Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Spammers ruining my server

[servitium]

I just opened my "catch-all" email pop account that sends me everything addressed to my server that doesn't have an assigned email address. I check it every few days.

Over 4,500 undeliverables. Someone is using mydomain as a phony return address in different forms (gleskit@mydomain.com, peterepred@mydomain.com etc.) If I got over 4,500 undeliverables, these lowlife creeps must have sent innumerable thousands or tens of thousands using my domain as a return address.

What really stinks is that I've had a bunch of users complain that they're not getting usual auto-messages from my forum software. Come to find out that my domain is now banned from at least one major ISP, I'm guessing probably more by now.

The website I run depends heavily on VOLUNTARY auto-communications and updates. For example, one mailing list I maintain have over 4,800 members who've signed up for updates. It uses other feeds and email functions as well.

Am I to understand that any jackass spammer can hose a server this way, with no redress on the part of the innocent party? Also, how am I going to get back in the good graces of the ISPs and personal anti-spam programs that have now blacklisted my server for no reason?

Besides contacting all of the larger ones personally, I wouldn't even know where to begin addressing this.

Is it possible that some nasty geek with a spam program can just ruin a server in this fashion?

Just checked the account again.

In the ten minutes it took me to write the above post, I just got 54 more undeliverables.

This is insane.

[sirius]

* Moved to Technical and Security Issues....

Sirius

[HellFear]

This same problem happened to me also one time. It's because people were registering on my website with wrong e-mail addresses, and the confirmation e-mails kept getting sent back to me. I guess it's a different problem with yours. Someone is using your domain e-mails to spam right? This really sucks. I would wait a day or two and see if it stops. Maybe the IP address of the sender is in the headers??

[Website Rob]

Don't use the 'catch-all' settings!

Your default address should be: :fail: no such address here
That will return any/all eMail not sent to an address you have created. Also prevents you from receiving eMail sent to phony addresses using your Domain name.

Setup Mailboxes for the addresses you will actually be using. After all, why receive eMail to an address you have not setup / don't use?

[ballin]

Sounds like your domain is being "spoofed'

Start by removing your "catch-all" like Website Rob said

Then, for the ISP blocks, most the major companies have a place to contact them to request to be removed from their blacklist. Explain to them that your domain has been 'spoofed' and you removed the 'catch-all'.

[SmartTux]

Add SPF record for your domain.. It can be used to check if an email received with your domain in From field is a forged mail or not.
Some mail servers accept emails from your domain only if it has SPF record.

[servitium]

I guess it was naive of me to have that "catchall" address instead of just booting everything back. The reason I had it was in case someone mis-typed an email address.

I'm looking into SPF right now.

You guys have been a great help.

Blessings