How to stop email forgery???

[Becca]

What can you do to stop someone from forging your email address on their bulk spam messages???

For the past week spammers have been forging my business website domain's email on their bulk spam. I have been receving hundreds of bounced messages back to that address that clearly show my domain's address in the "From" line along with made up names, each one different on each spam.

I am also getting complaints from angry people asking me to take them off my list and they are sick of receiving many of these same emails everyday.

Each bounced spam I receive has the same message, done in HTML. They are all identical except for several different website addresses. I did a whois and found that they are owned by the same person, a man in New York.

I tried emailing him to ask him to stop forging my domain's address on his bulk spam. But of course the email bounced back to me. I did a whois search for his webhost and tried emailing them, it also bounced back. So then I contacted the company where they registered their domain to report inaccurate contact information. I guess I have to wait 15 days before they can get back to me.

Now I am receiving bounced spam with different domains in the body, but the messages are the same as those before. So I did a whois search on these domains and they belong to a man in Russia! Of course his email is bogus too.
He is using the same webhost as the others so there is no sense in emailing them again.

I emailed my webhost for help as I figured they would be getting complaints about me, but so far they haven't. He said he traced the route to the spammers sites and it goes to China so probably they wouldn't reply to any emails anyway. He said he would check around to see what can be done about this abuse.

In the meantime, this is driving me crazy as well as costing me time and money and hurting my business site's reputation!

The spam emails all go to the same sites selling pills, called Canadian Pharmacy. I tried searching for the main company's site as I figured that they have signed up for an affiliate program with them, but could not find it. I looked for contact information on their site, but of course there is none. The only way to contact them is if you want to order by phone. But they don't give a number, you have to fill out a form with your telephone number so they can call you back.

Does anyone know of anything else I could try, or any place where I can report email forgery? Or should I just wait to hear back from my webhost to see what they think should be done about this?

 

[Myranya]

Did you try Spamcop? You can add a message when you report the spam, so you can make it clear you weren't just someone to receive spam but they've abused your address like that.

Unfortunately there isn't anything you can do to prevent this from happening; anyone can enter any info at all in the 'from' header. Of course sometimes this can be useful, like when you have multiple accounts, but it sure leaves lots of room for abuse. Seeing that two different people abused your email, did you accidentally do anything to piss them off? Like write a nasty reply to a spam? (usually the address doesn't work anyhow, however, it is safer to send abuse reports only to the host company, and use an anonymous service, and not to complain to the spammer -I've heard of cases before where a complainer's address was used to send out the next batch). Otherwise it may just be bad luck

 

[Becca]

I never reply to spam, it usually doesn't even get into
my inbox because I use MailWasher. So it can't be that.

I'm a little afraid to use SpamCop, they will analyze the
whole email and blacklist my domain, too. Actually it
won't do much good as they won't be able to send an
email to the spammers or their webhosts as they are
all bogus.

I think the spammers are actually the same person as
their emails are identical. He must have registered more
domains under a false name.

Yeah, it doesn't seem like there is much I can do, just
wait it out and see if they stop.

 

[SageTheRage]

from a weekly computer newsletter I receive...

Spam has become a big business for spammers and for the companies that create tools to fight the unwanted messages.

Since there is money to be made on both sides, the battle over control of your Inbox is pretty fierce.

Every time the spam filters catch on to a new exploit it forces the spammers to be more creative to bypass the filters.

The number of tricks used by spammers to assault millions of users every day grows daily. A couple of the tricks that can make filtering spam messages very difficult are often used together.

Because most e-mail programs today support HTML (Hyper Text Markup Language - the language used to create web pages) they can display large fonts and images within e-mail messages.

This allows a well meaning sender to send very attractive messages but it also allows spammers to create spam messages that are not text based, but rather image based. Since there is no way for an automated system to read the text embedded in an image, the text that accompanies the image will generally be used as the criteria to determine the content of the message.

Spammers know that if they send out millions of messages that are identical, even the most unsophisticated filters will quickly be able to determine that it’s spam and quickly begin filtering them all.

But, if every message actually looks different to the filters, the detection process becomes much more difficult. One of the primary methods of detecting common spam messages is to compare an incoming message to a library of ‘known spam’ messages.

If the spammers generate a unique string of text for every message then to most spam filters, the message will look different. This will require much more sophisticated algorithms on the part of the filtering system to determine the true status of the message.

So if both of these tactics are combined, the spam message is in the image at the top and the random text is at the bottom to ‘feed the filter’ a bogus string to fool it.

Spammers use what are known as ‘ratware randomizers’ to automatically generate these text strings. The sophistication level of these tools is such that they can often track which strings are getting thru the filters and which ones aren’t so that they can improve their success rate.

As a Netizen that averages over 800 messages a day (most of them are spam), finding sophisticated spam filters is a must. I have yet to find any single tool that can handle the kinds of loads that I have to deal with, but I have found the greatest successes to date with programs that use the ‘Bayesian’ filtering analysis.

The author's current favorite is Spambayes which is a free download.

Info provided courtesy of Data Doctors

 

[Myranya]

I'm a little afraid to use SpamCop, they will analyze the
whole email and blacklist my domain, too. Actually it
won't do much good as they won't be able to send an
email to the spammers or their webhosts as they are
all bogus.

Well, as I said, you can add a message to your report. If they only used your address in the 'from' header, they'll know it's fake and they won't blacklist it. The only way I can see them putting your domain on a blacklist is if there's more to it; if the spammer used not just your address but used your server as a re-mailer or open proxy. Then you better check with your sysadmin and make sure they fix that leak first! I've always found Spamcop to be pretty fair.

 

[WFK]

Thanks, Rage,

That explains the format of the increasing number of spam messages I am getting.
"Return to" is probably spoofed and likely stolen (like Becca's.)
Pure image messages seen more and more.
Also receiving messages with a meaningless string of characters in the text.