http://ask.metafilter.com/4708/Stopping-Spoofing-Spammers/ Comments on Ask MetaFilter post Stopping Spoofing Spammers Sat, 17 Jan 2004 13:10:32 -0800 Sat, 17 Jan 2004 13:10:32 -0800 en-us http://blogs.law.harvard.edu/tech/rss 60 http://ask.metafilter.com/4708/Stopping-Spoofing-Spammers Anyone care to drop some knowledge about stopping spammers from spoofing your address? [more] <br /><br /> So, a company I do consulting work for seems to have a problem with a spammer spoofing their email address in either the "from" or the "reply to" field of their spam, as evidenced by the large amount of bounced mail they seem to be receiving. I'm pretty sure it's not a virus or trojan, as I spent a good amount of time scrubbing their computers for culprits, and have found nothing. What can you do in this situation? If we are able to track them down, could we file in small claims court? post:ask.metafilter.com,2004:site.4708 Sat, 17 Jan 2004 13:00:33 -0800 Hackworth spam spammers firewalls security internetsecurity hacking spoofing phishing zombies http://ask.metafilter.com/4708/Stopping-Spoofing-Spammers#106422 They're probably operating from some east asian country, or from a proxy there. Rather little you can do, but is it a big problem? They usually use addresses at your domain that don't exist, and even if they do, filtering out the spam bounces isn't that hard. Your ISP might get a few abuse reports from misguided people thinking the spam is coming from you, but any halfway competent ISP will see it's just a few spoof headers.<br> <br> In the long run, <a href="http://spf.pobox.com/">SPF</a> might save us all. comment:ask.metafilter.com,2004:site.4708-106422 Sat, 17 Jan 2004 13:10:32 -0800 fvw http://ask.metafilter.com/4708/Stopping-Spoofing-Spammers#106424 It's worth mentioning that there are viruses that spoof your e-mail address from someone else's infected machine--if that machine has your address in its address book, you're fair game.<br> <br> Some of these virus do mashup addresses, such as bobsaccount@alicesdomain.com comment:ask.metafilter.com,2004:site.4708-106424 Sat, 17 Jan 2004 13:16:19 -0800 adamrice http://ask.metafilter.com/4708/Stopping-Spoofing-Spammers#106454 Much of this spam is sent <em>through</em> Asian relays, but that doesn't mean it's coming <em>from</em> Asia. The vast majority of it is originated by one of a fairly small number of U.S.-based spammers. If your client and its problem are both big enough, it may be worth suing them here in the U.S. Check out <a href="http://www.spamhaus.org/rokso/index.lasso" title="The Spamhaus Project's Register of Known Spam Operations">ROSKO</a> for a good source of leads, or search the news.admin.net-abuse.email forum ("nanae") on Usenet (<a href="http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&group=news.admin.net-abuse.email">Google Groups</a> is a good place to search it) for names that appear in the spam.<br> <br> And like <strong>fvw</strong> said, use SPF. comment:ask.metafilter.com,2004:site.4708-106454 Sat, 17 Jan 2004 14:38:34 -0800 Zonker http://ask.metafilter.com/4708/Stopping-Spoofing-Spammers#106456 I was personally surprised to find somebody had done this to my Yahoo Mail account, dumping several hundred rejection notices in my regular inbox and bulk box over a couple days. I notified the authoritative Yahoos (just to make sure they didn't blame me for sending out Paris Hilton Porn Spam) more than a month ago, it went away, and then it has come back in small bunches of 10-25 every few days. If the Yahoos can't (or won't) get a handle on the problem, who will?<br> <br> I'll take some SPF-400 in a cocoa butter base, please... comment:ask.metafilter.com,2004:site.4708-106456 Sat, 17 Jan 2004 14:43:43 -0800 wendell http://ask.metafilter.com/4708/Stopping-Spoofing-Spammers#106678 well, crap. comment:ask.metafilter.com,2004:site.4708-106678 Sun, 18 Jan 2004 11:49:29 -0800 Hackworth