Results 1 to 12 of 12
  1. #1
    2 Star Lounger
    Join Date
    Feb 2001
    Location
    Chicago, Illinois, USA
    Posts
    177
    Thanks
    0
    Thanked 0 Times in 0 Posts

    My website being spoofed by junk mailers

    Starting about a month ago, I have gotten swamped with undeliverable messages returned to me from other websites (mainly unknown foreign AOL accounts). When I view the message header, I see that somebody is using my website address as a fake return address (e.g. KSDKFJSDF@spanitz.com). I have complained to my ISP (Verio) but they told me they can't do anything for me.

    Should I start sending "stop this now" messages to all of the ISP that are listed in the message headers, or is this like trying to "un-subscribe" from junk mail (and I'll just make things worse)?

    Is my website now going to end up on the spam-blocking lists, just because somebody is spoofing the return address?

    Here is one of the "Mail System Error" messages, followed by the message header that caused the Mail System Error:

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- automated e-mail message sent back to me
    This Message was undeliverable due to the following reason:

    Your message was not delivered because the destination computer refused to accept it (the error message is reproduced below). This type of error is usually due to a mis-configured account or mail delivery system on the destination computer; however, it could be caused by your message since some mail systems refuse messages with invalid header information, or if they are too large.

    Your message was rejected by mailin-03.mx.aol.com for the following reason:

    TRANSACTION FAILED: (HVU:B1) The URL contained in your email to AOL members has generated a high volume of complaints.?? Per our Unsolic

    The following recipients did not receive this message:

    <ray11kos@aol.com>
    <rbrtandbettysmth@aol.com>
    <rbrtander3@aol.com>
    <rbrtander8@aol.com>

    Please reply to Postmaster@<PostmasterDomain>
    if you feel this message to be in error.
    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- attachment with the previous Mail System Error message I am guesing trying to show where the message came from

    Reporting-MTA: dns; amsfep16.chello.nl
    Arrival-Date: Sat, 27 Dec 2003 02:50:25 +0100
    Received-From-MTA: dns; binkowski.com (62.194.3.88)

    Final-Recipient: RFC822; <ray11kos@aol.com>
    Action: failed
    Status: 5.3.0
    Remote-MTA: dns; mailin-03.mx.aol.com (64.12.137.152)
    Diagnostic-Code: smtp; 554 TRANSACTION FAILED: (HVU:B1) The URL contained in your email to AOL members has generated a high volume of complaints.?? Per our Unsolic

    Final-Recipient: RFC822; <rbrtandbettysmth@aol.com>
    Action: failed
    Status: 5.3.0
    Remote-MTA: dns; mailin-03.mx.aol.com (64.12.137.152)
    Diagnostic-Code: smtp; 554 TRANSACTION FAILED: (HVU:B1) The URL contained in your email to AOL members has generated a high volume of complaints.?? Per our Unsolic

    Final-Recipient: RFC822; <rbrtander3@aol.com>
    Action: failed
    Status: 5.3.0
    Remote-MTA: dns; mailin-03.mx.aol.com (64.12.137.152)
    Diagnostic-Code: smtp; 554 TRANSACTION FAILED: (HVU:B1) The URL contained in your email to AOL members has generated a high volume of complaints.?? Per our Unsolic

    Final-Recipient: RFC822; <rbrtander8@aol.com>
    Action: failed
    Status: 5.3.0
    Remote-MTA: dns; mailin-03.mx.aol.com (64.12.137.152)
    Diagnostic-Code: smtp; 554 TRANSACTION FAILED: (HVU:B1) The URL contained in your email to AOL members has generated a high volume of complaints.?? Per our Unsolic

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- following is the actual e-mail message being sent

    Received: from binkowski.com ([62.194.3.88]) by amsfep16-int.chello.nl
    (InterMail vM.6.00.05.02 201-2115-109-103-20031105) with ESMTP
    id <20031227015025.HRAC11643.amsfep16-int.chello.nl@binkowski.com>;
    Sat, 27 Dec 2003 02:50:25 +0100
    Message-ID: <658b01c3cc1b$118ec978$d43ff3de@lppfwab>
    From: "Fernande Fowler-Hornbuckle" <fernandefowler-Hornbuckleiz@spanitz.com>
    To: ray11kos@aol.com, rbrtandbettysmth@aol.com, rbrtander3@aol.com, rbrtander8@aol.com
    Subject: get valium qsuwvwbuskknqcpcqiijmoojm
    Date: Sat, 27 Dec 2003 01:50:26 +0000
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0796_B05F4C54.CED9DD30"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2800.1158
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165


    Only place to get Xanax and Valium
    Visit our ** Possible SPAM post - please alert a Moderator (2)** today





    kgqsoybefqkxudfnkwmxbopfjvwircqlbhkejgfqshhbsdpfcc xyznxqckcqhwz
    <font color=blue>Eric A. Spanitz</font color=blue>
    Quality, Project, Management * Training * Consulting
    http://www.spanitz.com * http://www.synergest.com

  2. #2
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: My website being spoofed by junk mailers

    I have heard about this phenomenon, but I have no idea how you can stop it. Your local ISP is powerless because the spammers are spoofing the return path, and although it may be one large spamming outfit that is doing it, we all know how hard these guys are to track down. The only solution I have heard to this problem is essentially to wait it out. Spammers will move onto another victim after they have banged your address around several thousand times to avoid being tracked down.

    In the meantime, I would suggest that you check with the folks at SpamCop, along with other blacklist providers, to see if they have any ideas. Surely enough you are going to make it onto blacklists if it has not happened already. I hate the blacklist concept because it removes control from the local level, although the intention is good. I just recently found out that my hosting provider employs SpamCop and they have told me that they are not able to turn it off. The net result is that legitimate emails never make it to my inbox, which to me is an egregious error. I too, have been on a few blacklists that I was unaware of, but never to the degree that you are experiencing.

    Hopefully someone else in the Lounge has better words than I do on this matter, because it really, truly sucks!
    -Mark

  3. #3
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: My website being spoofed by junk mailers

    I don't know how literally to interpret the AOL rejection notice, but it doesn't say the From or Reply-To address is the problem, it says a URL in the message body is the problem. The message body probably links to the spammer's revenue-generating site, and not to your site. As a test, try sending a message to someone you know with an AOL address and see what happens with or without your web site address in the body.

  4. #4
    2 Star Lounger
    Join Date
    Feb 2001
    Location
    Chicago, Illinois, USA
    Posts
    177
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: My website being spoofed by junk mailers

    Thanks. I did some checking around and nobody seems to have a solution for this. Grrrr.
    <font color=blue>Eric A. Spanitz</font color=blue>
    Quality, Project, Management * Training * Consulting
    http://www.spanitz.com * http://www.synergest.com

  5. #5
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Sydney, Australia, New South Wales, Australia
    Posts
    251
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: My website being spoofed by junk mailers

    Eric,
    This happened to me as well. I noticed that the return email addresses that the spammer was using were unknown at my company. So what I did was to change my email boxes, so instead of having a 'catch all' box that received all these bogus emails, they were bounced back.
    That's solved my end of the problem, although what the outcome of the bounces is I don't know. In a few weeks I'll turn the catch all back on and see if I'm still getting any of these bogus emails.
    Peter

  6. #6
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Newark, New Jersey, USA
    Posts
    999
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: My website being spoofed by junk mailers

    I just built a mail server and had to explain this very thing. Basically, I can telnet into the mail server and send out emails from bill@microsoft.com with a few commands. Its called an open relay. Yes, you may get blacklkisted (www.ordb.org) I'm not sure how much access you have over the mail server but I always use smtp authentcation. Stops spammers from sending mail to an outside domain.
    Mike Wolfman
    Jack of all, Master of none
    Bow before me, for I am root.
    <IMG SRC=http://www.wopr.com/w3tfiles/112673-wolfsig.jpg>

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: My website being spoofed by junk mailers

    In the example message, the relay appears to be in Europe (the only listed IP is in RIPE's territory); Eric's mail server (if any) isn't involved. I'm sticking with my guess on this one. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

  8. #8
    2 Star Lounger
    Join Date
    Feb 2001
    Location
    Chicago, Illinois, USA
    Posts
    177
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: My website being spoofed by junk mailers

    I understand what you are saying... but my situtation is different. My machines are not involved in any way, the spamming yo-yos are just inserting a fake e-mail address with my website address into the "reply to" field. I'm still looking around the anti-spam sites to see if anybody out there has a working method to deal with this.
    <font color=blue>Eric A. Spanitz</font color=blue>
    Quality, Project, Management * Training * Consulting
    http://www.spanitz.com * http://www.synergest.com

  9. #9
    4 Star Lounger
    Join Date
    Feb 2001
    Location
    BECCLES, Suffolk, England
    Posts
    407
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: My website being spoofed by junk mailers

    Hi, We have got the same problem and no answers either
    <IMG SRC=http://www.wopr.com/w3tuserpics/StephenElms_sig.jpg> Didn't think that I made my first post here on 5th February 2001...!

  10. #10
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Northern, California, USA
    Posts
    1,886
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: My website being spoofed by junk mailers

    The same thing happened to this guy. I believe he referenced what it took for him to stop it. Hope this helps.
    <IMG SRC=http://www.wopr.com/w3tuserpics/Kel_sig.gif>
    Moderator:<font color=448800> Pix Place, Internet Explorer</font color=448800>
    <small>www.kvisions.com

  11. #11
    New Lounger
    Join Date
    Aug 2003
    Location
    Schenectady, New York, USA
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: My website being spoofed by junk mailers

    This seems to be a bigger issue then I orignally thought. Our domian has also recently gone through the same spam attack. I followed the link in the spam to the website it was pushing then found the ISP that the website was using, and sent several emails to various names at the ISP all bounced back. And of course my phonecalls with the contact info on the web domain were all incorrect. And again our ISP told us there was nothing they could do for it. I just had to create a specific account for all bounces and then about once a week do a mass clear out of the account.

  12. #12
    2 Star Lounger
    Join Date
    Feb 2001
    Location
    Chicago, Illinois, USA
    Posts
    177
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: My website being spoofed by junk mailers

    I still think that one's ISP/Host should take the effort to send formal notices -- one ISP to another -- to the servers at the start of the e-mail chain. It is one thing to have some random individual (me or you) try to get action out of an ISP... it should be a bit stronger to have our ISP get involved. However they won't and claim they can't. I guess this is another reason for going with Joe's Chips and ISP/Hosting, because there does not seem to be an advantage for going with the "big guys" like Verio.
    <font color=blue>Eric A. Spanitz</font color=blue>
    Quality, Project, Management * Training * Consulting
    http://www.spanitz.com * http://www.synergest.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •