LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 09-26-2007, 03:51 AM   #1
khinch
Member
 
Registered: Apr 2007
Location: Carlisle, UK
Distribution: Debian
Posts: 73

Rep: Reputation: 18
Did I send 1000+ spam emails this morning?


On average I receive around 20-30 spam emails daily, with the usual subject matters that try and entice me to buy something I don't need, expand a part of my body or watch something I don't want to see. Occasionally mixed in with them I get some "mail undeliverable", "postmaster notification" or "mailer daemon" etc, which I disregard along with all the other spam.

This morning, however, I clicked Thunderbird's get-mail button only to see 1379 emails waiting for me. The vast majority of these emails are of the undeliverable type. What has just occurred to me is that some spammer could be putting my email address either in the sender box or the replyto box when the email is being sent. I have had a look at some of the full email headers and they appear to be genuine bounced emails, with an email address at my domain as the sender. Since I have a catch-all on my address, all emails to my domain come to me.

Can anyone tell me how to find this out for sure?

I know some people are going to suggest a better email provider with a spam filter, but that's another story and for the last few months I have lived with the serverside spam filter off.
 
Old 09-26-2007, 08:20 AM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
Congratulations! You've just joined the millions of users who have been the victim of a joe job. The unfortunate reality is that there is nothing you can do about this other than set Thunderbird to ignore addresses that aren't legitimate for your domain.
 
Old 09-27-2007, 06:39 AM   #3
khinch
Member
 
Registered: Apr 2007
Location: Carlisle, UK
Distribution: Debian
Posts: 73

Original Poster
Rep: Reputation: 18
Bah! So this happens so much it even has its own name! Well, at least I'm not the only one - not that I ever thought that'd be the case.

I did a little investigation yesterday. By sending emails from one account (with Thunderbird) to another account (free online from ISP) I tried to make it look like it was from someone else. I noticed it was incredibly easy to make it appear from someone else just by changing two settings in Thunderbird.

Something interesting I noticed was that my outgoing mail server will not accept any outgoing mail where the sender's email address is from a non-existing domain. Therefore, it must perform some sort of DNS check against valid domain names before it allows new mail to pass. If that's true then it seems a very simple task to also perform a lookup of the sender's address against what it should be. I.e. the mail server knows who I am because I had to provide a login and password, so it should also know what email addresses are valid for my login name, then disallow all invalid addresses. Surely this would solve many of the world's spam problems? (not all of course, there is no magic bullet, I think).

P.S. If anyone else decides to do this, please remember to put your details back when you're finished. I got disturbed and forgot, consequently all my outgoing emails yesterday afternoon and this morning appear to be from "The Mad Spammer <sirspamsalot@amazon.com>". Bah, and double BAH!
 
Old 09-27-2007, 08:24 AM   #4
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,791
Blog Entries: 1

Rep: Reputation: 414Reputation: 414Reputation: 414Reputation: 414Reputation: 414
One thing to keep in mind is that I don't believe that the person(s) pulling off the joe job with your domain is using your email server. I'm pretty sure they've got their own setup and are just hijacking your domain name.

But you hit on an important point which is that the entire email protocol is based on the belief that everyone using it will behave responsibly. Unfortunately that has turned out to be an exceedingly naive assumption.
 
Old 09-30-2007, 02:08 PM   #5
khinch
Member
 
Registered: Apr 2007
Location: Carlisle, UK
Distribution: Debian
Posts: 73

Original Poster
Rep: Reputation: 18
Talking of email protocols etc, I came across this: Receiver Initiated Authentication and thought people might be interested. Warning: it's a long read.
 
Old 09-30-2007, 02:17 PM   #6
bryantrv
Member
 
Registered: Jan 2005
Location: DeLand, Florida US
Distribution: Debian Etch
Posts: 91

Rep: Reputation: 15
There is also OpenSPF (Sender Policy Framework). I've used it for a bit (though my server changed and my web host didn't move my mx records correctly, so I have to set it up again... arghhh).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hotmail tags emails from my server as Junk/Spam kokari Linux - Software 6 03-05-2007 10:16 PM
Problem about spam emails kkeith Linux - Newbie 1 09-06-2006 04:30 AM
All my outgoing emails suddenly bounce as spam! ivj Linux - Software 5 05-18-2006 02:22 PM
procmail and spam -- do not send out of office auto replay to spam draix Linux - Software 0 12-30-2004 09:35 AM
Rejecting Spam Emails vk1985 Linux - Networking 3 04-11-2003 05:36 AM


All times are GMT -5. The time now is 09:56 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration