HELP: Someone is using my domain name to send spam

Bill Campbell linux-sxs
Mon May 17 11:48:59 PDT 2004 

On Thu, Jul 03, 2003 at 10:42:15PM -0400, Bruce Marshall wrote:
>On Thursday 03 July 2003 22:17 pm, Kurt Wall wrote:
>> Quoth Federico Voges:
>> > -----BEGIN PGP SIGNED MESSAGE-----
>> > Hash: SHA1
>> >
>> > Hi,
>> >
>> > I was hoping to get the spammer to stop using my domain name. But...
>>
>> Have you made sure you aren't an open relay?
>>
>> > The publicized site is www.prescriptioncabinet.biz and guess what?
>> > The registrant is from China!
>>
>> Kurt
>
>I think David Bandel went wild about 4 months ago when the same thing 
>happened to him.  He was going to try to 'do dirty' to the person who 
>was using his domain name (but not relaying thru him) but I don't recall 
>what ever came of it.
>
>Using an email address for the 'from' would be pretty easy and I'm sure 
>there's not much that can be done.

This is what's known as a ``Joe Job'', and anti-spammers are often the
target of this type of forgery.  I've been targeted several times by these.
On the other hand, I've had a customer joe-jobbed severely enough that we
had to change their MX records so all mail to them came through our servers
first since it was wiping out their 128k ISDN line.

I've also seen quite a few rejected relay attempts through our servers here
where the From: addresses are valid e-mail addresses on our network (or at
least addresses scraped from usenet postings).  This makes a certain amount
of sense since if they could relay through our servers, a From: address
that's in the relay raped domain would add to the deception.

Bill
--
INTERNET:   bill at Celestial.COM  Bill Campbell; Celestial Software LLC
UUCP:               camco!bill  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/

It is practically impossible to teach good programming style to
students that have had prior exposure to BASIC: as potential
programmers they are mentally mutilated beyond hope of
regeneration.
                -- Dijkstra

More information about the Linux-users mailing list