Portal Home > Knowledgebase > Articles Database > Email Abuse
Email Abuse
| Posted by mrservon, 06-25-2008, 11:56 AM |
| Apparently smtp servers from other countries are using our email addresses in the 'reply to'. Because of this much failed messages replies (message is blocked; user doesn't exist) are returned to our email accounts. Is there a way to handle abuse like this? We aren't an open relay but for some reason all the mail is coming back to us. Is there a way to combat this?
|
| Posted by ub3r, 06-25-2008, 12:39 PM |
| Not really. That's an inherent vulnerability in the smtp protocol. You may want to look into setting up an SPF record, which will stop the issue on some servers, but not all.
http://www.openspf.org/
The chances that your email serve has been hacked are minimal, they are most likely forging the headers, and sending from one or more of their own machines.
|
| Posted by mrservon, 06-25-2008, 03:53 PM |
| Can't we find the physical addresses of these relayed servers and go over there and physically unplug them? This is ridiculous that there is no liability on the net. (Pardon, just a bit green horned still in web hosting).
|
| Posted by SPaReK, 06-25-2008, 04:08 PM |
| What addresses are the messages coming into? The majority of the time these hit an account's default address, the place where mail for asdf@yourdomain.com, xyz@yourdomain.com, etc. goes when that certain e-mail address is not set up. How do you have your default address set up? Are you using a control panel?
You can block the servers from reaching your server, you will need to read through the headers that are sending you these messages and block those IPs on your server. However, this is usually a vast number of IP addresses so blocking those IPs is not really feasible.
I suspect that you are checking your account's default address and it is being flooded with these messages. If you set your default address to discard messages and then set up e-mail accounts or forwarders for real e-mail addresses that you expect to receive e-mail at, you will stop receiving these and you will also cut out a lot of your spam.
|
| Posted by ub3r, 06-25-2008, 04:53 PM |
| no, i'm afraid reality doesn't work that way. Unless you have a lot of frequent flier miles, and a team of ninjas, i don't think you'll reach the datacenter the spamming machine is at.
Welcome to the internet.
|
| Posted by Xeentech, 06-25-2008, 11:09 PM |
| You could maybe have your MTA use some certain format for message IDs, then filter "bounce" notices based on the original ID. If it's not an ID in the format your MTAs would generate you can safely drop it.
|
Add to Favourites 
Print this Article
Also Read
