Spammers use spammee’s domain
The latest trend I’ve spotted, is a spammer that uses a nonsensical e-mail address on the same domain as the spam recipient’s e-mail address to send from.
This particular spammer also uses zombies and doesn’t get past my filters, so I don’t have any samples. Maybe someone else has samples?
I saw a pair of e-mails that were rejected. One was from one of our users to the other. The other was vice versa. The names of the users are similar (same first name), and on the same domain. Both mails were sent from zombies.
A few other mails were from bastardizations of legitimate e-mail addresses on a domain, with recipients from the same domain.
They experiment all the time, to try and get past the maximum amount of filters…
May 24th, 2006 at 4:57 am
I see this a lot. I don’t have any samples to hand, but in my junk folder back home I have hundreds of them.
I often get spam that is from or to [random fake name], [realuser]@domain.com, seems to arrive at my address via a BCC a lot of the time. Sometimes I see [real name] [randomfakeuser]@domain.com.
Where domain.com is a domain I have full control of and know every single account on. There are in the order of 40 valid email addresses on that domain.
The content of the mails does not seem to be of a particular theme. Always spam of one form or another. Perhaps there is a particular botnet/service that has this behaviour and a lot of customers using it?
October 25th, 2006 at 11:12 am
I just came across this problem yesterday (today’s Oct. 25th) and I can get examples if they would be useful.
This type of spammer hit my girlfriend’s website and started flooding her with emails from her own domain, usually with nonsense . This is a real problem, because she uses disposable addresses at her domain as a (probably rudimentary) way to track and block spammers (so the library would get library@herdomain.com and the grocery store might get groceries@herdomain.com). When someone sells one of her addresses, she simply turns off that address. However, it seems the way around this is to spam tons of possibilities from her domain so she can’t block the domain and there are too many random emails to block all the recieving addresses.
She asked me to help her out, but unfortunately, I have no idea how to stop this. Though we’re both a somewhat tech savvy, but we’re not particularly smart in the area of spam.
Does anyone have ideas on how to stop it? Any help would be really appreciated.
October 25th, 2006 at 2:08 pm
Yes, there’s a very simple solution. And it’s the ONLY solution to this problem: Turn off catch all. A lot of legitimate mail will bounce until she figures out how to create forwards for all the “e-mail addresses” she gave out. But that’s the price she has to pay for using that solution.
It was touted as a good solution years ago. But today it’s a really bad idea.
Before large scale spamming with fake return addresses.
October 25th, 2006 at 5:15 pm
In my postfix configuration only authorized user can send email with it’s own envelope address. The trick is to use reject_sender_login_mismatch and blacklist your own doman (with message: 550 send me valid login and password) just after reject_unauth_destination.
For Drew Neilson friend I would reccomend publishing addresses like: friend@grocery.herdomain.tld, friend@library.herdomain.tld and simply remove DNS MX,A entries after the email was compromised.
November 15th, 2006 at 3:52 pm
I have the same problem, spammers use my domain to send me junk. I had one bypass address but now I have eliminated. I have no idea how to set up the instructions written below. Which files do I modify?
The trick is to use reject_sender_login_mismatch and blacklist your own doman (with message: 550 send me valid login and password) just after reject_unauth_destination.