Internet Geeks! Help!!

[Mellow Chaos]

I thought I knew a lot about the "Internets" until now, but this situation really has me concerned about my legal and financial well-being.

I have my real name assigned to an Internet domain. Now I've got huge scale spammers spoofing my domain to send mass emails. I found this out because I have the option set to send me ALL email bound for the alecwhitehouse.com domain, and I'm now getting all the bounces and automated replies. I feel that this dastardly development is going to get a justice department lawyer knocking at my door, or a class action lawsuit filed against me.

I know these spammers are huge and anonymous, so it is difficult to go after them, but I was wondering if anyone had any tips on finding out who is generating this spam and spoofing my domain so I can get my lawyers on the case. Are there attornies who specialize in this type of work? Thanks in advance.

 

[G3]

Contact your domain registrar and they can run a few tricks to despoof the real source and block it. If you are the domain registrar, then you can try contacting the ISP hosting your line. If the domain host and ISP are different, start at the domain hoster. The other option would be to place an antispam device or service on your network. Some options are actual hardware devices that filter out viruses and spam like Bluecoat, Frontbridge, Proofpoint, etc. They can be a little pricy. Others offer services in which your mail traffic is routed through them and filtered. Postini is one. There are many of those as well. Postini has pretty good coverage from what I hear.

 

[martensite]

you could forward all email sent to NON-existent email addresses to a google mail account for later scrutiny or storage.

 

[Andrew Taylor]

This has happened to me twice, and is currently happening now. The returned e-mail has a gif concerning stock picks? The spammers usually put something else in front of the ampersand (@ sign). Your domain will have a catchall policy that allows anything@alecwhitehouse so a spoofed e-mail from the spammer saying it is from gtqfp@alecwhitehouse is bounced back to you as non-deliverable. Eventually, it will die down as the spammer moves to a new address or is closed down from their current ISP (they tend to change addresses when booted).

don't worry about being reported for _sending_ the spam as the originating IP address is included in the header. Here is a current spam for instance...

X-Message-Status: n:0
X-SID-PRA: Ada Wilkinson <zvcabcww@rshmnep.org>

'rshmnep.org' is a legitimate domain owned by a church in the UK. A Whois check shows their I.P. address as 70.49.101.210

however the e-mail header shows
Received: from unknown (HELO esv.ozpd) (86.124.47.236)

The IP address 86.124.47.236 belongs to the spammers ISP, Romania Data Systems.

There are a couple of things you can do.

1. Install Mailwasher and get it to delete all returned e-mail. http://www.firetrust.com/ I can let you have an old version if you wish, or you can take a trial on the new version.

2. Set up mail server filtering via your domain Control Panel.

Sam Spade is useful for checking IP addresses and other information about spammers domains. http://www.samspade.org/ssw/

Spamcop is useful for reporting spammers easily http://www.spamcop.net/

hope that helps.