liv: cast iron sign showing etiolated couple drinking tea together (argument)
[personal profile] liv
So something is sending vast quantities of spam from my email address. Does anyone have any advice?

I have an email address that I use on websites I really don't trust, especially the kind where they are prone to displaying your email address in the clear. And it turns out I was right not to trust them, because some time yesterday evening I started getting absolutely floods (more than a hundred mails per hour) of bounce messages suggesting that this honeytrap email address had been sending out Viagra spam.

I have ended up turning off that email address altogether, because I couldn't cope with that many bounce messages. I only use it for authentication with dodgy websites, and for Facebook notifications. I would prefer FB didn't know my email address at all, and since they must have one, I don't really care whether I receive email notifications when someone tags me or they just randomly decide I haven't interacted with their site in revenue-generating ways recently.

But is there anything else I can do? Firstly to protect myself, and secondly to be socially responsible and prevent people from getting spammed in my name?

I think, but I don't know, that the spam machine is just inserting my email address into the "from" field, it doesn't actually have access to any accounts I own. Is there any way I can verify that this hunch is correct?

Is there any way I can reactivate the email address but not get thousands of bounce messages due to the spam apparently originating from it? Maybe just waiting a while, or is the the address hopelessly contaminated forever? This isn't a high priority, but it would be somewhat convenient to have access to that email address.

If I create a new honeytrap email address, is there any way I can prevent this from happening again? Probably not, but perhaps plus addressing or something similar would work?

Can I do anything at all to stop the spammers? I assume not, because they're not actually sending email from anything I control, just pretending that they're doing so. I'm also a bit scared that this problem may lead to my whole domain getting blacklisted, but again, I may just have to accept that this could happen and probably there isn't anything I can do.

(no subject)

Date: 2017-01-11 12:17 pm (UTC)
lovingboth: (Default)
From: [personal profile] lovingboth
Given it's a domain you control and not some Yahoo address, SPF and DKIM are your friends when it comes to saying 'this really is genuine mail from this domain'. What server are you using to send? Without DKIM, it's difficult to email places like Yahoo - if only they put as much effort into stopping spammers use them / harvest address books from there as they do in trying to stop people email them.

Greylisting filters out more than 99% of spam for me. The mail server says 'sorry, not ready at the moment' to everyone who's not successfully emailed me before. When they try again after a few minutes, mail is accepted. What makes it work is that real email servers do try again as the rules say that they must, but virtually all spammers don't bother because that would slow down the rate at which they send it.

The problems come when it's somewhere in the middle: a useful address that you don't control being spoofed. I just use Gmail to collect it from the third party server and use its spam filtering.


Date: 2017-01-11 05:36 pm (UTC)
From: (Anonymous)
I am getting lost in the technicalities. As a moderately experienced layman, lovingboth's suggestions strike me as helpful.

In particular, I am reading lovingboth as suggesting that you use gmail as your honeypot address. I don't like gmail, for the same reasons as you, but I have the impression that their spam filters are good. Also, they claim that they investigate and block these spoofs and highjackings.

As I said, I am verging out of my comfort zone and I am happy to be corrected.

For what it is worth, my only other contribution is to offer you "my heartfelt sympathy".



Miscellaneous. Eclectic. Random. Perhaps markedly literate, or at least suffering from the compulsion to read any text that presents itself, including cereal boxes.

Page Summary

Top topics

September 2017

345 6789
17 181920212223

Expand Cut Tags

No cut tags

Subscription Filters