Author Topic: Someone is using my domain name but worg user name  (Read 1597 times)

MamaMoose

  • Guest
Someone is using my domain name but worg user name
« on: January 06, 2004, 02:01:23 AM »
I have a domian name unique to me. For sake of arguement, let's call it moose.com (not the actual name). I have been getting abunch of returned emails from the mail delievry subsystem on the ISP that supports my domain name. They all have the format:

 From: xyzwuv@moose.com

and are sent to various users and URLs. For each one of these, I get an error message saying "Returned mail: user unknown".

I have received several dozen of these returned mail messages.

How can I nail this hacker to prevent him from illegally using my domian name?

MamaMoose

Offline krissel

  • Administrator
  • TS Addict
  • *****
  • Posts: 14736
    • View Profile
Someone is using my domain name but worg user name
« Reply #1 on: January 06, 2004, 04:06:26 AM »
Well Tom, I wouldn't hold out much hope in getting the guy. This is a common tactic used by spammers to highjack another's email and domain to hide the true origin.

Of course you can talk to your host and let them know what's going on. They may be in a better position to track the route of such messages. Demand that they get on the stick and do their part in protecting your investment or you will go elsewhere.

But don't hold your breath. I've had manys such emails returned to me by the mailer daemon from people using my email address as a return.

Good luck. smile.gif


A Techsurvivors founder

Offline Diana

  • Super Poster
  • ***
  • Posts: 410
    • View Profile
Someone is using my domain name but worg user name
« Reply #2 on: January 06, 2004, 09:04:18 AM »
Hi MamaMoose,

You're experiencing what many domain owners are going through. As the system admin for a machine that handles mail for  over a hundred domains and several hundred users, I feel your pain. There is little to nothing a domain owner can do to stop this.

The benefit to the spammer using a valid domain is that not only is he making it appear to the untrained eye that the domain in the sender's address is the culprit, but he also ensures that his mail is accepted for delivery even by machines that use reverse lookups to verify an existing domain. Example, my server looks up the domains as given by the sender header and the relaying machine and if they don't exist or resolve, that mail is denied. There are still plenty of techstupid spammers so I'm able to deny thousands of messages a day this way. But, as you see, there are smarter spammers who have figured out a way around this protection.

So, I look closely at the relaying machine to determine its role in spam. I find that by reading the actual spam message headers, one can pretty well determine the spam origin. Where Asia was once the predominant spam origin, it is now more likely to be your next door neighbor's machine...and he doesn't have a clue it's happening. I'm now blocking on the server, thousands of machines on dsl and cable systems that are sending mail directly, bypassing the valid mail servers of those systems. For the spammer to make this work, he needs valid domains to use in his headers. If they're the least bit smart, they'll actually pick the "small people" domains because if they spoof Earthlink or AOL, they're more likely to be tracked down and sued. I doubt you can afford this suit and neither can I.

*grin...I like Krissel's response..."Demand ...that they do their part ...or you'll go elsewhere"  I'm that sort myself, but in this case, I'm sure they're doing all they can short of turning off the mail server and calling it quits. If you go elsewhere, you'll only be jumping from one frying pan to another 'cause we're all in the same fire.

My suggestion, create good spam filters in your e-mail program and be hopeful that the tide will turn.
Diana
Sysadmin Rule #14: If it's not on fire, it's a software issue.

Registered Linux user 290473
http://counter.li.org/
http://www.crestcomm.com/diana/gnupg.txt for GnuPG public key