Copycat Spammers Attacking My Mailbox/Server
17 Apr 2007 (Tue)HELP! THIS IS JUST A FRACTION of the spam messages that are suddenly flooding my mailbox from 4.53pm, shortly after my previous post on the Top Posts in Ping.sg & Tomorrow.sg:
- Alexa Ranks Ping.sg Above Tomorrow.sg!
- Uzyn, the next “Kevin Rose”?
- A video guide to the Ping.sg celebration - by an absentee!
- Top Posts in Ping.sg & Tomorrow.sg Reveal That…
- Links on Comments Here “DoFollow”
- Top posts in Ping.sg & Tomorrow.sg - one year later
- What Did ClappingTrees Say at Nexus 2007?
Posted by J.K. in News, Problems | blog reactions | |
April 17th, 2007 at 5:58 pm
Wow! O_O!! How did that happen? I mean all you did was a blog posting right? I don’t see the connection on how those mails ended up in your mailbox from a blog post.
April 17th, 2007 at 6:12 pm
I’m wondering too.
Since Uzyn and Sonne gave quite good answers to my queries in the Ping.sg shoutbox just now, I’m pasting the conversation here (read in reverse order, from the bottom):
clappingtree: maybe 2 minutes ago from web
13 minutes ago from web
20 minutes ago from web
20 minutes ago from web
Feeling much better already 21 minutes ago from web
uzyn: probably some new parameters in the spam to make it look more legit. 7 minutes ago from web
sonnemondsternewmc: that why u get the postmaster and failure emails to your catchall as uzyn mentioned 10 minutes ago from web
clappingtree: Exactly. This has been happening for some time. But just now, for half an hour, it was like an avalanche 10 minutes ago from web
sonnemondsternewmc: @clappingtree, maybe they just add ficitional names to your domain and spam your server 11 minutes ago from web
clappingtree: yes, ping.sg news usually are read here by ping.sg readers 12 minutes ago from web
uzyn: @clappingtree wow your post on tomorrow.sg and ping.sg moves really fast 13 minutes ago from web
clappingtree: Still, tks, uzyn and sonne again.
clappingtree: but most times, they land up in Gmail’s spam folder 14 minutes ago from web
clappingtree: from time to time, I also quickly browse and then delete spam. So, I’ve prob received at least 5K spam msgs or more by now 14 minutes ago from web
clappingtree: 200 now… seems to slowing or stopping 15 minutes ago from web
clappingtree: I’m already doing what you’ve just suggested 16 minutes ago from web
uzyn: google spam filter is really 1 of the best free ones in the industry,using collective intelligence by the users 2identify spams 17 minutes ago from web
clappingtree: ya, most times, Google’s spam filter put away most spam 17 minutes ago from web
clappingtree: I’ve got 1760 spam msgs in my gmail which I hardly look at 17 minutes ago from web
uzyn: filter by flagging those mails as spams. that would help in improving the spam criteria of google spam filter. 18 minutes ago from web
uzyn: @clappingtree spam evolves everyday. new spams tends to slip past google’s already-good spam filter. you can help improve the 18 minutes ago from web
uzyn: yeah. i love tech a lot. hehe.
clappingtree: btw, if this is normal, the sudden avalanch of spam seems too coincidental 19 minutes ago from web
sonnemondsternewmc: i only dabble in a bit of tech outside of work 19 minutes ago from web
sonnemondsternewmc: wah uzyn you really love tech
uzyn: @clappingtree you’re welcome.
clappingtree: tks, uzyn and sonne.
uzyn: my fav podcast of all. never miss an episode 22 minutes ago from web
uzyn: if you have a little time, listen to http://www.twit.tv/sn79 for more technical info on spams 23 minutes ago from web
clappingtree: … sounds better, i guess 24 minutes ago from web
sonnemondsternewmc: if you have access to your mail server just make sure relaying is off - which should be the default 24 minutes ago from web
uzyn: yup they don’t blacklist domains, so nothing to be alarmed. @sonne is right, blacklisting is normally by SMTP 25 minutes ago from web
clappingtree: Sigh! I suppose this is a sign of my site almost reaching the level of traffic that yours is receiving? Sonne: Server IP? 25 minutes ago from web
uzyn: i got tons of those everyday. if you’re a spammer you wouldn’t want to send mail from your legitimate email, would you? 25 minutes ago from web
sonnemondsternewmc: if i’m not wrong, they blacklist by the sending mail server ip. Email address with fake domains shouldn’t be an issue 26 minutes ago from web
uzyn: that’s normal, clappingtree. 26 minutes ago from web
clappingtree: notice the numerous “undelivered mail” and “delivery failure” msgs on the screen shot 26 minutes ago from web
clappingtree: it’s very easy to send email msgs that fake someone’s domain 27 minutes ago from web
clappingtree: These spam are sent using fake email addresses at my domain :-p 27 minutes ago from web
pingsg_shouts sonnemondsternewmc: oops i meant compromised 27 minutes ago from web
hendribudi: i think tt’s when you send spam mail, purposely or not… if you receive spam it shd be ok 27 minutes ago from web
sonnemondsternewmc: if you’re sending or your server has been comprised to allow others to send spam through your mail server 27 minutes ago from web
sonnemondsternewmc: but i think your web host should have disabled relaying on your mail server already 28 minutes ago from web
clappingtree: The support staff has told me sth like this before: How spam mail could “disable” mail from a domain/server 28 minutes ago from web
sonnemondsternewmc: blocked by ISPs 29 minutes ago from web
sonnemondsternewmc: @clappingtree: as long your server is properly secured i.e not relaying emails, you mail server wouldn’t be blacklisted 30 minutes ago from web
clappingtree: The last half hour is very unusual. I don’t publish my email address in clear text. Made sure of this 30 minutes ago from web
uzyn: i get hundreds of spams per day because i publish my email in clear text 31 minutes ago from web
uzyn: your host would have no effect, don’t worry. spam has been a problem for ages and it’s not you alone that are getting spammed 31 minutes ago from web
clappingtree: actually, I only receive a handful of spam mail over the past year or so 31 minutes ago from web
clappingtree: ‘cos I’ve heard that such spam could make the mail from a certain domain could be blocked by ISP/servers as a result of this 32 minutes ago from web
uzyn: yup. it’s never a good idea to do that. now it’s clear why u get so many of the same spam 32 minutes ago from web
clappingtree: yes… would be good to remove that now. I’m more worried about the effect on my host/domain… 33 minutes ago from web
uzyn: do you set your catchall mailbox to your own mailbox? 34 minutes ago from web
uzyn: erm not exactly in waves, but generally that’s what a spambot does, just fire to a certain host for awhile b4 switching2another 34 minutes ago from web
clappingtree: 181… u mean they come in waves? 35 minutes ago from web
clappingtree: 178 spam msgs from 4:53pm 36 minutes ago from web
uzyn: just saw your posts. those are probably new spams. you just have to flag them. they’ll be filtered in the next wave. 37 minutes ago from web
hendribudi: @clappingtree: oh.. it’s not gmail? 38 minutes ago from web
clappingtree: i’ve submitted a report to my web host. 40 minutes ago from web
hendribudi: @clappingtree: the best is to leave it alone… wait a while, if it persists, report to your mail provider 40 minutes ago from web
clappingtree: IMPT: Does anyone here know how to stop a spam attack?
April 17th, 2007 at 6:21 pm
A reply from my web host:
Thank you for contacting our HelpDesk!
I’m happy to inform you that I’ve just added SPF record to your DNS zone which is as follows:
< < cut >>
I believe that this will fix the issue you experience, because as far as I can understand someone is trying to use your SMTP server to relay spam messages.
However the SPF record that I’ve added will check if the IP is the server IP and also will check if the domain name is the same and will block any unwanted tries to send spam message.
However if you want, you can find more detailed explanation about the SPF records at:
If you need further help, please do not hesitate to contact us again.
Update 18-04-2007: As of now, I’ve received over 1,000 spam messages sent using my domain and bounced back to me via my web host. :-p Does the SPF thingy work? Looks like I’d need another two days to confirm this.
April 26th, 2007 at 3:00 pm
Thanks for the good informative post. I get tired of how much spam there is out there. Do E-mail Campaigners will believe that people will open up those countless similar e-mails? I believe that there has to be true value and a strong level of trust, which many don’t care about.