Spam Mail from My Account

[kev woodman]

Some dirty spammer is using faked email addresses from my domain to send out mail and I'm getting a lot of bounced messages as a result.

Has anyone ever come across this problem before and is there any way of stopping it?

[Administrator]

have you set catchall for your domain name ?

If yes then remove it asap. also check if you have SPF records for your domain name. If not then I can set those for you but I'll need to know if its your main domain or any of the other domains under your account.

[Cassie]

We have often had this problem.

What is Catchall and how do you remove it?

What are SPF records?

I know that this problem is causing some of our genuine emails to be held up as spam by some isp's - it usually clears itself within a couple of weeks but then happens again a couple of months later.

If there is something we can do or somehow we can tell the isp's that we are not spammers I would really like to know how.

Really difficult to run an internet business when emails don't get through.

[Administrator]

What is catchall ?
"catchall"will act as a "catch-all" account for any non-specified or misspelled username, as long as the domain name is correct. You will be able to retrieve these messages at the mail account you specify. You can disable catchall from your control panel. simply open mail forwarders section which is under email section in your control panel and put ":fail:" as the default email address over there to disable catchall.


What is SPF ?
Sender Policy Framework (SPF) is an attempt to control forged e-mail. SPF is not directly about stopping spam – junk email. It is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren't. While not all spam is forged, virtually all forgeries are spam. SPF is not anti-spam in the same way that flour is not food: it is part of the solution.

It wont be possible for you to setup SPF records so open a ticket from our helpdesk and ask our support people to setup SPF records on your domain name.

[Cassie]

Thanks for the info.

When you said remove catchall asap to kev was this so he didn't get the bouncebacks? Or was there a more important or sinister (not you - the spammers) reason.

It's just that many of our customers are getting on a bit (knitting yarn site ) and often spell our email addresses wrong. I also made the mistake of using quite a lot of pre@ words in the past for various things on the website. While I am trying to correct this and unify them, quite a few customers will have them in their contacts list. Therefore I often get emails misspelled or to old email addresses so dare not completely delete these without viewing them first (I use mailwasher so can usually spot spam a mile off without opening).

The Sender Policy Framework (SPF) sounds interesting though and will do that.

Is there anyone we can complain to if our domain is getting blacklisted?

[Administrator]

Quote:

Originally Posted by Cassie

Is there anyone we can complain to if our domain is getting blacklisted?

We will need to investigate and find out the reason for blacklisting of your domain name. You can setup multiple forwarders for all types of misspelled email addresses but short route of catchall is going to create more problems for you.

[kev woodman]

That's a good idea about the redirects. If you have a lot of common misspellings set them all up as emails and forward them all to one address. We've had a domain blacklisted by hotmail before but managed to get it unblocked by emailing them and explaining that we were legit.

[Cassie]

Not sure I understand why the catchall is going to create problems - can you be more specific

[Cassie]

We don't always know we have been blocked until a customer complains we have not contacted her. All we know is we get hundreds of bounce backs each day and we didn't send any of the emails. We assume this is cause some isp's to block us but in the past have had no luck with contacting them to unblock us. Spam Assassin often blocks us and never get back when we email them which is why I won't use it on here - don't trust it to work.

[kev woodman]

Well a catchall means that any email address ending @yourdomain.com is effectively a valid email so a spammer can generate ransom prefixes and they are all going to generate a response from your mail server if they get bounced e.g. the catch-all on my domain was set to forward all the mail it received to my normal mail account. So the spammer creates an email from an address called rubbish@mydomain.co.uk and sends it to an invalid email. This message gets bounced and my mailserver gets a 'not a valid account' message back - without a catchall my mailserver will look at the rubbish address and send its own invalid message back. With a catchall it instead forwards the bounced mail on to my normal address and as a result my own mailserver ends up spamming me.

[Administrator]

they send spams using scripts and put your email address in sender, error-to and reply-to field. This way the destination server ( which is getting spammed ) sends "hello" message to server hosting your domain name and the server tries to verify if the sender email replies with "OK" or not. when you setup catchall our server will respond to the hello message with "Hello OK" and the spam will get delivered to one who was targeted by spammers.

You come to know about it when you get bounceback messages but very few messages bounce back. most of those spams get delivered advertising your email address as spammer.

when you don't setup catchall then the scripts of spammers find it difficult to find working email addresses on your domain name and their scripts report delivery errors before starting so they remove your domain name from their list.

I hope I have explained this properly coz I've tried to explain it from server side.

[Cassie]

OK so the best way is to try and think what customers will use or misspell and add that as a forwarder. Anything else will just be deleted.
So presumably if a customer uses a name we haven't thought of they will get a bounce back and (hopefully) try again with a different name.
That all seems plain (if I got it right) and I seem to be getting the hang of forwarded emails etc in cpanel.
Better get my customer head on and think of some words and check all the silly names I used in the pass on the website.

[Cassie]

just changing some of the filters I had set up already and came across a question.
I used to have bad words (won't say them here) filtered to a spacific email address so I knew they were spam.
I just changed to discard message but when I went back in to add another bad work it had changed to "deliver to folder" and "/dev/null".
Is this the same as, as good as, better than - discard message?

And how long does it take for filters to be active?

And is it better to put filters on "user level" or "account level" filtering option?

[Cassie]

I just did a test filter in cpanel for one of the things I have filtered to discard which has now changed to dev/null and I get the following at the bottom even though at the top it says it matches a filter

Deliver message to: me@mydomain.co.uk
Save message to: /dev/null 0660

This would logically mean that the message would still be delivered to my email even though it contains stuff which should filter it to be discarded - am I right or am I reading this whole thing wrong? I have been racking my brains all night and setting up filters etc. Perhaps I need a drink

[Administrator]

set those to be delivered to :fail:

simply put this in the forwarder field ":fail:" and those messages will bounceback directly without saving anything on the server or any of your mailbox.