We're Not Spammers, Honest
September 14, 2013 4:46 PM Subscribe
My company's email domain has apparently been triggering spam-blocking filters at other companies sporadically for the last several months. We're not in the habit of sending out spam emails, so I need to find a way to uncover where any spam is coming from, stop it, and get ourselves off of whatever blacklists we're on (preferably without paying unreasonable ransoms for the privilege).
posted by Starling to computers & internet (9 answers total) 4 users marked this as a favorite
We only really know about this because every once in a while someone will get a failure notice when they try to send an email to a customer or vendor. My Google searching has uncovered this whole blacklist business, so I guess that's what's going on. The thing is, I have no reason to believe that any of our employees are sending out spam, and I haven't figured out any way to locate any rogue spambot activity that might be using our domain to send junk out (or make it look like it's coming from us).
The only other issue we've had like this was a couple of months ago when we started getting error messages telling us that we'd gone over the limit of 150 sent messages in an hour. Obviously my first thought was a hacked email account, but nobody reported anything abnormal with their respective accounts. (It is possible, though, that a dormant account belonging to a former employee might have somehow been compromised.) Around the same time, two people got a rash of spam emails that looked like failure notices for bounced messages originally sent from their accounts, but with spam links scattered through the body text. There was nothing in the Sent folders to indicate that the account had actually sent the original spam. I assumed at the time that it was just junk designed to look like bounced emails to freak the target out. The flood of failure notices stopped after we changed the passwords on those two email accounts, and we haven't had the 150-messages error since then.
Our hosting company has told me that they don't have a way for the domain owner to monitor email traffic in and out, so I can't just go to an admin console somewhere and look for abnormal activity. I could add every email address on the domain to my Thunderbird to check their Sent folders, but that's obviously tedious and there's no guarantee that anything would be showing up in the Sent folders.
So questions: Could someone have hijacked our email domain to send out spam mail, whether directly or using some kind of mirror/spoofing/hax? How can I find out what's going on given the above constraints? And can anyone tell me more about these spam blacklists, which look an awful lot to me like scams when they make you pay them to remove your domain?
Oh hey, and I also literally just learned that SMTP port 25 is blocked by many ISPs, and of course that's what we've been using by default. So could that be getting us blocked whether or not there's any actual spam going on?