[support] Hi-Jacked Email Identity (possibly OT?)
Steven Peck
speck at blkmtn.org
Wed Dec 7 21:39:54 UTC 2005
Welcome to email hell. There are four major posibilities for you.
1. People who have your email address in their address book have been infected by a virus and are sending at random. This is your best hope as it may someday be fixed.
2. You're screwed. Domains and names get used by spammers. We did for a while. The best you can do is craft a one page email about what is happening and refer angry people to it when they send you email. Your hope of tracking them done is small. Email servers can claim to be someone else. Easily. This is why spam is easy. There is no real method to identify someone as who they say they are. There is a movement to establish SPF records as an identifier. An SPF record is essentially a DNS TXT record listing the IP Addresses that are authorized to send email on your behalf. Not a lot of people are using SPF records at this time for various reasons, but it can't hurt for you to set one up for your domain just to reduce the amount of email. More overview infomration on SPF is http://postmaster.aol.com/spf/details.html
3. Give up and change your domain name or at least have a new one you use for email and keep the website but turn off your MX records and make sure there is no SMTP server at your A record.
4. You have pop/imap mail and someone has cracked/stolen a password and is sending through your mail server. This happens more often then you think and at least you need to look thorugh your logs. :D
There are additional caveats and details I am skipping over but those are the four major ones. Note: softhome.net does not seem to be an Open Relay and you are tarpitting incoming port 25 connections with a connection delay.
I am an email administrator for a company. We receive approximatly 3 million messages a month. We block as spam, automatically deleted with no review, a little over 90% opf all messages. An additional small fraction of a precentage is grey listed and the recipients have to release them manually.
In any case, your use of Drupal has nothing to do with email except raise your visibility to others as a potential real name people recieve email from.
-sp
________________________________
From: support-bounces at drupal.org on behalf of Gunther Herzog
Sent: Wed 12/7/2005 8:34 AM
To: support at drupal.org
Subject: [support] Hi-Jacked Email Identity (possibly OT?)
Hello,
I wonder if anyone else has experienced the
following phenomenon, and whether or not it is
Drupal-related, and might possibly have an idea
as to the next course of action to take...
The following did not occur until AFTER I
started using Drupal (a few months ago), though
I have had my site and domain name for several
years.
Essentially, what I keep getting on a
more-than-daily basis is emails with
SUBJ: Delivery Status (failure)
FROM: postmaster@
Following the @ would be the domain of NUMEROUS
domains that were hit, with attempted delivery
to hundreds of email addressees. And that's just
the bogus ones--who knows what actually got
through.
My domain is now being filtered by MSN's
anti-spam and who knows how many others. I am
angry enough to offer any interested lawyer 100%
of the awarded fines in return for assistance in
tracking these people down and filing a
lawsuit.
As to Drupal... at first I thought it might be
that one of the add-on modules I'd installed was
insecure. Before diving into the code, I simply
disabled Email-This-Page module and Subscribe
module. And the problem still persists. My next
idea would be to pull down the entire site and
put up a simple "Down for Maintenance" page and
see if the problem persists.
Any ideas, folks?
PS if you feel this is too off-topic and not
Drupal related, go ahead and email me privately
instead.
--
Best regards,
Gunther mailto:storysmith at softhome.net
--
[ Drupal support list | http://lists.drupal.org/ ]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20051207/d1a025bf/attachment-0001.htm
More information about the support
mailing list