View Full Version : email spoof?

09-06-2005, 07:06 PM
I've been receiving emails from randomally named email addresses [at]jamierees.co.uk (my domain) like gegchz[at]jamierees.co.uk etc - I know email addresses can be spoofed, but how can I make sure fake email addresses pointing from my domain/mail server (email addresses which don't exist) aren't being used for spamming purposes.
I've been onto my host, who say that Netsky worm propogates by spoofing email addresses etc, but there wasn't anything in the email and loads of other internet worms do the same thing so I quickly discounted that theory which I thought what crap in the first place.

I'm getting a bit pi$$ed off at what's going on to be honest - what I want to know is how do I make sure that my domain's email server isn't being used for spamming etc? I also know that email servers can be broken into to send sh*t from them so I'm gonna take this up with my host...

Any ideas?



09-06-2005, 07:11 PM
Check to see if it is really coming from your mail server.

As far as stopping anyone from using your domain as the from address, well you can't (at least that I know of). But most likely you are getting spam from some place else and it is using your domain as from address because most spam filters would let it through. Most people usually whitelist their own domain address so they can get mail from other people on their mail server.

09-06-2005, 07:33 PM
Okay cheers Kev - I've been onto my host and they don't have any records of any unauthorized emails being sent from their mail servers so they must have been spoofed from another mail server somewhere, what the heck..nothing to worry about really.

09-06-2005, 08:44 PM
Yeah, it is more of annoyance. If you are the only one using an email address on your domain, you could adjust you spam filter to block messages from all other addresses on your domain.

09-06-2005, 08:57 PM
Are these emails coming via a contact form on your website?

I recently had forms on three different domains subject to email injection (http://securephp.damonkohler.com/index.php/Email_Injection) attacks.

The sender address would be spoofed as described, with a random alpha string for the email id @mydomain.

My solution was a PHP script that checks for text strings that would only be used for email headers and not normally occur in the message itself.

09-06-2005, 10:19 PM
Yeah a few of them were - I knew that because in my email form, I have it to output the users IP address and browser.

I'll try the header script on the page which you reference mcdougals4all, cheers :)

I can't blacklist all but my email address on my server, 'cause I have have about 6 email addresses which are being used.