Microsoft Should Buy A Studio >>
<< Sites Become Dependent On Google
 tdicon 


Email

by Mike Masnick

Mon, Dec 9th 2002 9:58pm





Slammed By Spam Spoofer

from the help! dept

In the last few months, I've actually gotten very good at filtering spam. It's been reduced to a manageable level finally. However, I just returned from discover a ton of email... mostly bounced emails with a few "out of office" autoresponders thrown in there. Of course, I never emailed any of these people, but it seems some spammer spoofed my email address and sent his spam out to millions (the bounces keep pouring in...). With all the discussions of filters and whitelists vs. blacklists, does anyone have a solution for this sort of problem? Does this mean that I'm now going to be accused of spamming? Update: It's getting worse. The bounce messages just keep on coming. Right now I'm pushing 100 messages in the last three hours. Even worse, though, is that I'm getting subscribed to all sorts of crap. It seems that a bunch of the emails in this spammers list are actually subscription emails, and instead of having "double opt-ins", I'm getting automatically added to various subscription lists I have no interest in being a part of.

20 Comments | Leave a Comment..


If you liked this post, you may also be interested in...
 

Reader Comments (rss)

(Flattened / Threaded)

  1.  

    No Subject Given

    identicon
    COD, Dec 10th, 2002 @ 4:51am

    Did he use a unique return address that you can filter on? I had this happen once (although not quite to this magnitude) and I put a forwarder on the mail server to bounce all the spam bouncebacks to [email protected] Probably a worthless effort but it made me feel better :)

    One more thought - if you are getting signed up for crap it sounds more like somebody being malicious than just a spammer. Maybe you should look back at teh last few weeks of posts here on Techdirt, particularly at people who were less than polite about your comments.

    reply to this | link to this | view in thread ]

  2.  

    I've got just the opposite

    identicon
    Oliver Wendell Jones, Dec 10th, 2002 @ 6:08am

    I went away for a few days and turned on my Out of Office Assitant in Outlook.
    It proceeded to bounce back messages to everyone, including all of my daily subscription messages. All of those mailing lists bounced back messages saying "don't send e-mail to this address", which of course were bounced back by OOOA and then they replied back, ad nauseum.
    Eventually Outlook decided that they were spamming me and has marked them all now as Junk Mail, yet when I try to go into the junk senders list to remove them, they're not there! I've been through every filter option that I can find in Outlook, and can't figure out how to convince Outlook that Daily Dilbert isn't spam...
    Arrggh... e-mail is getting to be more hassle than it's worth!

    reply to this | link to this | view in thread ]

  3.  

    Re: No Subject Given

    icon
    Mike (profile), Dec 10th, 2002 @ 6:26am

    Well, it's now well over 200 emails in about 10 hours, and they're still coming. I'm wondering just how long this will last.

    One more thought - if you are getting signed up for crap it sounds more like somebody being malicious than just a spammer.

    I don't think it's more malicious. What it is, is that the spammer has on their list some email addresses that are used for signups to lists. Those lists are are poorly configured, and just assume that any email is a subscription notice. It also appears to have a bunch of "feedback" email addresses, because a bunch of the emails I've been getting are "thank you for your feedback, we'll get back to you as soon as possible", and they're all just the same spam.

    Anyway, there is no way to filter it out. It's using my main email address.

    I'm wondering how long this will last.

    reply to this | link to this | view in thread ]

  4.  

    Re: No Subject Given

    identicon
    thecaptain, Dec 10th, 2002 @ 7:11am

    This might sound like a dumb question and I'm just spitballing here since I've never been in that situation but...

    Have you managed to contact anyone who actually received the spam emails with your address spoofed?

    I figure if you could get one example of the actual spam, with the headers, you could possibly (maybe) be able to track down the spammer somewhat and get him knocked off the net temporarily at least.

    reply to this | link to this | view in thread ]

  5.  

    Re: No Subject Given

    icon
    Mike (profile), Dec 10th, 2002 @ 7:59am

    Have you managed to contact anyone who actually received the spam emails with your address spoofed?

    Unfortunately, no. It seems that while the spammer is spoofing my address as the return address, he didn't bother to actually send me the spam.

    So, the only emails I'm getting are bounce messages.

    By the way, I just checked my SpamCop filters, and they caught a bunch more of the bounce messages.

    This is ridiculous. Every time I look at my email, there's another 10 or 20 bounced messages.

    reply to this | link to this | view in thread ]

  6.  

    damn

    identicon
    thecaptain, Dec 10th, 2002 @ 9:01am

    damn...and none of the bounces quote the source message either I guess..

    *sigh* well it was worth a shot...I feel for ya.

    reply to this | link to this | view in thread ]

  7.  

    Re: damn

    icon
    Mike (profile), Dec 10th, 2002 @ 9:10am

    A few of the bounces quote the original spam message. It's a fake "response" from someone named "Chris" to everyone saying that Chris was replying to their reply to Chris's "online ad". Then it points to a site for more info about Chris - that from the URL (which I won't go near) looks to be a porn site.

    reply to this | link to this | view in thread ]

  8.  

    Re: damn

    identicon
    Dr_Stein, Dec 10th, 2002 @ 5:49pm

    Mike - That has been happening to quite a few people these days. It happened to a guy that runs a Mac news site today, and I think I saw it somewhere else as well.

    Same rouge - "replying" to an online ad.

    Goddamn spammers.

    reply to this | link to this | view in thread ]

  9.  

    Re: damn

    identicon
    Mike Cohen, Dec 15th, 2002 @ 5:41pm

    Someone did exactly the same thing to me last week with two different very similar fake ads - one linked to a site in Estonia (hot.ee) and the other with a site registered in the UK.

    I got over 300 bounces but only fewer than 10 complaints. I asked the people who complained to forward the original spam but nobody did.

    One of the admin messages I received showed that it was sent from 217.219.214.130, which doesn't have a reverse DNS entry and a traceroute stops in Munich.

    As of now, I have the affected email address disabled with an auto-reply message (it actually forwards to my hotmail account now and the bouncese seem to have slowed down, so I'll probably reactivate that address in a few days).

    reply to this | link to this | view in thread ]

  11.  

    spoofed email addresses.

    identicon
    Lee, Dec 17th, 2002 @ 5:40am

    If you figure out how to fight this, let me know. Someone has taken to using my email address as the "From" in a series of spam sendings.

    reply to this | link to this | view in thread ]

  12.  

    Re: spoofed email addresses.

    identicon
    Phil, Dec 17th, 2002 @ 7:10am

    You might also have a friend who has his computer infected with a virus, which co-opts his address book and uses those e-mail addresses for the spoof "from" address. Check the header and see if your friend's address is listed in the return path.

    reply to this | link to this | view in thread ]

  13.  

    Re: spoofed email addresses.

    identicon
    Ray Kornele, Dec 17th, 2002 @ 2:57pm

    Try sending and having your friends send mass mailings to the address and make it several pages of useless ramblings. Do this by putting the same address in the TO box say fifty times.

    KrazyKyngeKorny
    [email protected]

    reply to this | link to this | view in thread ]

  14.  

    BugBear

    identicon
    G, Dec 22nd, 2002 @ 10:18pm

    Sounds like the mass-mailing worm BugBear has infected your computer. Scan your computer with the latest virus definitions. (Same thing happened to me.) See:

    -g

    reply to this | link to this | view in thread ]

  15.  

    Re: I've got just the opposite

    identicon
    Ankur Jain, Dec 24th, 2002 @ 4:13am

    if you got problems with outlook, then the best solution is to junk it and use eudora.

    much better and less prone to all those viruses.

    reply to this | link to this | view in thread ]

  16.  

    Re: I've got just the opposite

    identicon
    luc, Feb 12th, 2003 @ 11:26am

    Outlook OOA should only reply one time per email address.(thus preventing recursive email communications) Sounds like you created your own custom rule to respond to emails.

    reply to this | link to this | view in thread ]

  17.  

    Unwilling Spammer

    identicon
    Donald Brown, Feb 19th, 2003 @ 3:24pm

    Mike,

    Your tale of returned mail strikes a sore chord on my board. This just started with me last week. I'm up to about 50 returns a day. Since I use a Yahoo account, it requires continual cleaning out to stay down to my 6mb level. It seems to have been several months for you. Did you figure out a solution, or do you have a new email address?

    reply to this | link to this | view in thread ]

  19.  

    simliar experiences

    identicon
    Anonymous Coward, Mar 30th, 2004 @ 8:40pm

    Because I had the misfortune of knowing the wrong person I have had a great deal of experience with this sort of thing. Addresses have been spammed with thousands of identical emails from address than don't exist. While I can block the the offending psuedo address within a day a different one will be spamming me. The people who do this also make a passtime of changing the passwords to AIM and forum accounts, so stopping this email spam would by no means be the end of my problems but it would certainly be a welcome relief. If any one can show me a way to find these people or the address this actually comes from it would be quite appreciated.

    reply to this | link to this | view in thread ]

  20.  

    Re: simliar experiences

    identicon
    John, May 19th, 2004 @ 7:44pm

    About a year ago I received a series of sinister emails saying that my web businees would be destroyed and that my email addresses would cease to exist. I received many of these emails each from address was my own web site email addresses.

    Since then I have received hundreds of thousands of returned messages, mostly containing a virus.
    All the originating (spoofed) addresses are from my own web sites.

    I never send spam and I only send email from home. Once per month I send out a short email announcing my next ezine edition to 3500 opt-in subscribers. I send it from one web site. I never
    send mail from any other of my 30 web sites.

    Now whenever I send the monthly email, I get more than 2000 returned messages that have been intercepted by filters!

    The person responsible for this chaos is achieving his goal. I wish I could find out who he was. I want to give him the name of a good psychiatrist & introduce him to the police.

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>


Microsoft Should Buy A Studio >>
<< Sites Become Dependent On Google
 tdicon 

A word from our Sponsors...
Follow Techdirt
Flattr rss rss

Powered by Postrank

From the Techdirt Archive...
A word from our Sponsors...

Close

Email This