PDA

View Full Version : Email spoofer



daveshore
10-08-2006, 12:56 PM
I know this is not related to blue voda or vodahost, but I am desperately trying to find someone who can tell me how to identify and stop an email spoofer. Someone out there, for whatever reason, has hijacked my email address and has been sending out a bulk email using it as the "return address". As a result over the last 36 hours I have received over 3,000 (yes, three thousand) mail delivery failure messages!! I have tried to reader the mail headers, but I think this person is very cleverly covering their tracks.

Please if anyone of you can help I would be eternally grateful.

Regards,
Dave Shore
www.bettingfromhome.com (http://www.bettingfromhome.com)

VodaHost
10-08-2006, 07:44 PM
I hate to say this but there is nothing you can do, spoofing email is very easy…
you can set up your outlook show the reply address as ????@vodahost.com it
will take you two seconds.

Youu can send out all the email you want and fake our address...(We would cancel your account)

VodaHost
10-08-2006, 07:44 PM
moving to email section.

daveshore
10-08-2006, 09:36 PM
Thanks for the reply - wasn't sure which section to post in originally. I had a feeling that was the case. Now coming in at the rate of 1-2 per minute. Will be up all night (for the 2nd night) keeping my inbox on my ISP down so I don't end up with a full box!! Tomorrow it will be acquire a new email address from my ISP and then try to remember to tell everyone that I need to.............

OK, so if you get spoofed as I just did this weekend, it seems that you can "ride the storm" providing you are vigilent and prepared to empty your ISP Inbox every 2 to 3 hours as I have just done over the last 48 hours (yes, even through the night!). I conservatively estimate that I had to delete over 5000 (five thousand) "mail delivery failure" type messages in that time. At its peak there were 4 or 5 emails coming in every minute!! However after 48 hours I am now down to just a trickle of 2 or 3 an hour. Clearly the only objective of the spoofer was to fill, and therefore ultimately disable my email address for whatever perverse reason they might have had!!

Anyway, so far, I appear to have survived with my email address and account still intact. However I now need a good nights sleep!!!

Regards,
Dave
www.bettingfromhome.com (http://www.bettingfromhome.com)

davidundalicia
10-09-2006, 02:18 PM
dave, why not try Navals new advanced bluevoda forms processor.
this has security checks that may be of help to you.........

Mook25
10-09-2006, 02:34 PM
You could set a rule on your inbox which will move the emails which have 'delivery failure' in their title to your bulk folder. That way all you have to do is press 'ctrl a' within you bulk folder and then hit delete. HTH

daveshore
10-09-2006, 07:49 PM
Hi folks,

Thanks for the suggestions. However either way your solutions still require you to download your emails from your ISP in order to take the action of trashing them. This is where the spoofer tries to "kill" you because they overload your ISP inbox before you can get to clear the "junk" out.

I tried setting a rule to discard all the incoming addresses related to the spoof email, until I realised all that was doing was moving them from my inbox to the trash box, so I was still filling my allocated ISP email space!!

Spoofers are a big problem and I pray and hope that none of you ever get spoofed, it is not a pleasant experience but at least, for now, I can say I beat the spoofer............

Take care my friends,
Dave

VodaHost
10-09-2006, 08:52 PM
wht is the return address he is sending them to?

VodaHost
10-09-2006, 08:54 PM
What is he spamming.????..Any contact details in the spam?
We cant even block the IP, because it is not coming form his
one single IP, it is being redirected from the IP of the reciever.
This would meanblocking thousands of IP addresses.

daveshore
10-11-2006, 02:39 PM
Seems this spammer (or spoofer) certainly knows their stuff when it comes to hiding their tracks. I have spent ages researching to try to find out how to track the culprit down. From analysing the header information I can now establish the spoofer knows how to forge header information. Even when you work out which "received from" is the originators it tends to just say "unknown" and if there is an IP address these are just the global ones from organisations such as RIPE - and if you contact them they won't even tell you who has the IP range involved!! This probably explains why you would not be able to block the IP addresses.

As for clues based on contact; well the original batch reported here was an english/american style email and was the same email in all 6000+ return messages. However, just when I thought I'd beaten him he started again yesterday morning this time with an email in Russian (I think). I then redirected all my voda site email addresses to another ISP I occasionaly use so as to seperate the spoof (as much as possible) from the real emails. This time, thankfully, appears to have only been a 24 hour attack involving around 2000+ emails.

I have now reverted my voda site emails back to my original address so we will see what happens now!!

One lesson I have learned from this is that is is useful to have a backup email address through a different ISP than your main 1. Then use one of your web site email addresses (so I now will look to use dave@daveshoreconsulting.com) and then if you get this type of problem you can go in through the Control Panel and change your Forwarders to the back up address until the dust settles (hopefully). That said you need to also establish from your ISP at what capacity level they start to reject emails, and not knowing that is why I got up every 3 hours during the night to clear my inbox!!

This is a big problem, and I think the person that can find a solution to this will be a millionaire overnight! I'm working on it............

Regards,
Dave

metaldoc
10-11-2006, 04:03 PM
Good luck with the solution, I had a similar problem but mine was easy to fix as I could set a rule with my provider and divert them to trash where they were immediately deleted. I am sure the culprit can be tracked by the right authorities but they probably won't bother unless it was a major organisation or national security issue.

LadyEye
10-11-2006, 06:06 PM
http://www.dynamicdrive.com/emailriddler/

The above is a link, provided by Naval Design as well ... this link takes you to a place you can encrypt your email and the spammers cannot get it, this was easier for me for my site than the forms he also provides.

I had a few different emails on my site in a ton of places, I still today am changing them..

I had this happen to me, not to your extent, but I attributed it to the fact that spammers are getting my email addys off my site, and are trying to send me spam, my emails all have auto responders, so when my auto responder sends an email back to them, well of course, the email won't go, therefore I was getting bounced messages that my mail could not be delivered.

I am hoping my problem will be corrected - one spam place which is stock news, sends from 69stocknews.com 88stocknews.com 44stocknews.com and so on .... an endless amount of numbers ...

I am hoping this will correct my situation, failing short of getting a new email address as well ....

It is a cruel world, without a doubt.

daveshore
10-11-2006, 06:22 PM
Thanks to Metaldoc & LadyEye for your support and advice.

If there is one thing for sure it is that this forum is a great place to get support in a time of crisis!! I'm currently praying that I have weathered the storm, but I think tonight will be the tester as I have not had 2 consecutive nights without being attacked since Friday last. There is still a trickle of mail delivery failure messages coming in, but I am now down to around 20 in the day and not the 6 per minute at its peak!!

I guess the other frightening thought is, how many emails reached a valid email address? I know that some must have because I also got a number of "out of office" replies!!

Regards,
Dave