give up my domain name; I have been using it for so many years that it would be a real hardship on my every day, legitimate internet use. I know this current siege of spam/junk emails will eventually end but it is very frustrating while it goes on.

    Everyone I have spoken with just sort of shakes their head when I relate my problem. No one seems to have a solution or remedy. Can anyone out there provide some assistance or advice on how to proceed? How do I either stop or somehow mitigate the unauthorized use of my domain name?

  2. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    I am afraid there is no solution for your problem. Anyone can enter an email address from your domain in a client or use it in a program to send email, as the sender's address. There is nothing you can do to prevent that, because some email servers will always accept to send email on behalf of a non valid email addresses for the domains they host.

    This will have the undesired effect that you describe, but it should not affect your ability to send email from your server's email domain. Spam blacklists list the sending server, so your server should not be affected in anyway. Getting the notifications you get , well that is just a cost of having your own domain. It shouldn't trouble you too much, really.

    Not all servers check SPF records and if they reject the email on the SPF record check, it's even likely that you will be notified. A way to avoid this notification, for some situations where the sender email address does not exist, is not to have a catch all account for your domain.

    P.S.: I have my own domain, as well. There isn't been some time since I last got rejected emails I didn't send, but it has happened. If, at any time, you have the need to prove you didn't send those emails, it will be easy to prove, as the sending server will not be your email server.
    Rui
    -------
    R4

  3. The Following User Says Thank You to ruirib For This Useful Post:

    Fascist Nation (2015-05-27)

  4. #3
    WS Lounge VIP Coochin's Avatar
    Join Date
    Jun 2014
    Location
    Queensland, Australia
    Posts
    2,153
    Thanks
    31
    Thanked 306 Times in 266 Posts
    @ efstanley

    I have had my own domain name since about 2001. At first my website used a simple HTML-only "Contact" form which had my email address, i.e.: name@domain, coded into the HTML. But by about 2004 I was having similar problems as you describe with spammers.

    After some searching I cancelled the affected email address, set up a new one, and modified the "Contact" form's code to use JavaScript to "cloak" my email address. This worked well for some years, but by about 2012 it was clear spammers had worked out how to decipher the Javascript.

    After some more searching I found this tutorial: http://www.html-form-guide.com/conta...-tutorial.html

    Since I implemented the form in the above tutorial (with yet another new email address) the problem has not returned.
    Computer Consultant/Technician since 1998 (first PC was Atari 1040STE in 1988).
    Most common computing error is EBKAC: Error Between Keyboard And Chairback
    AMD FX8120 (8-core @ 3.1GHz) CPU, Gigabyte GA-990FXA-D3 motherboard, 8GB (2x4GB) DDR3 1866MHz RAM, ATI-AMD Radeon HD6770 PCI-E VGA, 480GB Kingston SSD, 2TB Seagate SATA3.0 HDD, ASUS DVD/RW.

  5. #4
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,170
    Thanks
    47
    Thanked 980 Times in 910 Posts
    When you (a mail server) connects to a mail server to deliver mail you are required to provide information about yourself, including your email address. This information is plain text and can be anything you like as long as it's a validly formatted email address. Spammers use real email addresses in an attempt to fool mail systems into accepting the spam.

    The problem you describe arises because email systems are required to provide notification of email delivery failure - not success - and these Non Delivery Reports are sent to the originating sender. In this case your email address is used as the sender address so you receive the NDR. Just throw the NDRs away, there is no point in bothering with them, unless they relate to email you actually sent.

    cheers, Paul

  6. #5
    jwoods
    Guest
    Quote Originally Posted by efstanley View Post
    The SPF appears to not work; either that or the spammers have devised a way around the SPF.

    Everyone I have spoken with just sort of shakes their head when I relate my problem. No one seems to have a solution or remedy. Can anyone out there provide some assistance or advice on how to proceed? How do I either stop or somehow mitigate the unauthorized use of my domain name?
    You might check what you've already done against the recommendations in this article from openspf.org...

    http://www.openspf.org/FAQ/Common_mistakes

  7. #6
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by jwoods View Post
    You might check what you've already done against the recommendations in this article from openspf.org...

    http://www.openspf.org/FAQ/Common_mistakes
    Does SPF help with spoofed spam from other servers?

  8. #7
    Star Lounger
    Join Date
    Dec 2009
    Location
    Carlisle UK
    Posts
    69
    Thanks
    20
    Thanked 9 Times in 7 Posts
    @efstanley

    I know the feeling, I have my own domain and it's happened once in the past and coincidently over the last week or so.

    No point in changing domain names in any case as that could just as easily be spoofed

  9. #8
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,170
    Thanks
    47
    Thanked 980 Times in 910 Posts
    Quote Originally Posted by BruceR View Post
    Does SPF help with spoofed spam from other servers?
    Nope, it just identifies you as a valid sender of email for that domain.

    cheers, Paul

  10. #9
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Quote Originally Posted by Paul T View Post
    Nope, it just identifies you as a valid sender of email for that domain.
    I suppose there could be an indirect effect, but it seems to rely on spammers using some intelligence?:

    If a domain publishes an SPF record, spammers and phishers are less likely to forge e-mails pretending to be from that domain, because the forged e-mails are more likely to be caught in spam filters which check the SPF record. Therefore, an SPF-protected domain is less attractive to spammers and phishers. Because an SPF-protected domain is less attractive as a spoofed address, it is less likely to be blacklisted by spam filters and so ultimately the legitimate e-mail from the domain is more likely to get through.
    Reasons to implement Sender Policy Framework (SPF)

  11. The Following User Says Thank You to BruceR For This Useful Post:

    wavy (2015-05-26)

  12. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    Chicago Illinois USA
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you for the reply.
    Your reply exactly matches my experience. Since many servers do not bother to use the SPF record it has turned out to be a futile defense against these spammers. I am not certain who receives the SPF rejected messages; the spammer or me. I don’t think it has ever happened in my case.

    What has happened to me is that I have been erroneously identified, by some servers, as a spammer; this has caused my legitimate emails to be rejected. Try and fix that condition. No one will answer or respond to your pleas of innocence; you are tried and convicted without a trial.

    You are not the only person to tell me to just ignore it and go on. I have tried to ignore it but it just irritates me to have some unknown persons hiding and abusing my name through the use of my domain name. Spammers have to be at least one step below pond scum. What a way to make your living.

  13. #11
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by efstanley View Post
    What has happened to me is that I have been erroneously identified, by some servers, as a spammer; this has caused my legitimate emails to be rejected. Try and fix that condition. No one will answer or respond to your pleas of innocence; you are tried and convicted without a trial.
    If one of your emails has been rejected, you will get an error message and you can then act on it. It is entirely possible that if you are using an email server used by someone else (which is usually the case), the rejection can be due to those users and not you. Better make sure about the cause for each rejection, before withdrawing definitive conclusions.
    Rui
    -------
    R4

  14. #12
    New Lounger
    Join Date
    Dec 2009
    Location
    Chicago Illinois USA
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you for the reply.

    I replied to you but my reply did not post to the thread; apparently I did not do it correctly. I also did not retain a copy of my reply; I did on the fly so it is gone.

    If you do not mind could you return a copy of my reply to me so I can post it to the thread. It may help someone else understand the problem.

    After reading the thread I find that I am not alone with this problem; some small consolation.

    Thank you again.

  15. #13
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,170
    Thanks
    47
    Thanked 980 Times in 910 Posts
    You can check if your domain or mail server have been blacklisted at this site: http://mxtoolbox.com/blacklists.aspx
    Is your SPF record correct? The IP address(es) must be those of your mail server, not your domain server - they are rarely the same.

    cheers, Paul

  16. The Following User Says Thank You to Paul T For This Useful Post:

    Slorm (2015-05-27)

  17. #14
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by efstanley View Post
    Thank you for the reply.

    I replied to you but my reply did not post to the thread; apparently I did not do it correctly. I also did not retain a copy of my reply; I did on the fly so it is gone.

    If you do not mind could you return a copy of my reply to me so I can post it to the thread. It may help someone else understand the problem.

    After reading the thread I find that I am not alone with this problem; some small consolation.

    Thank you again.
    I have no way to access your "lost" reply, sorry.
    Rui
    -------
    R4

  18. #15
    Silver Lounger RolandJS's Avatar
    Join Date
    Dec 2009
    Location
    Austin metro area TX USA
    Posts
    1,724
    Thanks
    95
    Thanked 126 Times in 123 Posts
    Quote Originally Posted by ruirib View Post
    I have no way to access your "lost" reply, sorry.
    Ruirib, could internet server caching have caused the reply to become lost? Reason for asking: I lost two online bank transactions long time ago, I thought I had online-paid two bills, however, later discovered those two actions never made it to the bank's finincial server. I wondered internet server caching in both cases.
    Last edited by RolandJS; 2015-05-27 at 04:45.
    "Take care of thy backups and thy restores shall take care of thee." Ben Franklin revisited.
    http://collegecafe.fr.yuku.com/forum...-Technologies/

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •