Stopping Spoofing Spammers
January 17, 2004 1:00 PM   Subscribe

Anyone care to drop some knowledge about stopping spammers from spoofing your address? [more]

So, a company I do consulting work for seems to have a problem with a spammer spoofing their email address in either the "from" or the "reply to" field of their spam, as evidenced by the large amount of bounced mail they seem to be receiving. I'm pretty sure it's not a virus or trojan, as I spent a good amount of time scrubbing their computers for culprits, and have found nothing. What can you do in this situation? If we are able to track them down, could we file in small claims court?
posted by Hackworth to Computers & Internet (5 answers total)
 
They're probably operating from some east asian country, or from a proxy there. Rather little you can do, but is it a big problem? They usually use addresses at your domain that don't exist, and even if they do, filtering out the spam bounces isn't that hard. Your ISP might get a few abuse reports from misguided people thinking the spam is coming from you, but any halfway competent ISP will see it's just a few spoof headers.

In the long run, SPF might save us all.
posted by fvw at 1:10 PM on January 17, 2004


It's worth mentioning that there are viruses that spoof your e-mail address from someone else's infected machine--if that machine has your address in its address book, you're fair game.

Some of these virus do mashup addresses, such as bobsaccount@alicesdomain.com
posted by adamrice at 1:16 PM on January 17, 2004


Much of this spam is sent through Asian relays, but that doesn't mean it's coming from Asia. The vast majority of it is originated by one of a fairly small number of U.S.-based spammers. If your client and its problem are both big enough, it may be worth suing them here in the U.S. Check out ROSKO for a good source of leads, or search the news.admin.net-abuse.email forum ("nanae") on Usenet (Google Groups is a good place to search it) for names that appear in the spam.

And like fvw said, use SPF.
posted by Zonker at 2:38 PM on January 17, 2004


I was personally surprised to find somebody had done this to my Yahoo Mail account, dumping several hundred rejection notices in my regular inbox and bulk box over a couple days. I notified the authoritative Yahoos (just to make sure they didn't blame me for sending out Paris Hilton Porn Spam) more than a month ago, it went away, and then it has come back in small bunches of 10-25 every few days. If the Yahoos can't (or won't) get a handle on the problem, who will?

I'll take some SPF-400 in a cocoa butter base, please...
posted by wendell at 2:43 PM on January 17, 2004


Response by poster: well, crap.
posted by Hackworth at 11:49 AM on January 18, 2004


« Older Take one step to the left, then two to the right.   |   Will iTunes recognize song titles on CDs? Newer »
This thread is closed to new comments.