Spoofing

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

I work for a small 3-5 person company and am basically the IT department here.  At the beginning of this month something peculiar happened.  Our domain was "hijacked".  I started getting all these spam messages bounced back to me that were rejected from various spam firewalls.  They were using our domain and making up e-mail addresses that weren't any of ours.  It lasted for about four hours tapered off and then stopped.

I reported it and got this from our host:
"The following is a desription of spoofing:
What happens is a person just selects a random e-mail message and captures the from address and sometimes the subject line and pastes it to a message. This provides a normal looking address that a user might be more inclined to open up and read. The bad guy sends this out to 1000 people and some of those addresses are bad. They bounce back to you as being invalid. The spammer captures a different from address and the cycle starts again. There is really not much we can do. You could get the IP address from the header information and contact the ISP that supports the spammer and notify them of the abuse. The problem with that is we can no longer trust the information supplied in the headers to be accurate."

Anyone with their own domain have this happen to you?

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Slartibartfast Members Profile Send Private Message Find Members Posts Add to Buddy List Reviewer page Collaborator Honorary Collaborator / In Memoriam Joined: April 29 2006 Location: Atlantais Status: Offline Points: 29630	Topic: Spoofing Posted: November 28 2007 at 16:39
	I work for a small 3-5 person company and am basically the IT department here. At the beginning of this month something peculiar happened. Our domain was "hijacked". I started getting all these spam messages bounced back to me that were rejected from various spam firewalls. They were using our domain and making up e-mail addresses that weren't any of ours. It lasted for about four hours tapered off and then stopped. I reported it and got this from our host: "The following is a desription of spoofing: What happens is a person just selects a random e-mail message and captures the from address and sometimes the subject line and pastes it to a message. This provides a normal looking address that a user might be more inclined to open up and read. The bad guy sends this out to 1000 people and some of those addresses are bad. They bounce back to you as being invalid. The spammer captures a different from address and the cycle starts again. There is really not much we can do. You could get the IP address from the header information and contact the ISP that supports the spammer and notify them of the abuse. The problem with that is we can no longer trust the information supplied in the headers to be accurate." Anyone with their own domain have this happen to you?
	Released date are often when it it impacted you but recorded dates are when it really happened...

Angelo Members Profile Send Private Message Find Members Posts Add to Buddy List Reviewer page Special Collaborator Honorary Collaborator / Retired Admin Joined: May 07 2006 Location: Italy Status: Offline Points: 13244	Posted: November 28 2007 at 16:58
	Never came across it at my domain, but I know it's possible. Pretty sh*tty...
	ISKC Rock Radio I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected]

Easy Livin Members Profile Send Private Message Find Members Posts Add to Buddy List Reviewer page Special Collaborator Honorary Collaborator / Retired Admin Joined: February 21 2004 Location: Scotland Status: Offline Points: 15585	Posted: November 28 2007 at 17:11
	I seem to remember it being a big problem a couple of years ago, especially in conjunction with a virus, but I thought steps had been taken since to address it. Looks like that may not be the case.