[support] Hi-Jacked Email Identity (possibly OT?)

Steven Peck speck at blkmtn.org
Wed Dec 7 21:39:54 UTC 2005 

Welcome to email hell.  There are four major posibilities for you.
 
1.  People who have your email address in their address book have been infected by a virus and are sending at random.  This is your best hope as it may someday be fixed.
 
2.  You're screwed.  Domains and names get used by spammers.  We did for a while.  The best you can do is craft a one page email about what is happening and refer angry people to it when they send you email.  Your hope of tracking them done is small.  Email servers can claim to be someone else.  Easily.  This is why spam is easy.  There is no real method to identify someone as who they say they are.  There is a movement to establish SPF records as an identifier.  An SPF record is essentially a DNS TXT record listing the IP Addresses that are authorized to send email on your behalf.  Not a lot of people are using SPF records at this time for various reasons, but it can't hurt for you to set one up for your domain just to reduce the amount of email.  More overview infomration on SPF is http://postmaster.aol.com/spf/details.html
 
3.  Give up and change your domain name or at least have a new one you use for email and keep the website but turn off your MX records and make sure there is no SMTP server at your A record.
 
4.  You have pop/imap mail and someone has cracked/stolen a password and is sending through your mail server.  This happens more often then you think and at least you need to look thorugh your logs. :D
 
There are additional caveats and details I am skipping over but those are the four major ones.  Note:  softhome.net does not seem to be an Open Relay and you are tarpitting incoming port 25 connections with a connection delay.
 
I am an email administrator for a company.  We receive approximatly 3 million messages a month.  We block as spam, automatically deleted with no review, a little over 90% opf all messages.  An additional small fraction of a precentage is grey listed and the recipients have to release them manually.
 
In any case, your use of Drupal has nothing to do with email except raise your visibility to others as a potential real name people recieve email from.
 
-sp
 

________________________________

From: support-bounces at drupal.org on behalf of Gunther Herzog
Sent: Wed 12/7/2005 8:34 AM
To: support at drupal.org
Subject: [support] Hi-Jacked Email Identity (possibly OT?)



Hello,

  I wonder if anyone else has experienced the
  following phenomenon, and whether or not it is
  Drupal-related, and might possibly have an idea
  as to the next course of action to take...

  The following did not occur until AFTER I
  started using Drupal (a few months ago), though
  I have had my site and domain name for several
  years.

  Essentially, what I keep getting on a
  more-than-daily basis is emails with

  SUBJ: Delivery Status (failure)
  FROM: postmaster@

  Following the @ would be the domain of NUMEROUS
  domains that were hit, with attempted delivery
  to hundreds of email addressees. And that's just
  the bogus ones--who knows what actually got
  through.

  My domain is now being filtered by MSN's
  anti-spam and who knows how many others. I am
  angry enough to offer any interested lawyer 100%
  of the awarded fines in return for assistance in
  tracking these people down and filing a
  lawsuit.

  As to Drupal... at first I thought it might be
  that one of the add-on modules I'd installed was
  insecure. Before diving into the code, I simply
  disabled Email-This-Page module and Subscribe
  module. And the problem still persists. My next
  idea would be to pull down the entire site and
  put up a simple "Down for Maintenance" page and
  see if the problem persists.

  Any ideas, folks?

  PS if you feel this is too off-topic and not
  Drupal related, go ahead and email me privately
  instead.

--
Best regards,
 Gunther                          mailto:storysmith at softhome.net

--
[ Drupal support list | http://lists.drupal.org/ ]



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20051207/d1a025bf/attachment-0001.htm

More information about the support mailing list