RE: OT request for arcane tech help

From: Liam Lawless ^lt;lawless@bulldoghome.com>
Date: 04/29/06-11:19:08 AM Z
Message-id: <LEEHIOMLCDDGNEHIFALFKENDCAAA.lawless@bulldoghome.com>

Hi Keith,

I don't know any more about all this than I said last night, but my
understanding is that fake addresses are used so that large volumes of mail
are not traced back to the spammer's own account, in addition to not
identifying the true sender to the recipient. The domain name used is
genuine, but the name part (before the "@") is just a bunch of random
characters on the bounce messages we've been getting here. Why they do that
I can't really say, but presumably it only works with "catchall" accounts.

However, the remedy I suggested appears to have worked here, in as much as
we've had no more bounce messages today. In theory they should now be going
back to the culprit instead, so our hope is that he'll soon move on to
someone else.

Our domain host and ISP weren't interested either. They told us, maybe 10
days ago, that they'd try and find out where they were coming from, but
since then we've heard no more. I found the ":fail:" trick mentioned on one
of the control panel pages. If that's not possible for you, maybe you could
direct unrouted messages to junk@gumphoto.com and then filter them all
straight into the Deleted folder.

Good luck,

Liam

-----Original Message-----
From: Keith Gerling [mailto:Keith@GumPhoto.com]
Sent: 29 April 2006 19:29
To: alt-photo-process-l@usask.ca
Subject: RE: OT request for arcane tech help

Hi Liam,

My concern is that my domain name finds itself added to spam filters thus
rendering my email address useless for communication. My mailbox has been
filled up with bounced messages, and I cringe at the thought of the number
of messages that WERE successfully delivered with "from gumphoto.com". My
hosting service, who has treated this issue in a somewhat cavalier fashion,
insists that the "from" field has, indeed, been used, and that spam
filtering services are aware of this tactic and that there is no true risk
of "permanent damage". Looking at the headers of the bounced messages, I
see a confusing mess of different ip addresses, so I suppose they may be
correct and that the SMTP service at the webhost is NOT being used for spam
relay. But a security scan that Gordon was kind enough to run for me does
indicate that there may be some lax security at my webhost. The whole issue
has been a big pain and I have to wonder that if the "from" field can indeed
be anything, why pick an actual domain? Why even bother with harvesting,
which I thought was more appropriate to finding recipients for spam, not
fake senders?

Thanks for the info.

Keith

-----Original Message-----
From: Liam Lawless [mailto:lawless@bulldoghome.com]
Sent: Friday, April 28, 2006 8:07 PM
To: alt-photo-process-l@usask.ca
Subject: RE: OT request for arcane tech help

Keith,

My wife's e-mail has recently been subject to a similar attack. I'm no
expert on these things and her domain host wasn't interested, but I've been
doing a bit of reading on the web and it seems likely that the e-mail
attached to her domain has been "harvested" from the internet, a discussion
forum or somesuch. It seems that anyone sending an e-mail can put anything
they like in the "From" field, and the reason that spammers use fake
addresses is that large volumes of mail will be flagged by their ISPs.

It is said that spammers usually move on to a different address after a week
or two, but it may be possible to deflect the bounce messages by disabling
the catchall feature of your e-mail account. To do this for my wife's
account, I had to go to her domain's control panel, click on "Default Mail
Account", then "Set Default Address (Catch All)", and type ":fail:" in the
box which asks where unrouted mail to the account should be sent. Any
bounce messages addressed to qytwehx@herdomain.com (or other name made from
random characters) should then go back to the original sender who,
hopefully, will then move on to someone else's e-mail address.

I've only done this tonight, so can't say if it's worked yet, and of course
your control panel will probably be different.

And a disadvantage, I suppose, is that you cannot use the catchall feature,
but hope this is some help.

Liam

---
[This E-mail has been scanned for viruses but it is your responsibility
to maintain up to date anti virus software on the device that you are
currently using to read this email. ]
---
[This E-mail has been scanned for viruses but it is your responsibility
to maintain up to date anti virus software on the device that you are
currently using to read this email. ]
---
[This E-mail has been scanned for viruses but it is your responsibility 
to maintain up to date anti virus software on the device that you are
currently using to read this email. ]
Received on Sat Apr 29 11:19:28 2006

This archive was generated by hypermail 2.1.8 : 05/01/06-11:10:26 AM Z CST