Hi Duong, The google-appengine group isn't really the ideal place to ask these sorts of questions, but I'll do my best to respond.
On Thu, Jul 9, 2009 at 3:44 PM, Duong BaTien<[email protected]> wrote: > > Hi Nick: > > I have similar, but business wide more serious, issue of forging the > emails and send as spam to other web sides. I do not have time to > investigate this issue yet since we are still converting everything to > Google infrastructure using GAE and gmail, and will leverage Google > Wave. > > Issue: We have 3 domain names. 1 domain name received a lot of spam mail > and was forged to send spam mail to others many years ago. I converted > my mail services for sending and receiving to gmail and moved the domain > name to GoDaddy. The received and sending spam mails become less, but > still there. The other 2 domain names are recent in the past 2-3 years > using GoDaddy DNS and google mail services right from the beginning. > Recently, some forged emails using the 3 domain names with different > user names are sent to various sites. I configure gmail to received all > mails under the domain names but not delivered to legitimate users to > one account, and see the spam and undelivered mails to direct users to > their web sites in Russia and China. The question are > (1) How can they forge the domain name with their faked user names and > send emails to spam others which will definitely damage our domain > names? The SMTP protocol, which is the protocol used to send email over the Internet, doesn't perform any checks to ensure that someone 'owns' the email they're claiming is their from address. This applies to all email - you can generally trust that when you send an email to someone, they're the only one able to read it, but the reverse is not true - anyone can forge an email that purports to be from anyone they want. > (2) What can i do to prevent this? In the near future, DNS and simple > public web sites are only 2 things we use from GoDaddy; the web sites > are used for publishing XML configurations for Google gadgets and for > online backups of live services from google. There's very little you can do. You can ensure you set up SPF records for your domains, which will let smart mail systems know that the spams being sent are not legitimately from your domain, which will cause those sites to reject the messages, but this won't work universally. -Nick Johnson > > Thanks > BaTien > DBGROUPS and BudhNet > > > On Thu, 2009-07-09 at 10:26 +0100, Nick Johnson (Google) wrote: >> Hi Paul, >> >> On Tue, Jul 7, 2009 at 11:03 PM, Paul NOSPAM<[email protected]> wrote: >> > >> > Hello, >> > >> > I have a yahoo e-mail account, where I am getting TONS of spam, that >> > are advertising a website like this - >> > http://caatainc1.appspot.com/ >> > >> > I traced the domain back to Google, and called them, because sending >> > dozens of e-mails resulted in nothing happening. Guess what? >> > Calling them does no good either!! I did get a little girl, who >> > directed me to the APPSPOT.com site, where I could complain about the >> > spam, but guess what? there is NO contact information for reporting >> > this crap!! >> >> We have an abuse report form, here: >> http://code.google.com/support/bin/request.py?contact_type=AppEngineContact >> >> Note that simply being linked to in spam is not itself in violation of >> our terms of service - nobody can control who links to them - but it's >> possible this application is in violation of other parts of our TOS. >> >> > >> > So, if someone on this board could PLEASE let me know how I can stop >> > these assholes, from continuing to SPAM me from their GOOGLE appspot, >> > using their GMAIL account, I would GREATLY appreciate it. >> >> The emails are almost certainly not being sent from App Engine (which >> would _definitely_ be a violation of our TOS) or from gmail - they're >> simply linking to an App Engine app, and forging a gmail from address. >> Unfortunately, the real hosts of such spammers are usually the sort >> that are either offshore in some spam-friendly jurisdiction, or hosted >> by people who don't pay much attention to abuse reports. My own spam >> folder testifies to how prevalent this is. >> >> Regards, >> >> Nick Johnson >> >> > >> > > >> > >> >> >> > > > > > -- Nick Johnson, App Engine Developer Programs Engineer Google Ireland Ltd. :: Registered in Dublin, Ireland, Registration Number: 368047 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
