RE: Domain used by Spammers
Been there, done that. Most ISP's don't bother. However, check to see a domainname and find out who is hosting it. I had some success closing down the offenders website.. --B. At 09:10 07-02-2003 -0800, you wrote: trace the header ip's to track down the originator and get in contact with the isp? -Original Message- From: Dave Vantine [mailto:[EMAIL PROTECTED]] Sent: Friday, February 07, 2003 7:57 AM To: Exchange Discussions Subject: Domain used by Spammers For the last few weeks I have been plagued by what I had originally considered to be spam attacks. These were showing up as NDR's which I have forwarded to my own mailbox for review. They were always some nonexistent random alphanumeric user i.e. [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] . This morning I had over one hundred of them so decided to investigate further and see if there was way to screen them out. As it turns out, these are not emails being sent to me, but rather someone is spamming using these random alphanumeric in the From field and the NDR's are coming back to me from whoever is in the To field. I re-tested my own exchange server to ensure that they were not relaying of the Exchange server. I then telneted to my personal attbi.com mail server and sent and email as a nonexistent user in my domain to a bogus mail address. The attbi.com server promptly sent back and NDR to my domain. I concerned about any implications of getting on any RBL lists. I guess I would equate this to identity theft but have no how to address this serious issue. Thanks -Dave Vantine _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Domain used by Spammers
I spent a considerable amount of time trying to trace the offenders. What is strange is that although the bulk of it is coming from http://digitaletics.tv (supposedly in Brazil). There are others coming from what I believe to be Korea and Russia. Each of them appears to be using a randomly generated user name against our legitimate domain. I guess I am wondering if these companies have contracted with some 3rd party to do bulk mailing which to some degree is not their fault. The digitaletics website only offers a email address ([EMAIL PROTECTED]) to contact them and it does appear to be valid as there is a mail server at the site as well. The others don't even supply any type of contact information. I had considered forwarding all the bounced mail to that address but would rather resolve it in a more agreeable fashion. I also have started receiving some nasty emails within these NDR's about our spamming practices and am possibly anticipating some how getting blacklisted. I sent an email with a copy of the emails to what I believe is the ISP of record in Brazil but have not heard any response. I had considered calling the ISP's phone number but I am wondering the chances of someone speaking English. -Dave Vantine -Original Message- From: B. van Ouwerkerk [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 3:14 AM To: Exchange Discussions Subject: RE: Domain used by Spammers Been there, done that. Most ISP's don't bother. However, check to see a domainname and find out who is hosting it. I had some success closing down the offenders website.. --B. At 09:10 07-02-2003 -0800, you wrote: trace the header ip's to track down the originator and get in contact with the isp? -Original Message- From: Dave Vantine [mailto:[EMAIL PROTECTED]] Sent: Friday, February 07, 2003 7:57 AM To: Exchange Discussions Subject: Domain used by Spammers For the last few weeks I have been plagued by what I had originally considered to be spam attacks. These were showing up as NDR's which I have forwarded to my own mailbox for review. They were always some nonexistent random alphanumeric user i.e. [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] . This morning I had over one hundred of them so decided to investigate further and see if there was way to screen them out. As it turns out, these are not emails being sent to me, but rather someone is spamming using these random alphanumeric in the From field and the NDR's are coming back to me from whoever is in the To field. I re-tested my own exchange server to ensure that they were not relaying of the Exchange server. I then telneted to my personal attbi.com mail server and sent and email as a nonexistent user in my domain to a bogus mail address. The attbi.com server promptly sent back and NDR to my domain. I concerned about any implications of getting on any RBL lists. I guess I would equate this to identity theft but have no how to address this serious issue. Thanks -Dave Vantine _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Domain used by Spammers
trace the header ip's to track down the originator and get in contact with the isp? -Original Message- From: Dave Vantine [mailto:[EMAIL PROTECTED]] Sent: Friday, February 07, 2003 7:57 AM To: Exchange Discussions Subject: Domain used by Spammers For the last few weeks I have been plagued by what I had originally considered to be spam attacks. These were showing up as NDR's which I have forwarded to my own mailbox for review. They were always some nonexistent random alphanumeric user i.e. [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] . This morning I had over one hundred of them so decided to investigate further and see if there was way to screen them out. As it turns out, these are not emails being sent to me, but rather someone is spamming using these random alphanumeric in the From field and the NDR's are coming back to me from whoever is in the To field. I re-tested my own exchange server to ensure that they were not relaying of the Exchange server. I then telneted to my personal attbi.com mail server and sent and email as a nonexistent user in my domain to a bogus mail address. The attbi.com server promptly sent back and NDR to my domain. I concerned about any implications of getting on any RBL lists. I guess I would equate this to identity theft but have no how to address this serious issue. Thanks -Dave Vantine _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
