In the couple of weeks I've received several pieces of spam that use my address as the return address. I reported this to my ISP, who offered no assistance at all--do I look surprised?
Does anyone have any advice as to how to handle this spoofing? I have deleted them rather than letting SpamX report them because I haven't been sure what kind of effect reporting them would have. Thanks.
Full Version: They're spoofing my address
I've had this problem also but never looked into how to resolve it other than switching addresses, which I didn't/don't want to do.
I'd also be interrested in hearing suggestions.
I'd also be interrested in hearing suggestions.
This happened to me as well and I actually got added to some of those databases (non open relay databases for spammers). This happened long before I started using Sp@mX. I was reporting spammers manually tracking down the ISP's and reporting them.
My recommendation to you would be to allow Sp@mX to do it's reporting, because it doesn't go by the bogus email addresses, it goes by the IP addresses and does Regional NIC IP address lookups. When you look at the full Internet headers of an email you will see a number entries at the top that are similar to this:
Received: from blah.blah.com [123.25.1234.123] by mx.blah.com for yourname@yourISP.com
There will usually be several of these in a row with SPAM mails which is how they try to hide their origination. Many of those will be bogus, but will reveal the ISP's that are not bogus. You can lookup the ISP's by doing a "whois" inquiry to the regional NICS (sometimes refering you to a smaller NIC within their region of authority, smaller blocks of IP addresses purchased from the larger NIC). If you use Mac OS X, you can use their Internet Utility to do this. There are equivalent utilities for Windows also, but not included with the OS like on the Mac. If you do not have one of these, you can still do it with your web browser at the following URLS:
There are 4 main regional NICS for the world:
APNIC for Asia http://www.apnic.net/apnic-bin/whois.pl
LACNIC for Latin America http://lacnic.net/cgi-bin/lacnic/whois
ARIN for North America http://www.arin.net/whois/index.html
RIPE for Europe http://www.ripe.net/perl/whois
The results of the whois inquiries give you the ISP and contact information for who controls the IP number that you did the inquiry for. (That's what Sp@mX does, when you see it inquiring and receiving "North America", "Asia", etc.)
I did successfully get my spammer shut down by reporting to their ISP's. I also got my email off of the databases by threatening to take legal action since they didn't even take the time to discover that the email address didn't even match the sending IP number, which is negligence not to mention defamation, etc. that lawyers love to come up with.
Hope this helps you. Good luck!
My recommendation to you would be to allow Sp@mX to do it's reporting, because it doesn't go by the bogus email addresses, it goes by the IP addresses and does Regional NIC IP address lookups. When you look at the full Internet headers of an email you will see a number entries at the top that are similar to this:
Received: from blah.blah.com [123.25.1234.123] by mx.blah.com for yourname@yourISP.com
There will usually be several of these in a row with SPAM mails which is how they try to hide their origination. Many of those will be bogus, but will reveal the ISP's that are not bogus. You can lookup the ISP's by doing a "whois" inquiry to the regional NICS (sometimes refering you to a smaller NIC within their region of authority, smaller blocks of IP addresses purchased from the larger NIC). If you use Mac OS X, you can use their Internet Utility to do this. There are equivalent utilities for Windows also, but not included with the OS like on the Mac. If you do not have one of these, you can still do it with your web browser at the following URLS:
There are 4 main regional NICS for the world:
APNIC for Asia http://www.apnic.net/apnic-bin/whois.pl
LACNIC for Latin America http://lacnic.net/cgi-bin/lacnic/whois
ARIN for North America http://www.arin.net/whois/index.html
RIPE for Europe http://www.ripe.net/perl/whois
The results of the whois inquiries give you the ISP and contact information for who controls the IP number that you did the inquiry for. (That's what Sp@mX does, when you see it inquiring and receiving "North America", "Asia", etc.)
I did successfully get my spammer shut down by reporting to their ISP's. I also got my email off of the databases by threatening to take legal action since they didn't even take the time to discover that the email address didn't even match the sending IP number, which is negligence not to mention defamation, etc. that lawyers love to come up with.
Hope this helps you. Good luck!
Welcome to the board Mike! 
You are correct with your advice. Sp@mX doesn't use the envelope information to do its spam lookups. So you should definitely report spam emails that have been disguised to look like they are from you to you.
You are correct with your advice. Sp@mX doesn't use the envelope information to do its spam lookups. So you should definitely report spam emails that have been disguised to look like they are from you to you.
Would it be good if Spamx could add a note to the postmaster (or is it abusemaster) that the spam was spoofed? Maybe they would look at the message more carefully?
You can do this in your abuse.txt message.
Be sure you also differentiate between where the spammer simple uses a merge field to insert the sent to email address into the from spot. When you look at the headers of those, you'll see that they simply put the sent to address (your email address) as the name in the from field, but not the actual sent from email address. For example, dilbert@mail.com<sdmdmsgee@123.com> would look like it had come from your email address (assuming you are Dilbert!), but an examination of the headers would show that it actually did not.
We have received a lot of these.
There are, of course, also a lot of forged complete From spams. You'll know when that is happening because you'll start getting a lot of bounces from those spam mailings when they bounce back to you and you never sent them! We've had that happen also. That's domain spoofing and does require reporting and likely work with places like AOL to get your domain un-blacklisted!
We have received a lot of these.
There are, of course, also a lot of forged complete From spams. You'll know when that is happening because you'll start getting a lot of bounces from those spam mailings when they bounce back to you and you never sent them! We've had that happen also. That's domain spoofing and does require reporting and likely work with places like AOL to get your domain un-blacklisted!
Thanks for the replies. I'll start reporting them and see what happens.
"Would it be good if Spamx could add a note to the postmaster (or is it abusemaster) that the spam was spoofed? Maybe they would look at the message more carefully?"
Virtually ALL spam is spoofed. Pointing out that fact to the person you're sending the spam report to really doesn't do much, because (if they're knowledgeable) they're going to be expecting to see spoofed info inside the spam message anyway.
Sometimes the e-mail addresses that spammers use are real, sometimes they're not. There really isn't much that can be done to prevent someone from spoofing any e-mail address they want (real or not.)
Think of someone mailing a physical letter: As long as they have a pen, they can write anything they want for the return address -- real or imagined -- and the "victim" of the returned mail can't really stop them.
The only exception might be possibly encouraging the mail server that originally received the spam to adopt SPF which REALLY helps to spot message forgeries.
http://spf.pobox.com
My mail server checks for and validates SPF records when receiving mail. A lot of ISPs do. Time to encourage yours to do so as well.
Virtually ALL spam is spoofed. Pointing out that fact to the person you're sending the spam report to really doesn't do much, because (if they're knowledgeable) they're going to be expecting to see spoofed info inside the spam message anyway.
Sometimes the e-mail addresses that spammers use are real, sometimes they're not. There really isn't much that can be done to prevent someone from spoofing any e-mail address they want (real or not.)
Think of someone mailing a physical letter: As long as they have a pen, they can write anything they want for the return address -- real or imagined -- and the "victim" of the returned mail can't really stop them.
The only exception might be possibly encouraging the mail server that originally received the spam to adopt SPF which REALLY helps to spot message forgeries.
http://spf.pobox.com
My mail server checks for and validates SPF records when receiving mail. A lot of ISPs do. Time to encourage yours to do so as well.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.