<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7226.0">
<TITLE>[support] Hi-Jacked Email Identity (possibly OT?)</TITLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText77848 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Welcome to email hell.
</FONT><FONT face=Arial color=#000000 size=2>There are four major
posibilities for you.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>1. People who have your email address
in their address book have been infected by a virus and are sending at
random. This is your best hope as it may someday be fixed.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>2. You're
screwed. </FONT><FONT face=Arial color=#000000 size=2>Domains and names
get used by spammers. We did for a while. The best you can do
is craft a one page email about what is happening and refer angry people to it
when they send you email. Your hope of tracking them done is small.
Email servers can claim to be someone else. Easily. This is why spam
is easy. There is no real method to identify someone as who they say they
are. There is a movement to establish SPF records as an identifier.
An SPF record is essentially a DNS TXT record listing the IP Addresses that are
authorized to send email on your behalf. Not a lot of people are using SPF
records at this time for various reasons, but it can't hurt for you to set one
up for your domain just to reduce the amount of email. </FONT><FONT
face=Arial size=2>More overview infomration on SPF is <A
href="http://postmaster.aol.com/spf/details.html">http://postmaster.aol.com/spf/details.html</A></FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>3. Give up and change your domain
name or at least have a new one you use for email and keep the website but turn
off your MX records and make sure there is no SMTP server at your A
record.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>4. You have pop/imap mail and someone
has cracked/stolen a password and is sending through your mail server.
This happens more often then you think and at least you need to look thorugh
your logs. :D</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>There are additional caveats and details I
am skipping over but those are t</FONT><FONT face=Arial size=2>he four
major ones. Note: <FONT face="Times New Roman" size=3>softhome.net
</FONT>does not seem to be an Open Relay and you are tarpitting incoming port 25
connections with a connection delay.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>I am an email administrator for a
company. We receive approximatly 3 million messages a month. We
block as spam, automatically deleted with no review, a little over 90% opf
all messages. An additional small fraction of a precentage is grey listed
and the recipients have to release them manually.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>In any case, your use of Drupal has nothing
to do with email except raise your visibility to others as a potential real name
people recieve email from.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2><FONT face="Times New Roman"
size=3>-sp</FONT></FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> support-bounces@drupal.org on behalf of
Gunther Herzog<BR><B>Sent:</B> Wed 12/7/2005 8:34 AM<BR><B>To:</B>
support@drupal.org<BR><B>Subject:</B> [support] Hi-Jacked Email Identity
(possibly OT?)<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>Hello,<BR><BR> I wonder if anyone else has experienced
the<BR> following phenomenon, and whether or not it is<BR>
Drupal-related, and might possibly have an idea<BR> as to the next course
of action to take...<BR><BR> The following did not occur until AFTER
I<BR> started using Drupal (a few months ago), though<BR> I have had
my site and domain name for several<BR> years.<BR><BR> Essentially,
what I keep getting on a<BR> more-than-daily basis is emails
with<BR><BR> SUBJ: Delivery Status (failure)<BR> FROM:
postmaster@<BR><BR> Following the @ would be the domain of
NUMEROUS<BR> domains that were hit, with attempted delivery<BR> to
hundreds of email addressees. And that's just<BR> the bogus ones--who
knows what actually got<BR> through.<BR><BR> My domain is now being
filtered by MSN's<BR> anti-spam and who knows how many others. I
am<BR> angry enough to offer any interested lawyer 100%<BR> of the
awarded fines in return for assistance in<BR> tracking these people down
and filing a<BR> lawsuit.<BR><BR> As to Drupal... at first I thought
it might be<BR> that one of the add-on modules I'd installed was<BR>
insecure. Before diving into the code, I simply<BR> disabled
Email-This-Page module and Subscribe<BR> module. And the problem still
persists. My next<BR> idea would be to pull down the entire site
and<BR> put up a simple "Down for Maintenance" page and<BR> see if
the problem persists.<BR><BR> Any ideas, folks?<BR><BR> PS if you
feel this is too off-topic and not<BR> Drupal related, go ahead and email
me privately<BR> instead.<BR><BR>--<BR>Best
regards,<BR> Gunther
<A
href="mailto:storysmith@softhome.net">mailto:storysmith@softhome.net</A><BR><BR>--<BR>[
Drupal support list | <A
href="http://lists.drupal.org/">http://lists.drupal.org/</A>
]<BR><BR></FONT></P></DIV>
</BODY>
</HTML>