Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Abuse of email domain

Status
Not open for further replies.
senseforgreed

senseforgreed

MIS
Joined
Nov 12, 2002
Messages
60
Location
BE
Hi,

Does anybody know if there is a law against abuse of a email domain(or sites where I can find this)? I know it depends on what country you live in but I ain't got a clue where to look for this.
The problem is following: On our Exchange there are always mails arriving for "a_non_employer@ourdomain.com". This is been going on for 2 weeks weeks now but I don't know how to contact this person. He/she probably put "a_non_employer@ourdomain.com" as SMTP reply adress in outlook and my boss doesn't like it a bit...

Thx.
Bart.
 
Sort by date Sort by votes
Are the emails coming from the same source, or varying?

Can you disable the local account? Can you blacklist the sending domain? Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
Look that the source of the e-mails and report the attempted relay to their ISP's abuse team.

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Arrggg!! Can't type!!

Look at the source etc....,

**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Hi,

Thanks for the response.

Newposter, yes, the mails are coming from the same source but there is no local account on our server of this emailaddress. I'am checking out the other links you guys have giving me...

Bart.
 
Upvote 0 Downvote
You got me looking through my mai logs, and I found a couple of attempts every day for the last week or two (maybe longer) to relay through my mail server. They substitute a different username in front of the domain and try to hit an active account. Log says it's from "john@domain.com" and the domain changes with every attempt. Reporting it to the owners of that domain has been futile. However, even though the log doesn't show a successful relay, now my ISP has been doing open relay testing on me. So something is up. I had to perform some drastic security measures on that domain for the time being. Makes me wonder if someone is hitting people who post here. Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
Typical spam. They use a random name at 'domain.com' as if it came from there.
Check the header of the email and look for the originating IP address
Received: from xxxx ( [362.368.363.338])
There may be 2 lines like that in there, one from your ISP and the next from the originator.
Check the IP against the domain.com it is claiming to be.
You can open a command promt and type :

ping domain.com
tracert x.x.x.x

if it is not he same address, it is spam, ignore it, get rid of it, filter it...
But : Don't report or blame the domain.com for it, they have nothing to do with it.
The solution is out there. [morning]
 
Upvote 0 Downvote
This type of thing happens all the time. The other day I put a new mail server in at a company and within two minutes of it going live on the net I had relay attempts going through it. As long as your server isn't open to relay then your ISP should be happy.

Chris. **********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************
 
Upvote 0 Downvote
Open relays are another issue, even worse, you will get blacklisted sooner or later if you have one.
My previous post has nothing to do with that. It is just a spammer (or a worm virus) randomnly 'faking' domain.com, but if you look into the headers you will notice the mail is not coming from that domain.
In case of an open relay, the mail IS coming from that server, but that can then be traced as mentioned above. The solution is out there. [morning]
 
Upvote 0 Downvote
The IP address typically comes back to APNIC or RIPE, with no further definition. It's often from Europe or Asia.

My ISP may not be totally happy that I'm not an open relay. They don't allow mail, FTP or web servers at all. They don't even offer a business package that I can pay for to do this on the up-and-up. So I may get warnings from them and may have to go back to paying for 3rd party hosting. Anyone know of a good, cheap, linux-based hosting company? I used one in RI, but had nasty billing problems that they refused to return messages about. Newposter
"Good judgment comes from experience. Experience comes from bad judgment."
 
Upvote 0 Downvote
My point is exactly that, if the IP is not traceble because of a dialup or something then you will be SURE it is not the IP from the domain.com you it claims to come from.
It does not matter where the real IP does or does not point to, what matter sis to be able to find out if it is or is not really coming from the suspected domain.

for Linux or Win, very fast and decent service The solution is out there. [morning]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bkoopers
  • Locked
  • Question Question
Turning off Tek-Tips email notifications
Replies
0
Views
510
bkoopers
bkoopers
dik
  • Locked
  • Question Question
Deleting Graphics from eMail Signature
Replies
4
Views
786
dik
dik
IcarusHallsorts
  • Locked
  • Question Question
Delaying a batch of emails in Outlook Drafts folder.
Replies
2
Views
966
IcarusHallsorts
IcarusHallsorts
dik
  • Locked
  • Question Question
Expanding eMail Messages in Thunderbird
Replies
2
Views
758
dik
dik
bdeal4122
  • Locked
  • Question Question
Vanishing emails
Replies
4
Views
841
sbcglobaltech
sbcglobaltech

Part and Inventory Search

Sponsor

Back
Top