Privacy guaranteed - Your email is not shared with anyone.

Someone is using my domain name to spam! What can I do??

Discussion in 'Tech Talk' started by Shoeless, Apr 3, 2007.

  1. Shoeless

    Shoeless Gun Totin' Girl

    Likes Received:
    Nov 25, 2001
    Planet Earth
    Today in my Spamarrest filter, there are what appear to be THOUSANDS of email bouncebacks. I looked at a few of them and they all say FROM: SOMEONE (at)'s always a different name but the domain is always mine)

    This leads me to believe that someone is using MY domain name to spam thousands of people somehow. Now I'm not savvy enough to know how they do it but this is very worrisome to me, as I don't want my domain to be blacklisted as spam and be blocked. I do send out a monthly newsletter and this would be VERY bad for me.

    Is there anything I can do??

    Thanks so much in advance for your help!

  2. js_gresham

    js_gresham Where am I? CLM

    Likes Received:
    Jun 7, 2006
    and how do I get back home?
    In my experience, it's not the domain name that gets blocked, it is the actual server sending the mail. With enough practice and patience, you too can learn how to do email forensics :)

    There's not much you can do about it. The way that the email system was designed, anyone in the world can put any address in the header of the message. While there are technologies brewing to allow for "authenticated" mail and such, unless people are really using your server (check for a good test for this behavior), there's not really a lot you can do.

  3. David_G17

    David_G17 /\/\/\/\/\/\/\/

    Likes Received:
    Oct 7, 2002
    You can't stop them (maybe through legal action if they are in the US and if you can prove who did it - that's a lot of if's).

    I would recommend you put a message about it on the index page of your website letting people know that it wasn't you, and it was some random spammer forging e-mail headers with your domain.

    eta: send an e-mail to the tech support of whoever hosts your domain telling them what is happening and to check to make sure they don't have an open relay, but i don't think it is their server that is open,,sid9_gci782509,00.html
  4. kimigirl


    Likes Received:
    Mar 11, 2007
    Washington State
    Is your website stored on a server at your home, or are you using an online service?
    If its an online service there is not much that you can do. Report it to the company that you have your domain name through.
    If it is on your server at home you can try disabling ports that you are not using. You can try using a packet sniffer of some kind to see which port is being used by the spammer. There are plenty of free ones available.
  5. Blitzer

    Blitzer Cool Cat

    Likes Received:
    Jan 15, 2004
    The communist's play ground of OHIO
    Good luck with the efforts to address this issue. :supergrin: :thumbsup: ;)
  6. Deanster

    Deanster Cheese? CLM Millennium Member

    Likes Received:
    Feb 24, 1999
    Two possibles -

    the first is relatively unlikely, which is that someone has actually taken control of, or broken into, or is taking advantage of an insecure setup, on a computer you own or your mailserver, and is truly using your accounts/computers to send spam. This does happen, but it's relatively uncommon. Contact your ISP, and look for heavy loads on the mail server to see if this is even a possibility.

    MUCH more likely is the 'joe job', in which the 'from' and 'reply to' headers are forged, to make the mail appear to have come from you. This may be malicious, or it may simply be that someone grabbed your domain name randomly to assist their spam in getting through succcessfully. In this case, it's not precicely a 'joe job', but has the same effect.

    In essence, it's impossible to defend against, since it's simply a case of someone else including your domain name in the header...

    You may be able to learn more about the real source by carefully examining the full headers of the mails you're receiving, and see if you can identify the actual sending ISP in the 'received from' section.

    Good luck.