-   Linux - Newbie (
-   -   Did I send 1000+ spam emails this morning? (

khinch 09-26-2007 03:51 AM

Did I send 1000+ spam emails this morning?
On average I receive around 20-30 spam emails daily, with the usual subject matters that try and entice me to buy something I don't need, expand a part of my body or watch something I don't want to see. Occasionally mixed in with them I get some "mail undeliverable", "postmaster notification" or "mailer daemon" etc, which I disregard along with all the other spam.

This morning, however, I clicked Thunderbird's get-mail button only to see 1379 emails waiting for me. The vast majority of these emails are of the undeliverable type. What has just occurred to me is that some spammer could be putting my email address either in the sender box or the replyto box when the email is being sent. I have had a look at some of the full email headers and they appear to be genuine bounced emails, with an email address at my domain as the sender. Since I have a catch-all on my address, all emails to my domain come to me.

Can anyone tell me how to find this out for sure?

I know some people are going to suggest a better email provider with a spam filter, but that's another story and for the last few months I have lived with the serverside spam filter off.

Hangdog42 09-26-2007 08:20 AM

Congratulations! You've just joined the millions of users who have been the victim of a joe job. The unfortunate reality is that there is nothing you can do about this other than set Thunderbird to ignore addresses that aren't legitimate for your domain.

khinch 09-27-2007 06:39 AM

Bah! So this happens so much it even has its own name! Well, at least I'm not the only one - not that I ever thought that'd be the case.

I did a little investigation yesterday. By sending emails from one account (with Thunderbird) to another account (free online from ISP) I tried to make it look like it was from someone else. I noticed it was incredibly easy to make it appear from someone else just by changing two settings in Thunderbird.

Something interesting I noticed was that my outgoing mail server will not accept any outgoing mail where the sender's email address is from a non-existing domain. Therefore, it must perform some sort of DNS check against valid domain names before it allows new mail to pass. If that's true then it seems a very simple task to also perform a lookup of the sender's address against what it should be. I.e. the mail server knows who I am because I had to provide a login and password, so it should also know what email addresses are valid for my login name, then disallow all invalid addresses. Surely this would solve many of the world's spam problems? (not all of course, there is no magic bullet, I think).

P.S. If anyone else decides to do this, please remember to put your details back when you're finished. I got disturbed and forgot, consequently all my outgoing emails yesterday afternoon and this morning appear to be from "The Mad Spammer <>". Bah, and double BAH!

Hangdog42 09-27-2007 08:24 AM

One thing to keep in mind is that I don't believe that the person(s) pulling off the joe job with your domain is using your email server. I'm pretty sure they've got their own setup and are just hijacking your domain name.

But you hit on an important point which is that the entire email protocol is based on the belief that everyone using it will behave responsibly. Unfortunately that has turned out to be an exceedingly naive assumption.

khinch 09-30-2007 02:08 PM

Talking of email protocols etc, I came across this: Receiver Initiated Authentication and thought people might be interested. Warning: it's a long read.

bryantrv 09-30-2007 02:17 PM

There is also OpenSPF (Sender Policy Framework). I've used it for a bit (though my server changed and my web host didn't move my mx records correctly, so I have to set it up again... arghhh).

All times are GMT -5. The time now is 01:02 PM.