Spammer

  • deminois
  • Born
  • Born
  • deminois
  • Posts: 1
  • Loc: Atlanta, Georgia

Post 3+ Months Ago

Hello all,

I ran into an issue the other day that I have never had to worry about. A client of mine (I provide computer services for them) owns a domain and has a website hosted through Earthlink. They didn't know much about website design or anything else so they hired someone to create the site for them.

The website is http://greenspanmarketing.com. The issue is not the site itself. About two or more months ago someone in Poland (Found that out through an IP trace) and other places are sending spam using their domain name.

Example:

TO: najkn@something.com
FROM: bhbjd@greenspanmarketing.com

They get a lot of "Return to Sender" type email because apparently some of the addresses the spammer uses doesn't exsist or the message is blocked. It has an attachment named "Software.txt".

I told them I would try to investigate the issue. I don't believe that the email is coming from Earthlink's server (But it wouldn't surprise me). I know that you can mask an email saying it came from any domain. But my client asked how do large corporations keep people from doing this with their domain.

I honestly do not know what to tell these people or how to resolve the issue. If anyone has any advice AT ALL, I would greatly appreciate it. This has stressed them out and they fear that they will have to change their domain name.

I have verified that there are no trojans/viruses/spyware on their system including rootkits. I really don't know what to tell them. Any advice?

Thanks,
Myles
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Daemonguy
  • Moderator
  • Web Master
  • User avatar
  • Posts: 2700
  • Loc: Somewhere outside the box in Sarasota, FL.

Post 3+ Months Ago

It doesn't have to originate from their mail server.

All it takes is an open smtp server someplace on the internet and a minor knowledge of how command line sendmail interface functions to bluff your way through.

SpamHouses often provide the means of accomplishing just that.

I offer the following;

Code: [ Select ]

(no subject)  Inbox
        
prez@whitehouse.gov     
to undisclosed-re.
     More options     5:46 am (3 hours ago)
Hey bubba!  Can I count on you for your support?  WHen you comin' by the White House?
  1. (no subject)  Inbox
  2.         
  3. prez@whitehouse.gov     
  4. to undisclosed-re.
  5.      More options     5:46 am (3 hours ago)
  6. Hey bubba!  Can I count on you for your support?  WHen you comin' by the White House?


I made this email from a box I know of out there in the mist that is the Internet. Yet, in the from block (and reply to) it clearly states, from Prez@whitehouse.gov.

Only if you examine the header details will you notice the IP in which it originated.

Most people don't do that; most ISP's respond to the 'reply to' address.

In other words, check the headers; if the mail is originating from an external IP (to the mail hosts block) you have nothing to concern yourself over but unfortunately, you have no real recourse either.

Post Information

  • Total Posts in this topic: 2 posts
  • Users browsing this forum: No registered users and 24 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.