Comments on: Got spam? Let us know

By: Shadyman

Shadyman — Sun, 06 Jan 2008 01:30:34 +0000

More of the spam that I get are autoresponders, "User Not Found" or "Your spam has been blocked". Sounds like someone's having a field day with my domain.

Ways to help it: Don't set up a "Postmaster" or "catchall" email box: That will end up with the most spam like this. Bounces get bounced :)

Again, email spoofers SUCK, and must be smacked.

By: Warren

Warren — Sat, 05 Jan 2008 21:21:58 +0000

Haven’t gotten any spam from you, but I do once in a while get a bounce of a spam that has been spoofed to look like it came from me, so I’d appreciate any advice on tracking down (etc.) spammers.

By: Madd_matt

Madd_matt — Fri, 04 Jan 2008 10:35:27 +0000

"ISPs should only allow correct header info".

Many do. However, that isn't going to stop anybody who controls their own email server. I can load up sendmail on my machine right now and send all the mail claiming to be from hackaday I want.

the Sender Policy Framework is designed to mitigate this problem. The recieving server confirms against a DNS record that the server sending mail is permitted to do so.

I notice that Hackady does not have SPF records set up. This is probably one of the best tools at your disposal to stop these forged emails.

By: tbare

tbare — Fri, 04 Jan 2008 04:29:08 +0000

I have a php script on my site that sends ‘x’ URL via e-mail from the sender’s e-mail so that when the message is replied to, it goes back to the sender, not wannafork… works well to keep from MY mail server from getting crowded… not hard to do at all, and doesn’t look like it’s from my server at all…

By: pete

pete — Fri, 04 Jan 2008 04:17:42 +0000

I wish the ISPs would only allow CORRECT header info to spew from their servers…

How is it possible/allowed for people to falsify the from header?? Should be MANDATORY for servers to display CORRECT infoamtion…. So spammers can be TRACKED and STOPPED!… And sterilized.

By: ejonesss

ejonesss — Fri, 04 Jan 2008 02:01:58 +0000

probably the spammer posted a comment to the site then got the confirmation email then got the email address from the from line and crafted a phish message from the details.

i hope we dont have to resort to decoding captcha's to send comments.

By: Norm

Norm — Thu, 03 Jan 2008 23:51:36 +0000

There is a way to block spoofed email addresses. There is a new type of DNS record that you may be interested in. It has its good and bad points. Its called SPF (Sender Policy Framework).
http://www.openspf.org/
http://en.wikipedia.org/wiki/Sender_Policy_Framework

By: snorkle256

snorkle256 — Thu, 03 Jan 2008 22:58:22 +0000

http://www.siteadvisor.com/sites/hackaday.com

Seems to show you fine there. A whopping 2.9 emails per month (Wtf? They only got 2 :P )

By: Dax

Dax — Thu, 03 Jan 2008 22:57:57 +0000

eek, html formatting stripped out some details, on step 5 use: rcpt to: nospace < nospace emailaddress nospace >

and do the same thing for step 4.

By: Dax

Dax — Thu, 03 Jan 2008 22:55:37 +0000

Today on Hack-a-day: How to spoof emails

1. Open a command prompt
2. Type telnet name.of.your.ISP.mailserver 25
3. type: helo
4. type: mail from: (this can be any address you want to spoof email from)
5. type: rcpt to:
6. type: data
7. type: subject=spoofed email from HAD!
8. type whatever you want in the email message
9. end the message with a . on a new line

Presto-Changeo people start complaining they are getting spam sent from hackaday.com

By: O Mattos

O Mattos — Thu, 03 Jan 2008 22:06:38 +0000

It’s in such low volumes I presume it’s spammers spoofing the domain. I own a domain that never sends out any emails (web site only, no email addresses) and I sometimes get people claiming I sent them spam.

Not really much that can be done about it…

By: Tom

Tom — Thu, 03 Jan 2008 21:12:28 +0000

Here’s what I have from my Barracuda. In CSV. I removed you domain from the senders.
“Sender Whitelisted”,Time,From,To,Subject,Action,Reason,Score,”Encryption Status”,Size,”Source IP”,”Delivery Status”,ID
No,”2007-12-09 11:56:25″,EarleneBritton@YOURDOMAIN.com,garza@MYDOMAIN.com,,Blocked,”Invalid Recipient”,,None,,unknown[41.251.84.89],,1197219384-7451-10809-1
No,”2007-12-07 12:06:41″,TamikaroachJoiner@YOURDOMAIN.com,garner@MYDOMAIN.com,,Blocked,”Invalid Recipient”,,None,,pool-71-127-12-214.spfdma.east.verizon.net[71.127.12.214],,1197047200-7447-9248-1

By: Jeff Ramsey

Jeff Ramsey — Thu, 03 Jan 2008 20:34:04 +0000

I have blocked 2 spam messages in the last 7 days with a from domain of hackaday.com. Where do I email the headers?

By: Skyler Orlando

Skyler Orlando — Thu, 03 Jan 2008 20:32:18 +0000

I could imagine myself doing something like that...

almost. Not quite.
I suspect it's someone's idea of a prank.

By: strider_mt2k

strider_mt2k — Thu, 03 Jan 2008 20:20:00 +0000

best not be messin with the 'day.

Happy new year, BTW.

little late no less heartfelt