Spammer Using This Domain…Again!

It’s an ugly way to start my week: opening up my personal email account and seeing 300+ messages…290 of which are spam bounce-backs from some jackass spammer using my personal domain as a reply-to address. And it just happened a couple of weeks ago! Hopefully it will be as short-lived this time as it was then. And I really hope all the alpha-geeks in the world would get together and solve the problem of email domain-hijacking once and for all (and spam for that matter).

  • This happened to me before the weekend – not my personal e-mail account, but another one. My inbox was being inundated at the rate of around 15 per minute for two days straight, which is well over 20K. Not cool.

  • What ticks me off is that there’s an easy solution to all of this: licensed and authenticated SMTP servers. You want to send email? You pay a small licensing fee. The money isn’t the point, the authentication is. The problem now is that every sever admin out there wants to be able to set up a box, set up an SMTP server on it, and send all the email they want. This isn’t 1995 any more – spam is out of control and the current situation is painful.

  • Janak Parekh

    No, that’s not the problem. The problem is until you have enough folks requiring that scheme, it won’t take off. It’s a catch-22.

    The real solution is to rethink email. One solution would be to have senders store email, not recipients. Dan Bernstein suggested this a long time ago (http://cr.yp.to/im2000.html) — that would solve almost every type of UCE (unsolicited commercial email). However, forcing that kind of revolution is not going to happen any time soon.

  • Right. So what you need is the top 10 biggest ISPs in the world to team up with the top 10 Web hosting companies, and they start the ball rolling. Someone needs to start things in the right direction. Building consensus is hard, but another decade of worsening spam is even harder.

    Perhaps my brain isn’t big enough to wrap my head around the solution you’re proposing, but it makes no sense to me at all. Why would I want to give someone else the ability to store my email? You mean inverting the current push-pull scenario? Theory being that if a spammer wanted to send out 5 million pieces of email, he’d have to have the infrastructure in place to store and share that spam when email clients would connect directly and view that email? Maybe, but that seems like a poor use of resources for all the other legitimate email out there.

  • Hey Jason,

    Sorry to hear this has happened yet again to you. What is sad really, beyond the jerks doing this, is that more isps don’t take advantage of some of the lesser known features of their mail server software. I run a small sever on my home network, just so I could see how email work. I use Exim4, which isn’t “the” most popular one out there, but I know that it is in the top 2 or 3 and it has features available that will allow the server to check for these types of bounces. It will then just ignore the message completely and not return the message to the sender and it won’t deliver the returned message into your inbox either. This helps in two ways, keeps the overall spam bounces lower and keeps your inbox from ever getting flooded from this type of “attack”.

    I won’t go into the details, but if this can be done with Exim, I would guess that it could be done with the other popular mail server software also. It isn’t anything an end user can configure though, it is entirely dependant on the isp to configure this correctly on their end. 🙁

    Hopefully it will end soon and you won’t get too bogged down with it.

    -Eric