My Own Website is Sending Me Spam - How Do I Stop it?


Recommended Posts

So, recently my website has been emailing me with messages asking me to download a zip file.

 

One came from admin@mysite,com, another from fax-report@mysite.com - these addresses do not exist.

 

Attachments are: Balance-Sheet.zip and ATT00001

 

My site is a closed website with one index page, no links, no nothing.  I only use it to forward email me@mysite.com to an outlook.com address.  I have set the mail settings to reject all email being sent to other addresses, apart from those I specify.

 

How is whatever it is doing it?

How can I stop it?

 

Thanks

Link to comment
Share on other sites

Hmm, MSE reports no viruses and the hoster would know if there was some sort of infection.

I have opened a support ticket with them but don't know if anyone has any pointers here.  I know emails can be fudged to look like they come from another address, so I presume this is happening here.

Link to comment
Share on other sites

e-mail adresses are easily spoofed, you can do it yourself. 

 

what's happening is that the spam company found your website/domain and used it's domain name to send spam, probably to more people than just you. But it also included one or more catch all addresses in your domain (or you had an easily guessed main address on it) on the spam list it used for sending mail with your spam url.

 

a second alternative is that you're misreading the mail headers and these are actually returned mails because the address is unknown because the spammers is trying to spoof your mail Then they get returned to your server, and your server will dump them in your catch all because it can't find the address.

 

Happens all the time when you own a domain, not much you can do about it. you can disable the catch all, or create a specific spam mail and tell the mail server to put all the catch all mails in that. If the actually found/guess your actual mail and is sending spam directly to that, then there's not much you can do. something you just have to live with when owning a domain. 

Link to comment
Share on other sites

Change the password.

Link to comment
Share on other sites

Depends on what you have as an MTA and how it is configured to handle SPAM. The most straight forward solution is to implement SPF/Domain Keys to make it easier for your anti-spam engine to pick it up and block it.

 

http://en.wikipedia.org/wiki/Sender_Policy_Framework

Link to comment
Share on other sites

Hmm, MSE reports no viruses

 

Said ----- Everyone ---- Ever!

 

You are in serious need of a second opinion.

 

But like others have said, its trivial to spoof an email address.

Link to comment
Share on other sites

Depends on what you have as an MTA and how it is configured to handle SPAM. The most straight forward solution is to implement SPF/Domain Keys to make it easier for your anti-spam engine to pick it up and block it.

 

http://en.wikipedia.org/wiki/Sender_Policy_Framework

 

This. Ask your webhost to set up SPF for your domain. They should be able to do that and it helps email providers to filter them out as spam without affecting genuine emails.

Link to comment
Share on other sites

Used to be a common issue for me until I signed up for a whois guard service on a different domain name (emails from admin@myregistereddomain.com etc to my gmail account that was in the WHOIS info).

I still get crap in my catch-all, but that's to be expected.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.