Announcement

Collapse
No announcement yet.

Email Bounce Spoofer?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Email Bounce Spoofer?

    I'm quite put out. My personal vanity email is now receiving spam of all shapes and forms. I've had a personal domain registered for about 10 years, and in that time I've had NO spam sent my main vanity mailbox. Since the domain is mine, I can and do use aliases and forwards whenever I register at a new web site so I can track and turn off spam when it starts. Once in a while, when I trust a site enough, i'll update the email address to my personal one so I don't have to keep hundreds of aliases around.

    So some site I trusted let me down. What I want to know now is if anyone knows of a method to spoof an email bounce, so I can just reply back to these idiots and have my email address removed by their auto list manager software. I hate spam enough to turn off my personal email address for a few months if I have to... question is do I have to?

    Any ideas?
    Last edited by Boot; 10-06-2006, 01:25 PM. Reason: Measure twice, cut once.


  • #2
    Re: Email Bounce Spoofer?

    Originally posted by Boot View Post
    I'm quite put out. PayPal got hacked recently, and my personal vanity email is now receiving spam of all shapes and forms. I've had a personal domain registered for about 10 years, and in that time I've had NO spam sent my main vanity mailbox. Since the domain is mine, I can and do use aliases and forwards whenever I register at a new web site so I can track and turn off spam when it starts. Once in a while, when I trust a site enough, i'll update the email address to my personal one so I don't have to keep hundreds of aliases around.

    Few weeks ago I received an email from PayPal that their system had been hacked. "Coincidentially," at the same time I started receiving spam. Doesn't take a genius... but that's beside the point.

    What I want to know is if anyone knows of a method to spoof an email bounce, so I can just reply back to these idiots and have my email address removed by their auto list manager software. I hate spam enough to turn off my personal email address for a few months if I have to... question is do I have to?

    Any ideas?
    I'm not aware of PayPal being hacked at all. In fact, most of the e-mail I get from "PayPal" are actually phishing attempts to get you to log into a forged PayPal (or CitiBank, Bank America, Wells Fargo, or any other number of banks) site so they can steal your login information and empty out your accounts.

    Do you still have the e-mail?
    Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

    Comment


    • #3
      Re: Email Bounce Spoofer?

      Originally posted by Apophis View Post
      I'm not aware of PayPal being hacked at all. In fact, most of the e-mail I get from "PayPal" are actually phishing attempts to get you to log into a forged PayPal (or CitiBank, Bank America, Wells Fargo, or any other number of banks) site so they can steal your login information and empty out your accounts.

      Do you still have the e-mail?
      Interesting... I do, and you're right, it didn't really come from PayPal and it also didn't hit my personal email box, it hit one of my aliases. I'll edit my orig post so as not to besmirch PayPal.

      So now I don't know how my personal email got out for spam consumption, but in 10 years I've probably been bucking the trend anyway. The question still stands though on the bounce spoof.

      I've thought for a while an enterprising email client developer could add this as a feature, or create a shareware app or something.

      Comment


      • #4
        Re: Email Bounce Spoofer?

        Originally posted by Boot View Post
        Interesting... I do, and you're right, it didn't really come from PayPal and it also didn't hit my personal email box, it hit one of my aliases. I'll edit my orig post so as not to besmirch PayPal.

        So now I don't know how my personal email got out for spam consumption, but in 10 years I've probably been bucking the trend anyway. The question still stands though on the bounce spoof.

        I've thought for a while an enterprising email client developer could add this as a feature, or a shareware app or something.
        One thing that is quite common for some spammers to do is to dump a list of domain names and then start randomly sending e-mails to various potential usernames. It goes something like this:

        Spammer identifies that domain.com is a valid domain. They set up software that then proceeds to send mail to [email protected], [email protected], [email protected], [email protected], etc. The username portion of the e-mail addresses are usually built from databases of known usernames for other domains, so they even get relatively strange combinations such as [email protected].

        During this process, they scrub their target domain of any e-mail address that returns a bounced message. If their message attempt bounces, they know the address is invalid for that domain.

        Another teqnique that is used that is more efficient is exploitation of the VRFY and EXPN commands used with SMTP. They will find mail servers and domains that respond to these queries and start issuing mass amounts of VRFY or EXPN commands to determine potential valid accounts on the system.
        Diplomacy is the art of saying "good doggie" while looking for a bigger stick.

        Comment


        • #5
          Re: Email Bounce Spoofer?

          Heh... I know the easy fix here is to block the sending server IP, because it's all coming from the same place. Problem is though I own the domain I don't host it myself so an IP block is not so easy. A simple "reply with bounce" is what I want, because it has the added effect of removing the address from the list. Otherwise, I will play cat and mouse as I try to block every new mailserver IP that gets a hold of the list source.

          Comment


          • #6
            Re: Email Bounce Spoofer?

            Facinating. Boot, I'd just like to add that for some reason your kung-foo-chimp avatar looks like Chuck Norris to me... I don't know why.

            Comment


            • #7
              Re: Email Bounce Spoofer?

              Is the domain hosted someplace that uses cpanel?
              Battlefield Admin() ()
              [volun2][medic][defense3][eng2][support]
              [sg-c1][gchq-c1][tog-c1][ma-c1][taw-c1][tg-c2]
              | for | |

              Comment


              • #8
                Re: Email Bounce Spoofer?

                Macafee's antivirus thing has an option to return an error message to the spammer. I'm sure there must be other programs that do as well.
                ---
                Sources say the Dow Jones' decline is directly related to Dethklok front-man Nathan Explosion's constant deleting of potential new albums.

                Comment

                Connect

                Collapse

                TeamSpeak 3 Server

                Collapse

                Advertisement

                Collapse

                Twitter Feed

                Collapse

                Working...
                X