WTF..Someone's using my domain name to send spam!!!!

[amber438]

I've been out of town for a few days on biz and I come back to a SHIT LOAD of mailer demon delivery failure messages using my domain name red-hot-links.com like this..
(don't know if it's a virus or the real spam thing)

copy below

Message from yahoo.com.
Unable to deliver message to the following address(es).

(a bazillion yahoo email address listed here)

--- Original message follows.

X-YahooFilteredBulk: 66.214.210.60
Return-Path: <wgafujr@red-hot-links.com>
Received: from 66.214.210.60 (EHLO mail.mzchjfzggpkakkpmw.com) (66.214.210.60)
by mta233.mail.scd.yahoo.com with SMTP; Mon, 10 Nov 2003 22:40:27 -0800
To: <ecs5782@juno.com>
From: "Jay" <wgafujr@red-hot-links.com>
Subject: Get"" "their""Passwd. .zqadhsqk zlmtyhiikknulpbnttp
Date: Tue, 11 Nov 2003 01:40:28 -0500
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 5
X-MSMail-Priority: Low
X-Mailer: Microsoft Outlook, Build 10.0.2616
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300

<HTML><!-- z gyxzxkttj q--><FONT SIZE=3D2 PTSIZE=3D10><!-- e xuqos mysyj --=
>uqvupkkzq eitmwpurqq eonzibntqsq eiyizcmq egfounq epdaztpzu<BR>
cmcq eacnemclq ekwlq ezdvwamwxgqq enaq eakout<BR>
dbq enxgngq eikq eoltq evktimq enpjbc<BR>
fmxtacq ejxrq epyq ehpxqxxfpuq eesradullbq ekmlkp<BR>
bzmxpgq etudiq eekwq evnsbraqpxgq ejapzq eceu<BR>
zqqzq ezbgsq eysfkoualq emlsgbttq ezsycuq elhutwgmttp<BR> mrqfbosbuq esnmpgupq eakhnmq eqyzkyxyltgq etmrqzmohtq ecw<BR> ucsmawq ekokxq ejgaupgfmwq ehmopewsq efadutzqlq ebnqo<BR>
</FONT><!-- d bnnjczba dayvgtuy dpskvfp--><FONT COLOR=3D"#0000ff" BACK=3D"= #ffffff" style=3D"BACKGROUND-COLOR: #ffffff" SIZE=3D7 PTSIZE=3D36 FAMILY=3D"= SANSSERIF" FACE=3D"Arial" LANG=3D"0"><!-- c bcfgv pkbyx nwgdj lk--><A HREF==
"http://200.206.191.202/PASS/?hhafoerst"><!-- r lmppk pxnvt vlvow yibfz xun=
o-->Steal Passwords!</A><!-- k ghbsnh --><BR>
</FONT><!-- m eflhsyal vjyyoqdp qbqzwox--><FONT COLOR=3D"#000000" BACK=3D"= #ffffff" style=3D"BACKGROUND-COLOR: #ffffff" SIZE=3D2 PTSIZE=3D10 FAMILY=3D"= SANSSERIF" FACE=3D"Arial" LANG=3D"0"><!-- e elce-->ujpaolyjaq ehcujqq eqwxi= zqfcq edvq etpzmq evwpl<BR> ftqouawbeq ejdqkvq enhvyuciq ezkjqubaptyq eefq esdczt<BR> ijxzjjomq eywysozdjuq ezwzq etirekcmzeyq eqhtqoq eyz<BR> ytmsiyq eztsznq ezaq exahxmgq eptlrqvxihq exaiqjui<BR> vwrgq egfmnsslwmq earavokruwwq eouiaddq eocq ewojxg<BR> bhmngq evtknngq ebqkgmxrdglq eidnhdq epnxsahfemq ewfd<BR> bsexfvq elwdq eorfq ewyadqjbkqkq eewedq ejs<BR> koroxmahloq eazq efyucnremq erljaq etcnbycklq epst<BR> <A HREF=3D"http://200.206.191.202/m/?huwtkttcy"><!-- y dkbjljc-->no more</A=
><!-- q ixgtbhk--><BR>
fwmxodkq ecfialojq epboq eblvjaaiwq epjecq elhg<BR>
fkuwqohoxlq eoilsbsvlmq erpdswyq epjlspq egiq eeoqh<BR>
xaq eovpflbecq etuq ewfvobctq ekfojhq eqa<BR>
ilbyggmbprq eaftufq etbwxqyvrreq eazhiedpinoq eyqjxjgqpiq ekimphmmuz<BR> bajqisaq ernrddwlq eaiwyrlcvq evtq elpfukq eubjjiy<BR> balzxnxyq eugkq elsnzq etbpfxgmguoq epqq ecvjhobhqha<BR> eeuycq exivdjq evkbpyxrtjq ebrfchaq eywxxxpecrbq eocvogllgs<BR> bswkq ekgqq eidmmwyq evqwq eilfmviq eeqjba</FONT><!-- u oiarnxjq otkvngw-->=
</HTML><!-- m kofug darb-->



*** MESSAGE TRUNCATED ***

I started contacting the domains they are coming from but wtf!! is there anything else I can do??

[Greenguy]

I woke up this morning to the same problem with one of my domain names

A buddy of mine had this same problem, but the really bad thing was that the sender was spamming ads for CP - he had the FBI knocking on his door a few days later & they took both his computers for a few days. He got them back, intact with nothing wrong or missing, but how hard would it have been for them to look at the source of the emails & see it was not coming from his ISP or POP account?

Just goes to show you that one asshole that you've probably never heard of can almost ruin your life

[doublep]

*A buddy of mine had this same problem, but the really bad thing was that the sender was spamming ads for CP

Fucking outrageous!!!!

Amber - hope you get it sorted - similar thing happened to me a bit back - all I could do was email the people and tell then it was nothing to do with me at all - I never did find out who the culprit was

[RawAlex]

Amber, I have been getting it since last night on about 200 different domains... I have well more than 1000 bounce notices, beyond the ones already deleted and such.

It sucks.

The spam is being bounced off of a DSL modem in Brazil. Then it ends up at:

http://sf1000.registeredsite.com/~us...ASS/index.html
This is the destination URL for that spam, which is hosting by registeredsite.com in Atlanta. I suggest a phone call to them to remind them how much you hate being at the end of a joe-job.

Alex

[JanTM]

It seems some spamming jerk set up his own email server and spammed the shit out of Yahoo using a bogus email @booballistics.com. So now I get all the delivery failure notices... and there are a lot of them

Just thought I'd mention it before I was hung out to dry as a spammer |goodnight

[baddog]

happens all the time, anyone with a lick of sense will know it did not originate from you

[Ramster]

Holy shit!

Took his computers? That's fucked up. I too had the same problem today with the Auto Response saying something like you spammers have emailed me for the last time. This shit is just not cool.

The only good thing is the email was from a domain I do not have an outgoing alias for so if checked with my host, they can confirm that.

[JanTM]

Its the first time it has happened to me so I was naturally a little confused when all the failure notice mails started to pour in

[natalie]

Hey guys, this problem can occur from a bot using your cgi mail program. If you look through your server stats you may find it and be able to prevent it. It could be in /cgi-bin/formail.pl or something similiar or in cgi/sys a server one that you can't access. If its in your server one then you can contact them to sort it out.
I don't know much about it, just that punaniman (my long suffering other half) had this happen to a client. Someone here should know more.

[DangerDave]

Happens to me regularly.. amber438 Check with your host.. they should be able to deal with it..

DD

[darksoft]

Happened to me too. A quick check at the headers shows that the asshat is only using bogus email addresses with my domain in the from line... looking at the origination shows it to not be my IP address, as I knew it wouldn't be.

[amber438]

yeah..he's using bogus email addresses with my domain name in them..like joeblow at red-hot-links.com
I have been trying to sort out who they are coming from and emailing the hosts with the ip addresses..this really sucks big time..
I have one email account with my host and anything coming to the rest gets forwarded to that..and it's not the red hot links domain

I wish I knew how to stop it and skin this jerk(s) alive

[Snowone]

Aren't spammers wonderful!

You can pretty much filter the bounces to a trash folder. However watch your mail admin address for idiot postmasters/sleuths that can't figure out from the header that the from address was forged.

You also should separate your postmaster account from your normal email account. someday some loser will buy a bad list and use your domain as the return. And you'll get to deal with the 20,000 to 30,000 bounced emails per day...

[urb]

One thing I've noticed when this happens is that the spammer uses a randomly generated email address.... like

rob7392hd@yourdomain.net

so a good way to bounce those pesky undelivered notices is to switch off the catch all feature on your email admin. Then specify the email addresses you actually use like info@ sales@ and allow these to be delivered .... all the rest should bounce back.

[DistantD]

Wow! I thought I was the only one getting this! I got back from a road-trip last night and see hundreds of "Delivery Failure" emails coming in....
Amber, it's even the same "Jay" random@mydomain.com crap email.

I've been talking to my host but they don't seem to know what I'm talking about. At first, they thought I was getting too much spam...

If you turn of the catch-all, what happens to the emails? Do they go to a black-hole? Or do they get returned to the sender?


DistantD
www.distantdoor.com

[urb]

Return to sender. But then at least I don't see 'em.

[amber438]

Interesting ..I emailed road runner with the ip address(had quite a few from RR)....and the host in sweden of the place place they were spamming for..all emails stopped yesterday..