This week I had to close down a very personal e-mail address, used only by some very selected friends, because I started receiving hundreds of bounce messages, informing me that e-mails had been sent to what seems like random receivers, using my address as the "from" address.
They had been sent from different IPs, but all or most of them belong to a "chinesenet" account.

I checked with spamcop.com, who have a long list of IPs used by Chinesenet. I haven't done anything more because I believe it's completely futile.

Am I right, or can something useful be done about this?

It is totally unfortunate, Inge and extremely hard to control others who find it necessary to use a personal email address...My AOL address gets used quite a bit which is annoying but that seems to be life as we know it on the Internet...

God Bless and Keep on surfing...

If they have common subject or partly common email address like @Chinesenet.com, then you can filter them as spam, you may have tried that already.

Unfortunately, spam is something that is a feature of modern email life.

I have taken steps to try to reduce the IMPACT of spam, but you will never totally erradicate it - not least because peoples definition of spam, and what constitutes spam varies.

Like many things online, you get out what you put in - ie the more time, effort (and possibly money) you spend on controlling it, the more effective your solutions will be.

If you are certain of who will write to an email address, the most effective solution is to use white-lists, however this requires that you know in advance who will write to it, and what their email address is.

if you want a set-and-forget solution, you are probably best off using a commercial spam filtering system, or alternatively a challenge-response system, but remember many TEs will suspend or delete your account if you block their email (this includes challenge-response scripts)

If people want to know, write to me, and I will help privately. These are just a few ideas for people to consider.

DeHawkinz

I may not have been clear enough about this.
The fact that my address has been used to send spam, annoys me much more than the relatively small number of spam messages I receive. How many have received "Buy Viagra" messages sent in my name? (Well fortunately they haven't taken my name, just my address)

Since I only have access to my own mailbox, I don't know any way to stop this. It doesn't route through me. I only see the bounce messages.

Various smtp servers have been used to distribute the messages.
Most of them belong to the chinesenet network, but with different IPs and different domains.

The worst thing is that even if I have removed this address completely, they will probably continue to use it for a long time, rendering it useless for months, or even years.

This week I had to close down a very personal e-mail address, used only by some very selected friends, because I started receiving hundreds of bounce messages, informing me that e-mails had been sent to what seems like random receivers, using my address as the "from" address.
They had been sent from different IPs, but all or most of them belong to a "chinesenet" account.

I checked with spamcop.com, who have a long list of IPs used by Chinesenet. I haven't done anything more because I believe it's completely futile.

Am I right, or can something useful be done about this?

The only thing you can do is activate the spam controls and then empty your trash without reading it. It seems that spam irritates people so much that good messages even gets treated as such.. I have tried reported it but it does not stop them sending

My address was stolen too some time ago and I was really worried. Finally I came to the conclusion I could'nt do nothing more than be careful with my security settings. I notice it seems to slow down nowadays, not the number of spams I'm still receiving each day but how often crap is sent across the Net under this address. Net users are now accustomed to the problem, I'm not receiving complaints anymore like I had before.

The only thing you can do is activate the spam controls and then empty your trash without reading it. It seems that spam irritates people so much that good messages even gets treated as such.. I have tried reported it but it does not stop them sending

Hmmm.... Silverguru... I guess you were writing your response before you had the chance to read mine.
Guess you may have gotten the message now, that I'm not too worried about the spam I receive (I can easily stop that!).
I'm 100 times more worried about the spam that is being sent around the world, seemingly from my address, and the only way I know that may have some impact, is to remove the address. I'll keep the domain, though. It's too valuable to send to the eternal hunting grounds.

....do nothing more than be careful with my security settings.

Setting your security level is not very hard.
Setting the security level for the people you connect to requires a little more! :)

I always tell people to not send e-mails with several receivers in the "to" field because this is a fast lane to spread virus infections. Unfortunately, some people don't understand, or don't care, and the mail client programs don't care to split it up into individual messages without the whole list following each message.
That's why we have mailing lists.... :)

Spammers like that bank on the fact that most people won't add their own name to a spam filter. If you don't forward emails to yourself, put your email addy on your spam list for a while and that should slow down that domain name stealing spam.

Inge,

I did understand what you meant, I just forgot to include my comment about forwarding bounce messages to my spam folder (sound familiar? LOL)

The bigggest cause of faked senders are:
people mis-using the to/cc fields when sending to more than one person (unless you REALLY REALLY want everyone to know who you sent it to) - use bcc folks :D
people putting their email address in public places such as websites, forums, etc - these are ridiculously easy for spammers to harvest.

addendum - some companys enforce checks where the email domain name IP is checked against the email server IP - if they do not match, it is returned as suspect to the sender. I have experienced this problem on occaision as I write using my gmail address but send via my ISP address using a email program. I read my email 'offline' and forward my gmail to my ISP account, and so reply via my ISP account.

DeHawkinz

If the email address is on your own domain, look into setting up SPF records and using DomainKeys. These tools basically let you make it known who you are, so email providers receiving emails from your email address but not from your server know to toss them.

If it's not in your control there really isn't anything you can do.

I have had my email address used to spam people before because one friend didnt know how to blind copy despite being told several times

so I understand how annoying it is I had to stop that address becuase I was getting abusive letters from people telling me to F*** off and stop sending them spam when I wasnt.

Not nice you have my sympathies but I dont know of any way to stop it except people learning blind copy

Inge, SPAM stinks
It is just part of internet life that we have to live with.

Stealing your email address is bad, but try this one, about 9 yr's ago I had a little
bugger on the Memorial Day holiday weekend from China, break into my Paypal
account, empty it and try to empty 2 banking accounts also. I had to track everything down myself, they had used a computer in a coffee house to do hack. PayPal was totally unresponsive and I had to promise PayPal they would be getting a letter from my corp. attorney's and a class action suit if they didn't get involved.

So some..SPAM, you got off easy!!!!

But, hackers and thieves...They stink

Palladin I have had over $6000 dollars taken from my paypal account in th past by someone saying I was using their services and that was a US citizen so there are more than people seem to think and you are not alone in being conned its how you deal with it that counts.

I was lucky I got my money back after a lot of to and froing.

Part of the Internet learning curve is SPAM (there's enough out there to feed the world)

The worst is your one and only private addy that friends don't know what they are doing posting to all and sundry without a thought the email addy is being passed around, OMG - a bot picked it up!

Got several email addys now - one only for my payment processors etc
Another for sign ups to TEs
Another for sign ups to PTC's
Etc

Doing it that way, if you start to get spam at least its a bit more trackable!

Its about time a united internet security policy was set up and and agreed to by ALL COUNTRIES to ban nasty sites and spammers alike!
--Let alone hackers and nasty trojans- any host proved NOT doing their best to ban this should be closed down! Full STOP

Well, almost, the next step will be? :eek: a very quiet internet for a few days?

Just a fyi, Paypal has a device called "Security Key" that costs only about $5 that randomly creates pin numbers. You stick it on your keychain and when you need to log into Paypal, you'll be asked to look at it and enter the pin as part of the login process. I have heard some good reviews of it and it adds a extra layer of security (provided nobody steals the device that knows your other login details).

Hmmm.... Silverguru... I guess you were writing your response before you had the chance to read mine.
Guess you may have gotten the message now, that I'm not too worried about the spam I receive (I can easily stop that!).
I'm 100 times more worried about the spam that is being sent around the world, seemingly from my address, and the only way I know that may have some impact, is to remove the address. I'll keep the domain, though. It's too valuable to send to the eternal hunting grounds.

You are right My dear, It was. What you can do is curse the buggers to hell and gone, and ask your isp to talk to the servers these emails have been sent from.
A good idea is to mail your list alerting them that you have been used this way.

If the email address is on your own domain, look into setting up SPF records and using DomainKeys. These tools basically let you make it known who you are, so email providers receiving emails from your email address but not from your server know to toss them.

If it's not in your control there really isn't anything you can do.

Thanks for telling me about this, Tim. I looked into it and understood absolutely nothing, so I need to get some more practical information and help. There are some mailing lists I can use to gather info. This seems to come much closer to the solution of the problem -- except the receiving mail servers must also comply to the SPF system (or SenderID, or whatever).

Obviously this can also be very useful for my other domains, even if I haven't had the problem with them. Yet! :)

Got several email addys now - one only for my payment processors etc
Another for sign ups to TEs
Another for sign ups to PTC's

Etc

Doing it that way, if you start to get spam at least its a bit more trackable!


Actually I use one address for each TE now. If someone sends me mail on one of those I know immediately who made it available! :)

Thank you all for very useful information and tips!

I certainly needed this!
About PayPal: I don't have too much money there and wouldn't be poor if someone stole it all. Same with banks: I have little money in accounts where I have a VISA card.

The fact that our e-mail system is outdated is a fact I've know a long time, but I knew too little about all the things you can do to protect yourself.
I appreciate your input tremendously!

4 months ago I had this problem, luckily my ISP caught on that the name listed with the spam that was sent out, was not mine. The last I knew they were investigating it, but haven't heard any updates, but it hasn't happened since, so something must have happened..lol!

Aggravating yes, very much so, especially since it was my business e-mail that was used to spam many of my customers. I've since learned not to keep my customers e-mail addresses on file within my e-mail account. I keep them written down and under lock and key. And have already given out another e-mail address to those customers that love to send me things not business related. So that way if it does happen again (hope it don't) spammers won't be able to spam the daylights out of my customers.

Actually I use one address for each TE now. If someone sends me mail on one of those I know immediately who made it available! :)

I did the same but had it "randomish" letters/numbers. By randomish I mean it wasn't random but appeared random, so if an owner ever tried to change it to another name it wouldn't appear that the wrong exchange was spamming. I figure if someone is going to spam you, they might try to make it look like someone else at the same time..

Great idea, Tim.
By investigating the sender, his mail server and IP address, I can usually find out approximately where the mail actually came from, regardless of the sender address. However, using proxies that change the IP address often, and other means, makes it very hard to catch the offender. All you can do is to watch out, ignore and delete. I'm skeptical to the value of reporting such offenders.
The "chinesenet" system mentioned earlier, probably offers such a proxy. I've seen offers of "anonymous surfing" many times. I wonder how much information they steal from their customers.

something I just remembered..make sure that the first name on your contact list is an invalid address. Then if for some reason, someone tries to send to your list, it wont work,cos it just gets stuck at no 1. I know it isnt the problem you had, but it is a nice tip against worms

Be careful with spamcop (or any other spam reporting sites) when reporting spam. Even though they hide your personal details, spammers can still track who the message was originally sent to by other means (message ID's, alternating subject lines and text in the message body etc..).

What it is then doing is confirming that you're getting their crap mail when spamcop sends the complaint.

Anyone ever noticed that you can get more spam after reporting it?

Unfortunately, whatever measures you take to reduce spam, they'll eventually find a way to get around it.

The only real method to stop it is to have a program that accepts mail from those in a whitelist and rejects everything else. Not very practical, I know...

something I just remembered..make sure that the first name on your contact list is an invalid address. Then if for some reason, someone tries to send to your list, it wont work,cos it just gets stuck at no 1. I know it isnt the problem you had, but it is a nice tip against worms

Unfortunately, that works very rarely nowadays. A sophisticated worm will easily get around it.

From a coding point-of-view, once it times out (that you can catch as you would an exception), you can just move on to the next address.

The only real method to stop it is to have a program that accepts mail from those in a whitelist and rejects everything else. Not very practical, I know...

First of all, do not use e-mail, at least not from your regular account, to contact anyone that you don't want a regular connection with. Use the contact form instead. All they can get from you is your IP address, and that won't get them far unless you have a permanent one, or they have the authority to get it from your ISP.

Use your own contact form to let people contact you. It must be a secure form, in that it must not let any code slip by; only text. Additionally, it should check that the sender is a real person.

I have written my own "mailme" script to do just that.
Take a look at it.

Nice one inge, great idea indeed!

Oh, I feel your pain...

Occasionally I'd get spam from myself, but last week I started getting hundreds of bounced messages. Some spammer had forged my email address in the headers. Apparently they get annoyed by all the bad email addresses, so forging someone else's email address takes care of that for them.

Really good idea Matzo!