Hi, Sorry about the OT, but I'd like to tap into the giant electronic brain of the PDML, if I may.
I seem to be being spam-bombed at the moment. I have received over 1,000 spam emails in the last 8 hours. The overwhelming majority of these emails claim to be 'Delivery Status Notifications', telling me of a failure to deliver an email. This has been going on for a few days now. They are addressed to accounts at my domain (web-options.com) which don't exist, so they're picked up by my postmaster account and either stored there or, in most cases, filtered to my junk folder. The majority of them are supposedly returned because they were addressed to a non-existent email address. On the face of it, it appears that my machine is being used as a zombie to forward spam to other domains with automatically generated email addresses on the off-chance that somebody would open it and follow a link. The spams themselves don't seem to contain viruses. However, this seems unlikely to me for several reasons. First, my smtp virtual server is set up not to relay from anybody, and the smtp log matches what I know I sent. Second, none of the spyware detectors I use has detected anything untoward on my machine, such as another smtp server placed there by a rat. I use the MS spyware detector, SpyBot and AdAware, as well as Norton AV; everything is patched up-to-date. Third, I can't see any processes or services running that I can't identify. Fourth, I can't see anything going through the firewall that's not from me. So I don't think my machine is being used as a zombie, but perhaps there's some other way to find out. I can't see the point of any spammer just sending me these emails - it's not like I'm going to open thousands of the damned things and their attachments. So I guess that the spammer is using my domain name as the return address on the spam they send out. The recipient must then send the delivery status notification to me instead of the spammer, rather like a ricochet causing 'collateral damage'. Does this sound like a reasonable diagnosis? If not, can you suggest any other possibilities? If it is a reasonable diagnosis, can you think of anything I can do about it? If somebody is misusing my domain name in this way, I can't think of anything I can do about it, other than change my domain name, which I don't want to do. This is an annoyance for me rather than a problem. The spam gets filtered out of my way, so it uses resources but doesn't really hinder me at all. However, I don't like the idea of being used as a zombie (if I am), and I don't like the idea of my domain being perhaps blacklisted somewhere along the line, or being thought of as a spammer. I'd appreciate any help or suggestions from the Collective Conscious! Thanks, Bob
