JM4N.com



| home | blog | articles | linux | docs | man | links | videos | pictures |

Jm4n.com


Home Page for J-Man
J•Man DJ Services can be found Here


Spammers
I hate spammers. I hate spam, and I hate the people who send it. I hate anyone who enables spam; those who run open relays, those who profit from spam, those who patronize the spammers and encourage yet more spam.

But mostly I hate the people actually sending it. These are the people who abuse open relays (a mail server that relays mail from anyone to anyone - a surprisingly common thing). These (the spammers) are the people who forge headers -- what I am currently dealing with.

JM4N.com
A while back, I had to block all but one address at this domain. I have never given out any of these addresses, except to people I know. But simply having posted an address or two here or there on my own web site has proven a bad idea.

So I now only accept incoming mail to a single address. That will change as needed, but now I have a new problem.

My Postmaster@ mailbox -- where bounce messages and other administrative messages are sent -- is getting a ton of bounces, on the order of 200+ per day. Obviously these bounces are not the result of mail I have tried to send.

They are bounced spam messages from someone who is forging their headers. And for whatever reason, they have decided to use jm4n@jm4n.com as the Return-Path header - so bounces come to me.

Though it is against Internet standards, I've been forced to block the Postmaster@ address. Yes, this sucks, because if someone really does need to contact an administrator for any of my domains (me), it isn't as easy as it should be. Note that it's not blocked entirely, rather it goes into a different box that I do periodically scan for relevant messages; but things can and probably do get missed...

How do I prevent this?
Anything you do that helps spammers get ahold of an email address can encourage this type of behavior. You'll receive spam, and you'll find yourself receiving bounced spam -- and even facing termination of your ISP account -- due to your address being falsely used in message headers. Hint: most spam does not come from Hotmail accounts; spammers simply forge the headers to appear that way.

So don't post your email address in the following places:
  • Newsgroups
  • Web sites
  • Monster.com
  • Public message forums
And overall be careful who you give your address to. Always read the privacy policy. Always know what the company plans to do with your information. When you fill out a reply-card, pay a bill, or apply for a credit card, don't provide an email address just because it asks for one.

Fighting Back
I became angry enough to write this first, but once I'm done ranting here I will investigate the headers, and see if there is any way to make the spammer stop. If they are using various open relays, this will prove difficult, but I will try...

Please, do not ever patronize a spammer. Don't buy what they are selling. Don't respond to their inquiries. Don't take their surveys. Don't help them send more spam by running an open relay. Don't encourage them in any way.

The hunt is on... (I'll update this page as I find out more)

Update
The IP that would appear to be the sender was 179.something -- a reserved IP range. In other words, it was spoofed.

See, spoofing an IP can be done quite easily (depending on your ISP; more on that later). The problem is, when you spoof an IP, you don't get responses from the machine you are connecting to (the responses go to the spoofed IP).

This technique is used in DoS attacks (Denial of Service); by requesting information of some sort from a host, and specifying the IP of another (target) host, you cause the first host to DoS attack the second.

When initiating an SMTP conversation (what happens when you send email), specifying a bogus IP means you don't get the responses. However, most SMTP servers follow published standards, and thus you already know what the responses will be.

Using this, spammers can spoof their IP address, and noone knows where the message truly comes from.

ISPs
An ISP can prevent this from happening. By requiring that all outgoing packets have the correct IP address -- or even modifying the packet to include it -- they can prevent such spoof attacks. Unfortunatley most ISPs don't seem to care, or have the technical know-how, to implement this. If the larger ISPs of the world would do this, the spam problem would be greatly reduced...
DJ and Karaoke SoftwareAudio Editing Sofware
| home | blog | articles | linux | docs | man | links | videos | pictures |

© MMII - MMVI Justin Nelson. All Rights Reserved.