liv: cast iron sign showing etiolated couple drinking tea together (argument)
[personal profile] liv
So something is sending vast quantities of spam from my email address. Does anyone have any advice?

I have an email address that I use on websites I really don't trust, especially the kind where they are prone to displaying your email address in the clear. And it turns out I was right not to trust them, because some time yesterday evening I started getting absolutely floods (more than a hundred mails per hour) of bounce messages suggesting that this honeytrap email address had been sending out Viagra spam.

I have ended up turning off that email address altogether, because I couldn't cope with that many bounce messages. I only use it for authentication with dodgy websites, and for Facebook notifications. I would prefer FB didn't know my email address at all, and since they must have one, I don't really care whether I receive email notifications when someone tags me or they just randomly decide I haven't interacted with their site in revenue-generating ways recently.

But is there anything else I can do? Firstly to protect myself, and secondly to be socially responsible and prevent people from getting spammed in my name?

I think, but I don't know, that the spam machine is just inserting my email address into the "from" field, it doesn't actually have access to any accounts I own. Is there any way I can verify that this hunch is correct?

Is there any way I can reactivate the email address but not get thousands of bounce messages due to the spam apparently originating from it? Maybe just waiting a while, or is the the address hopelessly contaminated forever? This isn't a high priority, but it would be somewhat convenient to have access to that email address.

If I create a new honeytrap email address, is there any way I can prevent this from happening again? Probably not, but perhaps plus addressing or something similar would work?

Can I do anything at all to stop the spammers? I assume not, because they're not actually sending email from anything I control, just pretending that they're doing so. I'm also a bit scared that this problem may lead to my whole domain getting blacklisted, but again, I may just have to accept that this could happen and probably there isn't anything I can do.

(no subject)

Date: 2017-01-10 09:58 pm (UTC)
ewx: (Default)
From: [personal profile] ewx
There's not really anything you can do to stop this, short of inventing a successful means of preventing spam on a global basis.

Your hunch is probably correct in that they are forging a source address rather doing anything more intrusive. Some of the bounces you're receiving may contain enough information to confirm this.

It will probably stop after a while; it always has done for me.

You can't prevent it happening again.

If you suspect it's connected to exposure of your address to websites then using unique addresses for each website least allows you to filter or disable individual addresses (and identify who's suffered a data breach) without collateral damage (assuming you use a mail provider which supports multiple addresses).

(no subject)

Date: 2017-01-10 10:39 pm (UTC)
emperor: (Default)
From: [personal profile] emperor
[personal profile] ewx is correct, and saved me a bunch of typing :)

(no subject)

Date: 2017-01-11 02:16 am (UTC)
siderea: (Default)
From: [personal profile] siderea
Some of the bounces you're receiving may contain enough information to confirm this.

Yeah. Liv, I'm willing to read your headers for you if you want. If you want, just cut-and-paste one (full headers included) into the DW direct message thingy and send it to me.

(no subject)

Date: 2017-01-10 10:50 pm (UTC)
davidgillon: A pair of crutches, hanging from coat hooks, reflected in a mirror (Default)
From: [personal profile] davidgillon
What a pain! Two thoughts:

Thought the first: Are there any common elements to To, From or Title that would let your email software filter the bounces out to Junk Mail?

Thought the second: Is really just a variation, but are you getting any email to that account that you actually need to see? If not, then you could potentially filter everything to Junk Mail. If all you're interested in are the responses to posts, then changing the address - perhaps adding a numeral, seems like the simplest way to go.

I suspect the spammers will eventually move on, because people will potentially blacklist the account on an individual or corporate basis and it becomes less effective to keep using it. Of course that leaves any blacklisting as a problem, but possibly not as annoying an issue.

(no subject)

Date: 2017-01-11 02:13 am (UTC)
siderea: (Default)
From: [personal profile] siderea
Are there any common elements to To, From or Title that would let your email software filter the bounces out to Junk Mail?

Oh please no. Bounces are about spam, but they are not spam themselves, they are legitimate; if you filter them into any dynamic spam-learning Junk Mail folder, you are training the spam system to think that legitimate bounce messages are spam, and that's bad for us all.

If you're going to filter, filter into a special folder just for this. I have a folder called "joejob" (see Azz's comment for why) and filter suspicious bounces into it for review and then deletion.

(no subject)

Date: 2017-01-11 08:12 am (UTC)
ewx: (Default)
From: [personal profile] ewx
Legitimacy of bounces: up to a point. When MTA operators (either end systems or open relays) produce bounces in situations where a transport-level rejection would have been perfectly practical, and bystanders are deluged with bounced spam as a result, it shouldn't surprise anyone if the rest of the net acts to protect themselves from those MTA operators' negligence.

(no subject)

Date: 2017-01-10 11:36 pm (UTC)
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)
From: [personal profile] azurelunatic
The technical term to research is "joe job"; apparently someone named Joe was involved somewhere in the first documented incidence of this thing happening.

First, is it an email address from a domain that you control? (e.g. if I still had it, from my whatever@azurelunatic.net address, vs. my @gmail)

If it's from a domain you control, there are settings that you can make in the text records of the domain name to make it a less attractive target, and to help validate to mail servers that no, seriously, all this spam isn't coming from you.

If it's *not*, then, alas, nothing really you can do except to filter the bounces as best you can.

(no subject)

Date: 2017-01-11 02:23 am (UTC)
siderea: (Default)
From: [personal profile] siderea
If I create a new honeytrap email address, is there any way I can prevent this from happening again? Probably not, but perhaps plus addressing or something similar would work?

Plus addressing can help, or anything which means different parties have different email addresses for you. But the way it helps is that if your honeypot address gets snagged, you can throw it away and make a new one, and you don't have to update a lot of parties.

IMO, one should not share email addresses among different online apps and social networks and services.

Definitely look into Azz's suggestion about DNS records (SPF) to help with protecting your domain from blacklisting.

(no subject)

Date: 2017-01-11 08:47 am (UTC)
mair_in_grenderich: (Default)
From: [personal profile] mair_in_grenderich
plus addressing is cool, but just be warned that an irritating number of websites will still tell you your address is invalid if you put a + in it, sometimes partway through the process (e.g. let you register with it, but not log on with it).

(no subject)

Date: 2017-01-12 02:57 am (UTC)
siderea: (Default)
From: [personal profile] siderea
Yeah. I managed to create an account and buy at FTD.com with a plus address, but I've never been able to log in since or unsubscribe. I have yet to figure out how to tell them I'd like them to stop sending me emails.
Edited Date: 2017-01-12 03:05 am (UTC)

(no subject)

Date: 2017-01-11 11:00 am (UTC)
jack: (Default)
From: [personal profile] jack
A couple of people suggested this, but just to make it explicit what they were suggesting. Do you automatically get all email to @outgrabe, or do you need to set up addresses individually? If you do just get all of them, you can use "blog_facebook" for facebook and "blog_xxxx" for website xxxx (be it a shopping site, or a newspaper that forces you to subscribe, etc, etc). And you receive them all the same. But if one is deluged like this, you can filter that one out (and know exactly which website leaked, or where it was scraped from).

(And several email services offer a special case where even if you only have one email address, you also receive "youraddress+suffix@domain.com" so you can do this, except obviously many websites reject the +.)

I'm sorry, that's likely already obvious to you, but I realised they hadn't quite explained it so I thought I should check.

(no subject)

Date: 2017-01-11 12:19 pm (UTC)
lovingboth: (Default)
From: [personal profile] lovingboth
When receiving email, Gmail ignores dots to the left of the @, so abc@gmail is the same as ab.c@gmail is the same as a..bc@gmail is the same as...

(no subject)

Date: 2017-01-11 12:17 pm (UTC)
lovingboth: (Default)
From: [personal profile] lovingboth
Given it's a domain you control and not some Yahoo address, SPF and DKIM are your friends when it comes to saying 'this really is genuine mail from this domain'. What server are you using to send? Without DKIM, it's difficult to email places like Yahoo - if only they put as much effort into stopping spammers use them / harvest address books from there as they do in trying to stop people email them.

Greylisting filters out more than 99% of spam for me. The mail server says 'sorry, not ready at the moment' to everyone who's not successfully emailed me before. When they try again after a few minutes, mail is accepted. What makes it work is that real email servers do try again as the rules say that they must, but virtually all spammers don't bother because that would slow down the rate at which they send it.

The problems come when it's somewhere in the middle: a useful address that you don't control being spoofed. I just use Gmail to collect it from the third party server and use its spam filtering.

Filters

Date: 2017-01-11 05:36 pm (UTC)
From: (Anonymous)
I am getting lost in the technicalities. As a moderately experienced layman, lovingboth's suggestions strike me as helpful.

In particular, I am reading lovingboth as suggesting that you use gmail as your honeypot address. I don't like gmail, for the same reasons as you, but I have the impression that their spam filters are good. Also, they claim that they investigate and block these spoofs and highjackings.

As I said, I am verging out of my comfort zone and I am happy to be corrected.

For what it is worth, my only other contribution is to offer you "my heartfelt sympathy".

Southernwood

(no subject)

Date: 2017-01-14 08:19 am (UTC)
monanotlisa: alex and maggie next to each other (Default)
From: [personal profile] monanotlisa
Ugh, none, but I'm keeping my fingers crossed for you.

Soundbite

Miscellaneous. Eclectic. Random. Perhaps markedly literate, or at least suffering from the compulsion to read any text that presents itself, including cereal boxes.

Top topics

April 2017

S M T W T F S
      1
2345 678
9101112131415
161718 19 202122
23 24 2526272829
30      

Expand Cut Tags

No cut tags

Subscription Filters