liv: cast iron sign showing etiolated couple drinking tea together (argument)
[personal profile] liv
So something is sending vast quantities of spam from my email address. Does anyone have any advice?

I have an email address that I use on websites I really don't trust, especially the kind where they are prone to displaying your email address in the clear. And it turns out I was right not to trust them, because some time yesterday evening I started getting absolutely floods (more than a hundred mails per hour) of bounce messages suggesting that this honeytrap email address had been sending out Viagra spam.

I have ended up turning off that email address altogether, because I couldn't cope with that many bounce messages. I only use it for authentication with dodgy websites, and for Facebook notifications. I would prefer FB didn't know my email address at all, and since they must have one, I don't really care whether I receive email notifications when someone tags me or they just randomly decide I haven't interacted with their site in revenue-generating ways recently.

But is there anything else I can do? Firstly to protect myself, and secondly to be socially responsible and prevent people from getting spammed in my name?

I think, but I don't know, that the spam machine is just inserting my email address into the "from" field, it doesn't actually have access to any accounts I own. Is there any way I can verify that this hunch is correct?

Is there any way I can reactivate the email address but not get thousands of bounce messages due to the spam apparently originating from it? Maybe just waiting a while, or is the the address hopelessly contaminated forever? This isn't a high priority, but it would be somewhat convenient to have access to that email address.

If I create a new honeytrap email address, is there any way I can prevent this from happening again? Probably not, but perhaps plus addressing or something similar would work?

Can I do anything at all to stop the spammers? I assume not, because they're not actually sending email from anything I control, just pretending that they're doing so. I'm also a bit scared that this problem may lead to my whole domain getting blacklisted, but again, I may just have to accept that this could happen and probably there isn't anything I can do.

(no subject)

Date: 2017-01-10 11:36 pm (UTC)
azurelunatic: A glittery black pin badge with a blue holographic star in the middle. (Default)
From: [personal profile] azurelunatic
The technical term to research is "joe job"; apparently someone named Joe was involved somewhere in the first documented incidence of this thing happening.

First, is it an email address from a domain that you control? (e.g. if I still had it, from my whatever@azurelunatic.net address, vs. my @gmail)

If it's from a domain you control, there are settings that you can make in the text records of the domain name to make it a less attractive target, and to help validate to mail servers that no, seriously, all this spam isn't coming from you.

If it's *not*, then, alas, nothing really you can do except to filter the bounces as best you can.

Soundbite

Miscellaneous. Eclectic. Random. Perhaps markedly literate, or at least suffering from the compulsion to read any text that presents itself, including cereal boxes.

Page Summary

Top topics

September 2017

S M T W T F S
     12
345 6789
10111213141516
17 181920212223
24252627282930

Expand Cut Tags

No cut tags

Subscription Filters