Spoofed email sends me undeliverable returns

Rinkhals

Senior Member
Joined
Feb 10, 2006
Messages
514
Reaction score
15
Location
Johannesburg
I have been receiving a lot of 'Undeliverable' email returns for spam which spoofs my email addy.

A friend had their PC attacked and taken over by what I presume is a botnet. My email was in their address book and I suddenly started receiving undeliverable returns in the form of 3 or 4 random letters and then my domain name: [email protected] or [email protected].

Is there anything I can do about this? It's a couple of hundred emails a day.

I've looked at the originating IP (which is possibly also spoofed) and they come from Malaysia, and Athens, among others.
 
In the short term set up your email programme to filter them straight to trash, you may need a few filters to cover all basis (things like domain names, subject etc), alternatively your ISP should be able to do some sort of basic filtering for you (unless its one of those really useless ISP's that go "huh"), alternatively close your address down and get another, actually at the end of the day that is probably the easiest. Oh, and get your friend to sort their side out too.
 
I have sorted the friend's computer already, but the messages continue.

Is there any way of tracking where the spoofed email originated (assuming it's not Malaysia, etc) to alert their ISP to warn them to get their machine sorted.

I feel that Nodes should not be able to forward email unless the originating IP checks out. The whole idea of spoofed IPs is what is currently allowing spammers and bot controllers to dominate the Internet.
 
In the short term set up your email programme to filter them straight to trash, you may need a few filters to cover all basis (things like domain names, subject etc), alternatively your ISP should be able to do some sort of basic filtering for you (unless its one of those really useless ISP's that go "huh"), alternatively close your address down and get another, actually at the end of the day that is probably the easiest. Oh, and get your friend to sort their side out too.
Pretty much the best option at this stage.

I feel that Nodes should not be able to forward email unless the originating IP checks out. The whole idea of spoofed IPs is what is currently allowing spammers and bot controllers to dominate the Internet.
Too many ISPs dont use Sender Policy Framework (SPF) - which imo is one of the easiest ways to begin combating this sort of problem - does yours?
 
In terms of my ISP (or rather the guys who host my domain name), I can probably do the required filtering.

I'm just hacked off that there is spam floating around wih my name on it.
 
Looks like your friend has a virus on his pc that is spamming the world. I would check that first.
 
Found this on my desktop this morning
[img=http://img306.imageshack.us/img306/1705/requestlz5.th.png]

and seems to be coming from Senegal
$ whois 196.207.208.244
% This is the AfriNIC Whois server.

% Note: this output has been filtered.

% Information related to '196.207.208.0 - 196.207.208.255'

inetnum: 196.207.208.0 - 196.207.208.255
netname: SONATELNET
descr: Pool ADSL BAS2
country: SN
admin-c: AS12-AFRINIC
tech-c: TS3-AFRINIC
status: ASSIGNED PA
mnt-by: SMM-MNT
mnt-lower: SMM-MNT
source: AFRINIC # Filtered
parent: 196.207.192.0 - 196.207.255.255

role: Admin Sonatel
address: Dakar
address: Senegal
phone: +221 8392337
fax-no: +221 8233698
e-mail: [email protected]
remarks: *******************************************************
remarks: * If you have any complaints regarding a user from *
remarks: * 196.207.192.0/18 IP range, or *
remarks: * 213.154.64.0/19 IP range, please *
remarks: * contact [email protected] *
remarks: *******************************************************
admin-c: SBT7-AFRINIC
tech-c: MN1281-AFRINIC
tech-c: BAW1-AFRINIC
nic-hdl: AS12-AFRINIC
mnt-by: SMM-MNT
source: AFRINIC # Filtered

role: Tech Sonatel
address: Dakar
address: Senegal
phone: +221 8392337
fax-no: +221 8233698
e-mail: [email protected]
remarks: *******************************************************
remarks: * If you have any complaints regarding a user from *
remarks: * 196.207.192.0/18 IP range, or *
remarks: * 213.154.64.0/19 IP range, please *
remarks: * contact [email protected] *
remarks: *******************************************************
admin-c: SBT7-AFRINIC
tech-c: MN1281-AFRINIC
tech-c: BAW1-AFRINIC
nic-hdl: TS3-AFRINIC
mnt-by: SMM-MNT
source: AFRINIC # Filtered
 
Top
Sign up to the MyBroadband newsletter
X