My domain name used by a spammer
June 28, 2006 10:25 PM   Subscribe

An email spammer is using my domain as the from: address for sending out endless amounts of spam. I am receiving all the delivery failure messages in my inbox. I could tell my mail server to dump all unrouted (nonexistent account) mail to /dev/null. Are there any other options?
posted by Argyle to Computers & Internet (16 answers total)
You may find this thread useful.
posted by theantikitty at 10:46 PM on June 28, 2006

It's called a "joe job" and it's relatively common. Really all you can do is ignore it, and if you have the luxury of being able to ignore mail to nonexistant accounts then by all means do so. Other than posting a notice on your website explaining the situation, there is not much else you can do. The NDAs will arrive regardless of any action you take.
posted by Rhomboid at 11:57 PM on June 28, 2006

Er, I meant NDR not NDA.
posted by Rhomboid at 12:01 AM on June 29, 2006

I am constantly joe jobbed, because my email has been out in the open on my site for a long time (which will be remedied shortly). It's annoying, but no more than that, and at least most sys admins are aware that the adresses are faked on the spam they receive. Don't worry about it.
posted by lackutrol at 1:14 AM on June 29, 2006

It's called a "Joe Job", and it sucks. It happens to me *all the time*.

Some clueless admins will even put your domain on a blacklist, "because you are spamming".

There is one thing you can do, though: implement Sender Policy Framework. With SPF you can designate specific smtp servers or networks as permitted to send mail from your domain. It involves adding some txt records in your dns zone. The website I've linked to will explain it all.

Some smaller servers will not use this, so you will still get bounces, but the big mail services (Y, H, G, A) use it. It's -in my experience- one of the more effective ways to stop spam in the long run, because it doesn't involve everyone switching to one system at once to succeed.
posted by lodev at 1:19 AM on June 29, 2006 [1 favorite]

I just set up a rule on my mail server to ditch all delivery failure messages. I never send any serious mail from my domain address (I just use it for communication with friends) so if it failes to deliver, I don't really care all that much. :)
posted by antifuse at 2:25 AM on June 29, 2006

This also happens if you use a generic username like "info". The spammers won't even necessarily scrape your email address from somewhere legit; you'll just start getting 200 bounces a day.
posted by beerbajay at 7:35 AM on June 29, 2006

SPF doesn't stop e-mail spam, even in the long run, for the same reason that nofollow doesn't stop comment spam: spammers don't care about any percentage less than 100%. The amazingly huge number of e-mails they can send out with the press of one button means they aren't crying if they lose 25, 50, even 90% to SPF bounces.

E-mail is broken until they implement a system that requires eveyone switching at once. Sad but true.
posted by deadfather at 7:56 AM on June 29, 2006

Ah yes, the Joe Job. Had that happen to me a few times, and it's even more annoying when they use a real email address (either through coincidence or malice, I don't know). I think you've done everything I would reccomend, but be prepared for some flame emails from people who haven't figured out that it is fake (I had a long discussion with someone who refused to believe it was fake and was threatening to find me and beat me up).

If you regularly send important emails, you might want to send one to your mailing list warning them that this is happeing, and explaining how to tell the real from the spam.
posted by baggers at 8:16 AM on June 29, 2006

deadfather: I explained it badly, because, indeed SPF doesn't stop spam. It did -in my experience- help to somewhat reduce the amount of bounces I receive.

YMMV of course.
posted by lodev at 8:17 AM on June 29, 2006

Sadly, a lot of users out there still don't know much about spam, and we still get complaints about "joe job" email.

One user who received a spam email with a bogus "From:" address with our domain went to the trouble of looking up the sender IP in the headers of the email, visit our website, dig for our contact page to find a real email contact address, and fire off an email about how we should stop spamming him.

I was surprised this person knew how to look for the origin IP in his spam email headers, but didn't bother to look up the IP location itself (it was in France) or knew that spammers NEVER use a real return email address.
posted by jca at 8:45 AM on June 29, 2006

We were getting Joe jobs, and we switched to Postini, and have not had any problems since.
posted by jldindc at 1:30 PM on June 29, 2006

If you don't want to stop using a catchall address, you can set up server-side filters that will catch most bounces that aren't actually addressed to accounts you usually send mail from. That's what I've done. It has to be done with some care, but you can easily throw out spam bounces without affecting legitimate bounces.

What is ironic is that if spammers would just use a null return path on their advertisements, there wouldn't be any bounces. Obviously it's not news that spammers don't much care about the aftermath of their activities, but it's amazing how little "don't much care" really is.
posted by kindall at 1:34 PM on June 29, 2006

Just to be clear, you can never "get rid" of joe jobs, you can just control whether you see all the bounced emails.
posted by jca at 2:11 PM on June 29, 2006

What is ironic is that if spammers would just use a null return path on their advertisements, there wouldn't be any bounces.

It's not really that ironic. If spammers all used null return paths, it would make it very easy to filter out. Those random return email addresses are there for a reason.
posted by antifuse at 6:37 AM on July 3, 2006

If spammers all used null return paths, it would make it very easy to filter out.

Well, no, not really. Lots of legit e-mail has a null return path.
posted by kindall at 12:33 AM on July 4, 2006

« Older xp shutdown / windowsupdate troubleshooting   |   Help me illuminate my little aquatic ecosystem Newer »
This thread is closed to new comments.