Hijacked emails

[nwenban]

Hi,

Need some expert help & advice please.
I manage a few web sites for a couple of domains & businesses. It appears that @#$%^ someone has seized our email addresses and is sending out spam in our name.
This is causing our web site to be suspended and being widely blacklisted.
Any emails that I do send are sent directly out from my ISP (Bigpond.net.au), the only emails that I have sent from the web sites are the occasional test ones.

Is there any way that a block can be put on the sending of emails that originate (or appear to) from our domains?
I've activated spam assassin & box trapper in cpanel. Have no idea what else I can do to try & find a fix for this problem.

Thanks

Neville

[JohnGray]

What does your ISP offer to do for you about this problem?

Are the email addresses being spoofed, or are they actually being sent from your server(s) - if you actually have servers of your own? If the latter, your server(s) may be acting as "open relays", which are (quite rightly!) blacklisted...

John

[nwenban]

Hi John,

Still attempting to contact host contact.
I only signed up for web hosting with a company that I assume has purchased bulk disk space & has re-sold blocks - so I would assume that I do not have servers of my own.
I can't find any evidence that these emails are originating from my outbox, or at least a copy isn't recorded there.
Am currently using Mailwasher Pro & when I have received emails that appear to have been sent by me, MW has picked up some of these emails and offered to report them, the host that was being reported wasn't the one that I use.
If I don't have a server, does this mean that the open relay isn't the cause & spoofing is the problem?

Afraid I am in a bit over my head with this problem!!!

Thanks
Neville

[JohnGray]

You could try looking at the various blacklists like SORBS to see if your domains are blacklisted, and Wikipedia has an informative article on open relays.

But if your domain information is being spoofed on emails, I don't think there's too much that can be done (unless other people know of good ideas?).

John

[DaveA]

Is it the domain or the server that is being blocked?
As mine was blocked because the server was blocked as it was and is a "shared" server and one of the other sites was the problem. A good host will handle this real quick.

[jscher2000]

<hr>It appears that @#$%^ someone has seized our email addresses and is sending out spam in our name. This is causing our web site to be suspended and being widely blacklisted.<hr>

Where you are listed and why? If your mail server is listed as an open relay, server security needs to be tightened immediately. In other cases, it is not clear that you can do anything but request reconsideration.

[rhadin]

We faced a similar situation and I resolved the problem by buying corporate e-mail certificates from Comodo (www.comodo.com). Now when we send an e-mail it includes a certificate from one of the listed security agencies (VeriSign, Comodo, etc.) and we have told recipients of e-mails purportedly coming from us that if the certificate isn't attached, it isn't from us -- it's spam. That ended our being blacklisted and has made life much easier. The corporate certificates are not expensive (at least from Comodo) and Comodo offers free personal certificates. It is at least worth checking into.

[StuartR]

I also sign all my emails, and tell my correspondents that if it isn't signed by me, it isn't from me.

StuartR

[nwenban]

Thanks Jefferson,

Prev we had one of my sites (www.justvend.com.au) that was displaying an "Account Suspended" message when visiting the site, had contacted the host admin who informed me that this action was taken due to a large amount of spam that appeared to be originating from our account. After discusssing this issue with host admin, the suspension was lifted.

Recently another 2 sites (www.ivmoa.asn.au & www.ava.asn.au) also had the "Account Suspended" page so I assumed that I had the same issue. Have since been in contact with host admin (differs from JV one) and apparently all web sites that he admins are displaying suspended. Apparently the server tech is attempting to fix now.

i am aware that there are a high number of emails that appear to originate from these domains that are spam, so I assume that they are being spoofed from my domains.

Thanks to all for your advice & assistance, but unless there is a solution for spoofed emails, there doesn't appear much more I can do.

Neville

[rhadin]

You wrote: "Thanks to all for your advice & assistance, but unless there is a solution for spoofed emails, there doesn't appear much more I can do."

That was the point of the suggestion to obtain e-mail certificates. The certificates can't be spoofed because the certificate itself is on your computer. Consequently, only an e-mail sent from your computer can have the certificate attached. By telling your clients or whomever that e-mails received from your e-mail address that lack the certificate are spam and should be deleted, whereas those that arrive with the certificate are truly from you, you provide your clients with a filtering device. At least in my case, that has resulted in our address no longer being blacklisted as a result of spoofing.