Sign in with
Sign up | Sign in
Your question

Mail forwarding and spam

Last response: in Networking
Share
November 1, 2006 7:46:35 PM

Hi,

I hope this is the right section in which to post and that someone will be able to explain what's going on.

Absolutely inundated with spam in the last couple of months, this is what I did:

1. I created two new "dummy" email accounts, let's call them Box A and Box B
2. My two mailboxes that are being inundated (and that I can't just close down right now, sigh) are being redirected to these "dummy'' accounts I monitor
mailbox1@mydomain.com points to Box A
mailbox2@mydomain.com points to Box B

3. I run a few tests, sending some emails to mailbox1 and mailbox2 and sure enough, they show up respectively in dummy Box A and Box B.

I was pleased.

Then I flipped: NONE of the spams were getting forwarded. I look at the message headers, they are indeed addressed either to mailbox1 or mailbox2 but they are not getting sent on to the dummy boxes. All the DNS numbers are noted as prime sources of spam by spamcop.

Why is it when I send an email to these addresses (regardless of where I am sending the mails from) they are properly forwarded, but the spam is not?

I sure hope someone can help me here....

Thanks in advance!

[/list]

More about : mail forwarding spam

November 2, 2006 6:27:12 PM

Sort of hard to guess without knowing anything about your environment. Do you run Solaris, Windows, Red Hat, etc.? What email system? Do you have an email gateway, something like ISA? Any other spam controls on a server or client? Does your Internet provider do anything about spam? Is your email hosted or inhouse? Details like that would be a good start.
November 2, 2006 6:52:49 PM

HI SciFiMan,

THanks for your response.

My environment:
PC under XP, Zone Alarm, Avast, Spamblocker, Spydoctor, lavasoft, etc..
System is clean as a whistle.
Outlook, mail washer, spambayes
professionally hosted website where the two work email addresses have been overwhelmed by spam > can't just shut down those email addresses. Don't think there is much done at the server level to fight spam.
One of these email addresses used to be forwarded to my own account in company.
For ease, let's call these Box1, Box2 and Box3. Box2 used to point to Box3. I have stopped that redirection.

So i created 2 "garbage email boxes" on two external unrelated web mail systems.

Forwarded each polluted work email address to one of these independent "garbage boxes" Box1 goes to Garbage1 and Box2 goes to Garbage2.

What is odd is that if I or friends of mine say test the new redirection by sending a message to Box1 or Box2, they are properly redirected to Garbage1 and Garbage2.

BUT, the spam that is addressed to Box2 still gets forwarded to Box3 and NOT to Garbage2. And I have no clue why.

My webhosting company has not responded yet. A friend tells me that it is because somehow the spammers, when they collected the Box2 address they also managed to get info on its redirection to Box3 (HOW? I don't open spam or reply to it, how would that forwarding be visible?) and that it will take time for those databases to get updated.

I tend to use out of office autoreplies. If I can't manage to have mail for Box 3 distinct from that addressed to Box 2, the spammers will get the autoresponse and reinput the Box2 address forever!

If you can help, that would be great. At least so that I understand why the junk is not getting redirected if it is a spammer sending it!

Thanks. I just hope I wrote clearly!
Related resources
November 2, 2006 7:27:55 PM

As to prevent further spamming, NEVER POST YOUR EMAIL IN THE OPEN ON YOUR WEB SITE. Any web crawler will find them and your history. The reason most companies have a built in system to send email, all internal.

It only requires one person to sign-up for free services, they sell email address for revenue. Nothing is ever free, always some catch.

Use a web based AV and Spyware scanner. I have discovered that these guys will insert exception so they will not be detected from a local scan.

And it's possiable you signed up for a service that sells your personal info. MS does this. The sole reason I never register products and software. If so it's one of my junk email accounts that I do not check regularly.
November 2, 2006 7:36:26 PM

Hi BLue68F100,

Yup, but by the time I learned about a nifty little script to render a web email address ungrabbable, it was too late. but at least it is taken care of now if i get over this hurdle!

i also use junk email addresses for most stuff on the web, i am sure that's curtailed more problems.

when you say to use a web based AV and Spyware scanner, what do you mean? for surfing? email? or to diagnose one's computer? which are good and "safe"?

now if i can only understand AND solve the problem I described above, i'd be a happy camper!
November 2, 2006 7:59:21 PM

Once a computer has been compromised local scanners may no longer work/detect. I have seen many cases like this. But when you use like Symantic Online virus scan it will find the culprit. When you use a online service, the virus/spyware can not alter the scan results, they do not have access to modify the def file or exception file. So using a web based tool are better and are required. These are for diagnostic.

I do not trust Symantic AV products any more. They released a bad signature a couple of years ago, and cost me a weekend. To date they have never acknowledge there mistake, either online or email. A company not willing to acknowledge they screwed up can not be trusted. It cost them a corporate contact of 2000+ users. If you ever let the AV expire, it kill your pc in return. No way to recover, Have to reload windows. They modify windows files, un-installing or buying a new subscription will not fix the problem. If you let it expire you loose. I'm surprised they have not been hit with a class action suite for this kind of behavior.
November 3, 2006 6:27:45 AM

Just to be sure, I ran two different online scanners. my system is clean save for MS vulnerabililites that I am aware of already, but in past experience, downloading MS patches has caused me more problems than anything else.

I agree with you, I don't use symantec/norton anymore either. caused problems, crashes, and let bugs and thugs through. took two days to remove all traces of the darn thing!

So, back to the reason why I launched an SOS here, don't think it is coming from my computer.

maybe my friend is right even though i don't understand how it is possible - that the spammers DBs have the old forwarding email and that's why the new redirect will only work with "new mail"??????
November 3, 2006 12:32:54 PM

Thats good news on being clean, but most root kits are not detectable. This is where scanners come in. Beyond my skill set.

There has to be something in the header that causes some to work and other not. But this is a area where I have limited to no skill. There are utilities that allow you to look at all of the hidden routing info, but have not used any. I think you are going to need a script looking at the header info to sort thing out. There are some firms that can sort email for you.

Sorry that I can't help you any further.

Good luck on finding a solution.
!