sheriffg_guirguis — 2012-01-25T14:42:34-05:00 — #1
A friend of mine is hosting his site on a shared hosting.
All was good, until yesterday when he got maybe 200 emails saying:
"A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:..."
The problem is he never sent these emails!!
The return addresses are to addresses he never created like: mike@websiteName.com, charlie_bean@websiteName.com, etc. I substituted the real domain name with "websitename.com" to keep the website secret for now.
He never sent emails under these nonexistent email addresses.
I can only think of 3 possibilities, but It would appreciate your help in figuring exactly where the problem lies:
One is spamming a whole lot of people with a return address as firstname.lastname@example.org. And he's constantly changing the first part of the return email address. He is using his own server, but use the return address to confuse people on who is sending the email address. Is that possible?
The hosting email server has been hacked.
Her computer has been hacked, although I doubt that. He said to me that he's not able to send emails using outlook for some time. If his outlook was not configured properly, then a virus or a malware wouldn't be able to send emails either.
How can I resolve that issue as these error messages are jamming his inbox.
doug_g — 2012-01-25T14:58:12-05:00 — #2
If his outlook was not configured properly, then a virus or a malware wouldn't be able to send emails either.
Don't assume that. Most viruses do their own SMTP without needing anything from Outlook.
Running a thorough malware and virus scan on your friend's computer would be the first thing I'd do.
sheriffg_guirguis — 2012-01-25T15:18:01-05:00 — #3
really?? Ok, let me do this on his computers.
sheriffg_guirguis — 2012-01-25T15:40:15-05:00 — #4
I assumed he was using outlook, or such a service, but he's login in to the website and then emailing with webmail.
He's also using his blackberry to send emails. But that's it.
sheriffg_guirguis — 2012-01-25T17:14:19-05:00 — #5
the hosting company says that it wasn't sent through their email server. So whoever is doing this is using their servers.
So I guess all i have to do is set up a spam filter to filter these error messages. If anyone else knows anything else on how we can stop this, then please feel free to share.
eastcoast — 2012-01-25T18:41:04-05:00 — #6
Ideally you'd want to set up [SPF / [URL="http://en.wikipedia.org/wiki/DomainKeys"]domainkeys](http://en.wikipedia.org/wiki/Sender_Policy_Framework) to help protect against malicious spoofed emails.
timigoe — 2012-02-02T08:23:55-05:00 — #7
SPF is only useful IF the recipients server supports it too - setting it up will reduce it partially.
I get a lot of bouncing emails in the same format - its spammers setting you as the returning email, annoying and theres not much that globally works currently .