Slammed By Spam Spoofer

from the help! dept

In the last few months, I've actually gotten very good at filtering spam. It's been reduced to a manageable level finally. However, I just returned from discover a ton of email... mostly bounced emails with a few "out of office" autoresponders thrown in there. Of course, I never emailed any of these people, but it seems some spammer spoofed my email address and sent his spam out to millions (the bounces keep pouring in...). With all the discussions of filters and whitelists vs. blacklists, does anyone have a solution for this sort of problem? Does this mean that I'm now going to be accused of spamming? Update: It's getting worse. The bounce messages just keep on coming. Right now I'm pushing 100 messages in the last three hours. Even worse, though, is that I'm getting subscribed to all sorts of crap. It seems that a bunch of the emails in this spammers list are actually subscription emails, and instead of having "double opt-ins", I'm getting automatically added to various subscription lists I have no interest in being a part of.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    COD, 10 Dec 2002 @ 4:51am

    No Subject Given

    Did he use a unique return address that you can filter on? I had this happen once (although not quite to this magnitude) and I put a forwarder on the mail server to bounce all the spam bouncebacks to uce@ftc.gov Probably a worthless effort but it made me feel better :)

    One more thought - if you are getting signed up for crap it sounds more like somebody being malicious than just a spammer. Maybe you should look back at teh last few weeks of posts here on Techdirt, particularly at people who were less than polite about your comments.

    reply to this | link to this | view in chronology ]

    • icon
      Mike (profile), 10 Dec 2002 @ 6:26am

      Re: No Subject Given

      Well, it's now well over 200 emails in about 10 hours, and they're still coming. I'm wondering just how long this will last.

      One more thought - if you are getting signed up for crap it sounds more like somebody being malicious than just a spammer.

      I don't think it's more malicious. What it is, is that the spammer has on their list some email addresses that are used for signups to lists. Those lists are are poorly configured, and just assume that any email is a subscription notice. It also appears to have a bunch of "feedback" email addresses, because a bunch of the emails I've been getting are "thank you for your feedback, we'll get back to you as soon as possible", and they're all just the same spam.

      Anyway, there is no way to filter it out. It's using my main email address.

      I'm wondering how long this will last.

      reply to this | link to this | view in chronology ]

      • identicon
        thecaptain, 10 Dec 2002 @ 7:11am

        Re: No Subject Given

        This might sound like a dumb question and I'm just spitballing here since I've never been in that situation but...

        Have you managed to contact anyone who actually received the spam emails with your address spoofed?

        I figure if you could get one example of the actual spam, with the headers, you could possibly (maybe) be able to track down the spammer somewhat and get him knocked off the net temporarily at least.

        reply to this | link to this | view in chronology ]

        • icon
          Mike (profile), 10 Dec 2002 @ 7:59am

          Re: No Subject Given

          Have you managed to contact anyone who actually received the spam emails with your address spoofed?

          Unfortunately, no. It seems that while the spammer is spoofing my address as the return address, he didn't bother to actually send me the spam.

          So, the only emails I'm getting are bounce messages.

          By the way, I just checked my SpamCop filters, and they caught a bunch more of the bounce messages.

          This is ridiculous. Every time I look at my email, there's another 10 or 20 bounced messages.

          reply to this | link to this | view in chronology ]

          • identicon
            thecaptain, 10 Dec 2002 @ 9:01am

            damn

            damn...and none of the bounces quote the source message either I guess..

            *sigh* well it was worth a shot...I feel for ya.

            reply to this | link to this | view in chronology ]

            • icon
              Mike (profile), 10 Dec 2002 @ 9:10am

              Re: damn

              A few of the bounces quote the original spam message. It's a fake "response" from someone named "Chris" to everyone saying that Chris was replying to their reply to Chris's "online ad". Then it points to a site for more info about Chris - that from the URL (which I won't go near) looks to be a porn site.

              reply to this | link to this | view in chronology ]

              • identicon
                Dr_Stein, 10 Dec 2002 @ 5:49pm

                Re: damn

                Mike - That has been happening to quite a few people these days. It happened to a guy that runs a Mac news site today, and I think I saw it somewhere else as well.

                Same rouge - "replying" to an online ad.

                Goddamn spammers.

                reply to this | link to this | view in chronology ]

              • identicon
                Mike Cohen, 15 Dec 2002 @ 5:41pm

                Re: damn

                Someone did exactly the same thing to me last week with two different very similar fake ads - one linked to a site in Estonia (hot.ee) and the other with a site registered in the UK.

                I got over 300 bounces but only fewer than 10 complaints. I asked the people who complained to forward the original spam but nobody did.

                One of the admin messages I received showed that it was sent from 217.219.214.130, which doesn't have a reverse DNS entry and a traceroute stops in Munich.

                As of now, I have the affected email address disabled with an auto-reply message (it actually forwards to my hotmail account now and the bouncese seem to have slowed down, so I'll probably reactivate that address in a few days).

                reply to this | link to this | view in chronology ]

  • identicon
    Oliver Wendell Jones, 10 Dec 2002 @ 6:08am

    I've got just the opposite

    I went away for a few days and turned on my Out of Office Assitant in Outlook.
    It proceeded to bounce back messages to everyone, including all of my daily subscription messages. All of those mailing lists bounced back messages saying "don't send e-mail to this address", which of course were bounced back by OOOA and then they replied back, ad nauseum.
    Eventually Outlook decided that they were spamming me and has marked them all now as Junk Mail, yet when I try to go into the junk senders list to remove them, they're not there! I've been through every filter option that I can find in Outlook, and can't figure out how to convince Outlook that Daily Dilbert isn't spam...
    Arrggh... e-mail is getting to be more hassle than it's worth!

    reply to this | link to this | view in chronology ]

    • identicon
      Ankur Jain, 24 Dec 2002 @ 4:13am

      Re: I've got just the opposite

      if you got problems with outlook, then the best solution is to junk it and use eudora.

      much better and less prone to all those viruses.

      reply to this | link to this | view in chronology ]

    • identicon
      luc, 12 Feb 2003 @ 11:26am

      Re: I've got just the opposite

      Outlook OOA should only reply one time per email address.(thus preventing recursive email communications) Sounds like you created your own custom rule to respond to emails.

      reply to this | link to this | view in chronology ]

  • identicon
    Lee, 17 Dec 2002 @ 5:40am

    spoofed email addresses.

    If you figure out how to fight this, let me know. Someone has taken to using my email address as the "From" in a series of spam sendings.

    reply to this | link to this | view in chronology ]

    • identicon
      Phil, 17 Dec 2002 @ 7:10am

      Re: spoofed email addresses.

      You might also have a friend who has his computer infected with a virus, which co-opts his address book and uses those e-mail addresses for the spoof "from" address. Check the header and see if your friend's address is listed in the return path.

      reply to this | link to this | view in chronology ]

    • identicon
      Ray Kornele, 17 Dec 2002 @ 2:57pm

      Re: spoofed email addresses.

      Try sending and having your friends send mass mailings to the address and make it several pages of useless ramblings. Do this by putting the same address in the TO box say fifty times.

      KrazyKyngeKorny
      raykornele@ivillage.com

      reply to this | link to this | view in chronology ]

  • identicon
    G, 22 Dec 2002 @ 10:18pm

    BugBear

    Sounds like the mass-mailing worm BugBear has infected your computer. Scan your computer with the latest virus definitions. (Same thing happened to me.) See:

    -g

    reply to this | link to this | view in chronology ]

  • identicon
    Donald Brown, 19 Feb 2003 @ 3:24pm

    Unwilling Spammer

    Mike,

    Your tale of returned mail strikes a sore chord on my board. This just started with me last week. I'm up to about 50 returns a day. Since I use a Yahoo account, it requires continual cleaning out to stay down to my 6mb level. It seems to have been several months for you. Did you figure out a solution, or do you have a new email address?

    reply to this | link to this | view in chronology ]

    • identicon
      Andy, 29 Aug 2003 @ 6:30am

      Maybe this is it...

      My computer was infected with the W32.sobig.F@mm worm that uses your email in a string of mass marketing emails. Check this out: http://www.symantec.com/avcenter/venc/data/w32.sobig.f@mm.html

      Good Luck!

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 30 Mar 2004 @ 8:40pm

        simliar experiences

        Because I had the misfortune of knowing the wrong person I have had a great deal of experience with this sort of thing. Addresses have been spammed with thousands of identical emails from address than don't exist. While I can block the the offending psuedo address within a day a different one will be spamming me. The people who do this also make a passtime of changing the passwords to AIM and forum accounts, so stopping this email spam would by no means be the end of my problems but it would certainly be a welcome relief. If any one can show me a way to find these people or the address this actually comes from it would be quite appreciated.

        reply to this | link to this | view in chronology ]

        • identicon
          John, 19 May 2004 @ 7:44pm

          Re: simliar experiences

          About a year ago I received a series of sinister emails saying that my web businees would be destroyed and that my email addresses would cease to exist. I received many of these emails each from address was my own web site email addresses.

          Since then I have received hundreds of thousands of returned messages, mostly containing a virus.
          All the originating (spoofed) addresses are from my own web sites.

          I never send spam and I only send email from home. Once per month I send out a short email announcing my next ezine edition to 3500 opt-in subscribers. I send it from one web site. I never
          send mail from any other of my 30 web sites.

          Now whenever I send the monthly email, I get more than 2000 returned messages that have been intercepted by filters!

          The person responsible for this chaos is achieving his goal. I wish I could find out who he was. I want to give him the name of a good psychiatrist & introduce him to the police.

          reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown for basic formatting. (HTML is not supported.)
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown for basic formatting. (HTML is not supported.)
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.