"someone" was infected by a virus and is spamming all yahoo email in his address book, with my email as reply-to recipient!
A really wonderful experience, you should try it, getting 10 emails per hour from the great MAILER-DEMON@yahoo.com
(on a side note: why they reply every time? can't they see that the IP address doesn't match the email domain IP?)

I know that's someone infested by virus because the IP address of the email is always the same (213.10.92.222).

My question is: what can I do to stop this madness? at first I just made a filter in outlook to delete emails directly from server, but when I read my emails with PDA that's bad because I can't do that (and I waste money).
I tried to setup a email filter in CPanel but for some unknown reason doesn't work... bah :(

Find out who owns that IP address. The ISP has an obligation to help prevent or filter such crap, I think. At the very least, they are responsible for allowing spam to leave their domain.

I believe you can run traceroute on the IP in question and it should tell you which ISP it ends up at.

Yes thanks :) traceroute worked, ended up to be in Netherland (I won't say the company publicly).
I'll try to contact them, just to advise of this fact.

welcome to hell.
My domain is often the target of a 'joe job', where millions of spams and viruses are sent out seemingly from my web address. The latest ones even include a link to my URL and the virus often contains a 'positech.doc' attachment.
I get maybe 30 failure bounces a day thanks to the low life moron sending this crap in my name.
I seriously think its time that ISPs and software companies got off their ass and did something about spam and viruses. It just should not be possible for an email with forged heafers to make its way past a single router.
Im still hoping for the death sentence for serial spammers, or a 30-50 year jail sentence at least.

I saw a link the other day to a story of a spammer who got 9 years in prison for it. Times are maybe changing...

This problem got so bad for me that I had to get my own ServInt VPS web server just for the 200GB per month bandwidth. Before this I was getting up to 20 emails per second. No low-end web host would work with my domain because it throttled their mail server. The only email host that would work with me had to charge $100+ per month in bandwidth overage charges. So now I spend $50 per month for VPS to save $100 in email bandwidth. I also control my own email server configuration with server-side virus scanning and spam filters, so it has really improved. Almost nothing gets through now.

I also set up SPF for my domain to help block emails in the wild that are spoofing my domain. Some larger ISPs have adopted SPF blocking, so it has some effect. You can read more about how it works here:

http://spf.pobox.com/

Not that this will help, but I've been a victim of this kind of attack now for almost a month. Hundreds of junk bounces per day. It is utterly ridiculous. I think the proper term for the attack is "backscatter." There doesn't seem to be a lot that can be done about it directly. It makes email just that much more useless for me. Ugh.

re:SPF
That looks like a great idea. i went to the page, but I'm a bit clueless about all this MX and DNS business. I know the domain anme of my ISP and the other ISP (spamcop) I use, Im just not sure how to go about setting up the records there.
they need a 'setting this up for non geeks' page. I'd happily do it.

"someone" was infected by a virus and (...)

Me? :p

__________________
No signature available at this time. -Management

Hehe no, not you :) unless you live in netherlands... :o

EDIT: I agree, the SPF is very good system, I had it installed on my other domain winterwolves.net and worked fine. However since now I have my own server I have no clue how to install it myself... :) I tried to run the wizard but talks about BIND... what is it? :eek:

I seriously think its time that ISPs and software companies got off their ass and did something about spam and viruses. It just should not be possible for an email with forged heafers to make its way past a single router.


Unfortunately, that won't happen until everyone along a chain adopts IPV 6 which has a security payload field. I don't see that happening anytime soon simply because of the economics involved with upgrading everything - IPV 4 (which is pretty much what everyone runs on now) and IPV 6 are incompatible.

Wait until we have an internet version of Sep 11 - then we'll see some changes.
How tragic :(

Anthony

I tried to run the wizard but talks about BIND... what is it? :eek:

BIND is another (older) name for the named server which handles DNS. Assuming you are running a Linux/Unix style server, you most likely have this running. If you are handling the DNS for your domain yourself, then you must have a DNS server as this is how other computers find your server's ip address. However, if the DNS is being handled by your ISP, you may not have one setup like that. It looks like in order to use SPF you need to be managing your own DNS too. If you are not managing your own DNS, then I suspect your ISP would have to be the one setting up SPF.

I should really look more into SPF. I didn't think it'd make a lot of difference with spam yet, but from what others here have said, it might be more useful than I had suspected. :) (I have my own server too as I've been running a large files site for the (mostly dead) BeOS: BeBits (http://www.bebits.com).)

SPF is simply an additional text record in your DNS zone. All it does is list domains that you authorize your emails to come from. It is up to a receiving mail server to check the SPF entry for incoming mail.

AOL is an ISP that does this. An incoming email's "From" domain is checked for an SPF record. If the domain has one, AOL checks the email headers to make sure the email originated from a domain authorized in the SPF record. If not, the email address is considered to be spoofed and AOL deals with it without sending it to the recipient. I think most ISPs using this just delete the incoming email. I have gotten much less bounceback from spoofed emails after I added SPF.

You should think carefully when setting this up. SPF was created with standard businesses in mind, where the company computers and email servers are within the company's domain zone. Most of us aren't set up this way, with outgoing email sent through an ISP instead. If you don't authorize your ISP's domain in your SPF record, your email will be considered spoofed by SPF and blocked by some ISPs.

There is a tool on the SPF site that will help you set up the text for the DNS record. Once you have that, you can ask your web host to add it to your domain as a TXT record, or add it yourself if you have access.

if aol are using it, this is certainly worth doing. I might email my ISP about it.
Anything that reduces the number of spoofed emails from my domain is going to be a huge bonus.
I presume if everyone setup such records, the problem would dissapear yes?

You should think carefully when setting this up. SPF was created with standard businesses in mind, where the company computers and email servers are within the company's domain zone. Most of us aren't set up this way, with outgoing email sent through an ISP instead. If you don't authorize your ISP's domain in your SPF record, your email will be considered spoofed by SPF and blocked by some ISPs.
Well actually I see more and more hosting services using secure STMP to send email, so that the email get sent by mail.yourdomainname.com and not by smtp.aol.com :) so in the near future this shouldn't be anymore a problem.

Wait until we have an internet version of Sep 11 - then we'll see some changes.
How tragic :(

Anthony

Yeah, I can just see Reuters reporting the death of "6000Gb of pornography" in their headlines. ;)

Tom, I can't believe you were getting 20 e-mails A SECOND! That's gob-smacking and either speaks of you being very successful and therefor targetted or having really lousy luck.

Tom, I can't believe you were getting 20 e-mails A SECOND!It has happened to me at least four times that past web hosts informed me of. PowWeb was the last host to shut off my email before I went to a dedicated email provider willing to work with the load. It gets worse when a new virus really gets loose. Now that I use a VPS server, I like tracking all of it myself. Currently I'm only getting ~20 emails per minute.
That's gob-smacking and either speaks of you being very successful and therefor targetted or having really lousy luck.My free version distribution is in the millions, with the majority of users not very technically minded. Most of the email I get appears to bouncebacks from spoofed email addresses sent by viruses on casual users' computers who don't know they have the virus. SPF has cut some of that down, so I was glad I added it.