Completely OT Spam Attack?

Checked my e-mail when I got in & received 300 + messages, most of which were dumped by Norton into the Spam folder.
Apart from the usual 'increase the size of your willy' & 'we need your bank details' Spam the majority were some form of message delivery failure, a few were failures to postings on yahoo groups.
About half were apparently messages from my blueyonder address & the rest from weird names @medwayhandyman. Some were 'I'm out of the office' auto replies. None of the apparent failures are names in my address book.
Any idea whats going on here?
Can I limit the xxx@medwayhandyman variations?
--
Dave - The Medway Handyman
www.medwayhandyman.co.uk
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
then you need to ensure that your email-catch-all is turned off. I hope your hosting company have an easily navigable email management system.
Have a look at http://www.spamcop.net I'm not afiliated to this company in any way other than being a satisfied customer. Reporting spam is free and just requires registration. There's some satisfaction in having spammers reported and the sites that they promote shut down.
Regards Stuart
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

The good news is that these 'attacks' (which are not directed at you btw, just using your domain as a sending address) almost always die down quite quickly. It's not in the spammers interest to keep using the same sending domain as this will quickly be added to the recipients blocked lists. I usually say to customers that at worst it could last a couple of weeks, but often it's only a few days. If it's really bad (and 300+ rejections is not really bad) then the domain can end up on some of the black lists operated by the spam cleaning companies. You'll know this has happened if your emails start getting bounced.
All spam is a pain in the a**se but I tend to regard anything below a couple of hundred a day as fairly light. Worst I've seen to date is 81,000 in one weekend - and at that stage you just bin the domain and start again.
Simon
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Before I started living behind several layers of antispam, I was getting several thousand an hour.
We reject some 12,000,000 a day at work.
--
"Be thankful that you have a life, and forsake your vain
and presumptuous desire for a second one."
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 8 Nov 2007 16:11:38 GMT someone who may be Huge

I'm entirely in agreement with you about this.
--
David Hansen, Edinburgh
I will *always* explain revoked encryption keys, unless RIP prevents me
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
The Medway Handyman wrote:

It's just some spammer using your address in the from field to disguise the messages true origin. Some are being bounced back because the mail address they were sent to does not exist, other have got through but have auto-generated an out of office reply. There is not much you can do about it, what you are seeing is the part of the spam run that didn't get through, the rest will probably have gone into someones junk filter and been ignored.
--
djc

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Wed, 07 Nov 2007 18:55:46 +0000, The Medway Handyman wrote:
What i do is filter the genuine name@mydomain mails into appropriate folders and then put everything else into a junk folder, which I occasionally examine to make sure my filtering is working ok.
FWIW I'm using mozilla mail.
--
John Stumbles

The floggings will continue until morale improves
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
John Stumbles wrote:

I pay my ISP (Clara) ~£20 a year to filter it out for me. What's spam?
Owain
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

.... comes with chips, eggs and more spam.
Bloody Vikings.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I do hope you are talking about at least two domains for that price
--
geoff

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
geoff wrote:

Clara are not cheap,but mostly everything works, especially the news server, and they don't tie you up with many restrictions.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
geoff wrote:

Three, actually.
Owain
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Owain wrote:

I filter my own email locally using POPfile - works very well, with well over 99% accuracy - however, I do still scan quickly down the spam folder evry week just to check for anything tagged in error - just occasionally I get one.
My concern with letting the ISP filter my spam is that how do they know better than me which is spam and which isn't? Isn't there a reasonable risk of losing genuine mails for good that way?
David
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

There's a small risk. Demon use Brightmail which works by having dummy mailboxes which have *never* been used to send mail. The addresses are leaked to the spammers and any mail received by these boxes is spam. A hash generated from these mails is then used to flag similar mail received by Brightmail's customers.
--
"Be thankful that you have a life, and forsake your vain
and presumptuous desire for a second one."
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Lobster wrote:

In my case (claranet) I control my own spam filters.
The point being that if they are at the ISP site you don't download the stuff and then reject it.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
The Medway Handyman wrote:

Someone has been using your addresses to SEND messages AS.
To get around the 'its not valid sender so reject it' spam filters.
Depending on your ISP's mail thing, you may be able to configure your mail server to only respond to ONE address at your domain.
That will shut off the flow
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
variations?
We have but that is something I sub out to one of my ISPs - a bloke called Dave - and we run an email server. He also runs software that stops most of the spam at the servers. Having taken over a number of domains whose previous owners did not know how to create an email link that would not be picked up by robots, 300 spam emails a day would have been a quite day before Dave got to work.
Colin Bignell
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
nightjar <cpb@ wrote:

My address has also been cloned, not a problem from the point of view of what I receive. The big problem is that I have been blocked by addresses to which I wish to send, now that is a pain. I've set up a Yahoo mail address to send to those, so I can still keep in touch, but what a pain in the derrire.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Do systems really still block based on sender addresses? For exactly the reasons discussed this is a foolish method given the amount of forged mail out there - it was acceptable in the '80s but not these days. Are you sure its your address that's being blocked and not some other element (e.g. the mail server you're sending via etc) of your mail?
Mathew
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Mathew Newton wrote:

Yes.
Or to be precise, many block on lack of valid sender address, which is why spammers are using the OPs.
For exactly

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.