Sir Topham Hatt Posted April 24, 2014 Share Posted April 24, 2014 So, recently my website has been emailing me with messages asking me to download a zip file. One came from admin@mysite,com, another from fax-report@mysite.com - these addresses do not exist. Attachments are: Balance-Sheet.zip and ATT00001 My site is a closed website with one index page, no links, no nothing. I only use it to forward email me@mysite.com to an outlook.com address. I have set the mail settings to reject all email being sent to other addresses, apart from those I specify. How is whatever it is doing it? How can I stop it? Thanks Link to comment Share on other sites More sharing options...
Juguard Posted April 24, 2014 Share Posted April 24, 2014 Virus on your computer? Your email got compromised, and its used by spammers. Or your website got compromised. Link to comment Share on other sites More sharing options...
Sir Topham Hatt Posted April 24, 2014 Author Share Posted April 24, 2014 Hmm, MSE reports no viruses and the hoster would know if there was some sort of infection. I have opened a support ticket with them but don't know if anyone has any pointers here. I know emails can be fudged to look like they come from another address, so I presume this is happening here. Link to comment Share on other sites More sharing options...
Juguard Posted April 24, 2014 Share Posted April 24, 2014 Try doing a scan with https://www.malwarebytes.org/ and http://usa.kaspersky.com/downloads/TDSSKiller Also, I would get a premium anti-virus, something like Kapserksy, or Nod32. ... Don't change password yet, until you are sure your computer is clean, or change from a different computer you know is clean. Link to comment Share on other sites More sharing options...
Juguard Posted April 24, 2014 Share Posted April 24, 2014 Also, look at your email header to see where its coming form, and send that header to your host. Link to comment Share on other sites More sharing options...
HawkMan Posted April 24, 2014 Share Posted April 24, 2014 e-mail adresses are easily spoofed, you can do it yourself. what's happening is that the spam company found your website/domain and used it's domain name to send spam, probably to more people than just you. But it also included one or more catch all addresses in your domain (or you had an easily guessed main address on it) on the spam list it used for sending mail with your spam url. a second alternative is that you're misreading the mail headers and these are actually returned mails because the address is unknown because the spammers is trying to spoof your mail Then they get returned to your server, and your server will dump them in your catch all because it can't find the address. Happens all the time when you own a domain, not much you can do about it. you can disable the catch all, or create a specific spam mail and tell the mail server to put all the catch all mails in that. If the actually found/guess your actual mail and is sending spam directly to that, then there's not much you can do. something you just have to live with when owning a domain. Aergan 1 Share Link to comment Share on other sites More sharing options...
xrobwx71 Posted April 24, 2014 Share Posted April 24, 2014 Change the password. Link to comment Share on other sites More sharing options...
+LogicalApex MVC Posted April 24, 2014 MVC Share Posted April 24, 2014 Depends on what you have as an MTA and how it is configured to handle SPAM. The most straight forward solution is to implement SPF/Domain Keys to make it easier for your anti-spam engine to pick it up and block it. http://en.wikipedia.org/wiki/Sender_Policy_Framework Ambroos 1 Share Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted April 24, 2014 MVC Share Posted April 24, 2014 Hmm, MSE reports no viruses Said ----- Everyone ---- Ever! You are in serious need of a second opinion. But like others have said, its trivial to spoof an email address. Link to comment Share on other sites More sharing options...
Ambroos Posted April 24, 2014 Share Posted April 24, 2014 Depends on what you have as an MTA and how it is configured to handle SPAM. The most straight forward solution is to implement SPF/Domain Keys to make it easier for your anti-spam engine to pick it up and block it. http://en.wikipedia.org/wiki/Sender_Policy_Framework This. Ask your webhost to set up SPF for your domain. They should be able to do that and it helps email providers to filter them out as spam without affecting genuine emails. Link to comment Share on other sites More sharing options...
HawkMan Posted April 24, 2014 Share Posted April 24, 2014 it's extremely unlikely this has to do with any malware or hacked e-mail accounts anyone who's ever owned a domain will experience this. Aergan 1 Share Link to comment Share on other sites More sharing options...
Aergan Posted April 24, 2014 Share Posted April 24, 2014 Used to be a common issue for me until I signed up for a whois guard service on a different domain name (emails from admin@myregistereddomain.com etc to my gmail account that was in the WHOIS info). I still get crap in my catch-all, but that's to be expected. Link to comment Share on other sites More sharing options...
Recommended Posts