Results 1 to 10 of 10

Thread: Hijacked emails

  1. #1
    2 Star Lounger
    Join Date
    Jun 2001
    Location
    Quakers Hill, NSW, Australia
    Posts
    153
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Hijacked emails

    Hi,

    Need some expert help & advice please.
    I manage a few web sites for a couple of domains & businesses. It appears that @#$%^ someone has seized our email addresses and is sending out spam in our name.
    This is causing our web site to be suspended and being widely blacklisted.
    Any emails that I do send are sent directly out from my ISP (Bigpond.net.au), the only emails that I have sent from the web sites are the occasional test ones.

    Is there any way that a block can be put on the sending of emails that originate (or appear to) from our domains?
    I've activated spam assassin & box trapper in cpanel. Have no idea what else I can do to try & find a fix for this problem.

    Thanks

    Neville

  2. #2
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Hijacked emails

    What does your ISP offer to do for you about this problem?

    Are the email addresses being spoofed, or are they actually being sent from your server(s) - if you actually have servers of your own? If the latter, your server(s) may be acting as "open relays", which are (quite rightly!) blacklisted...

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  3. #3
    2 Star Lounger
    Join Date
    Jun 2001
    Location
    Quakers Hill, NSW, Australia
    Posts
    153
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hijacked emails

    Hi John,

    Still attempting to contact host contact.
    I only signed up for web hosting with a company that I assume has purchased bulk disk space & has re-sold blocks - so I would assume that I do not have servers of my own.
    I can't find any evidence that these emails are originating from my outbox, or at least a copy isn't recorded there.
    Am currently using Mailwasher Pro & when I have received emails that appear to have been sent by me, MW has picked up some of these emails and offered to report them, the host that was being reported wasn't the one that I use.
    If I don't have a server, does this mean that the open relay isn't the cause & spoofing is the problem?

    Afraid I am in a bit over my head with this problem!!!

    Thanks
    Neville

  4. #4
    Platinum Lounger
    Join Date
    Jan 2001
    Location
    Quedgeley, Gloucester, England
    Posts
    5,333
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Hijacked emails

    You could try looking at the various blacklists like SORBS to see if your domains are blacklisted, and Wikipedia has an informative article on open relays.

    But if your domain information is being spoofed on emails, I don't think there's too much that can be done (unless other people know of good ideas?).

    John
    <font face="Script MT Bold"><font color=blue><big><big>John</big></big></font color=blue></font face=script>

    Ita, esto, quidcumque...

  5. #5
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: Hijacked emails

    Is it the domain or the server that is being blocked?
    As mine was blocked because the server was blocked as it was and is a "shared" server and one of the other sites was the problem. A good host will handle this real quick.

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  6. #6
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Hijacked emails

    <hr>It appears that @#$%^ someone has seized our email addresses and is sending out spam in our name. This is causing our web site to be suspended and being widely blacklisted.<hr>
    Where you are listed and why? If your mail server is listed as an open relay, server security needs to be tightened immediately. In other cases, it is not clear that you can do anything but request reconsideration.

  7. #7
    2 Star Lounger
    Join Date
    Sep 2005
    Location
    Poughkeepsie, New York, USA
    Posts
    123
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hijacked emails

    We faced a similar situation and I resolved the problem by buying corporate e-mail certificates from Comodo (www.comodo.com). Now when we send an e-mail it includes a certificate from one of the listed security agencies (VeriSign, Comodo, etc.) and we have told recipients of e-mails purportedly coming from us that if the certificate isn't attached, it isn't from us -- it's spam. That ended our being blacklisted and has made life much easier. The corporate certificates are not expensive (at least from Comodo) and Comodo offers free personal certificates. It is at least worth checking into.

  8. #8
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: Hijacked emails

    I also sign all my emails, and tell my correspondents that if it isn't signed by me, it isn't from me.

    StuartR

  9. #9
    2 Star Lounger
    Join Date
    Jun 2001
    Location
    Quakers Hill, NSW, Australia
    Posts
    153
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hijacked emails

    Thanks Jefferson,

    Prev we had one of my sites (www.justvend.com.au) that was displaying an "Account Suspended" message when visiting the site, had contacted the host admin who informed me that this action was taken due to a large amount of spam that appeared to be originating from our account. After discusssing this issue with host admin, the suspension was lifted.

    Recently another 2 sites (www.ivmoa.asn.au & www.ava.asn.au) also had the "Account Suspended" page so I assumed that I had the same issue. Have since been in contact with host admin (differs from JV one) and apparently all web sites that he admins are displaying suspended. Apparently the server tech is attempting to fix now.

    i am aware that there are a high number of emails that appear to originate from these domains that are spam, so I assume that they are being spoofed from my domains.

    Thanks to all for your advice & assistance, but unless there is a solution for spoofed emails, there doesn't appear much more I can do.

    Neville

  10. #10
    2 Star Lounger
    Join Date
    Sep 2005
    Location
    Poughkeepsie, New York, USA
    Posts
    123
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hijacked emails

    You wrote: "Thanks to all for your advice & assistance, but unless there is a solution for spoofed emails, there doesn't appear much more I can do."

    That was the point of the suggestion to obtain e-mail certificates. The certificates can't be spoofed because the certificate itself is on your computer. Consequently, only an e-mail sent from your computer can have the certificate attached. By telling your clients or whomever that e-mails received from your e-mail address that lack the certificate are spam and should be deleted, whereas those that arrive with the certificate are truly from you, you provide your clients with a filtering device. At least in my case, that has resulted in our address no longer being blacklisted as a result of spoofing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •