I spent a considerable amount of time trying to trace the offenders. What is strange is that although the bulk of it is coming from http://digitaletics.tv (supposedly in Brazil). There are others coming from what I believe to be Korea and Russia. Each of them appears to be using a randomly generated user name against our legitimate domain. I guess I am wondering if these companies have contracted with some 3rd party to do bulk mailing which to some degree is not their fault.
The digitaletics website only offers a email address ([EMAIL PROTECTED]) to contact them and it does appear to be valid as there is a mail server at the site as well. The others don't even supply any type of contact information. I had considered forwarding all the bounced mail to that address but would rather resolve it in a more agreeable fashion. I also have started receiving some nasty emails within these NDR's about our "spamming practices" and am possibly anticipating some how getting "blacklisted". I sent an email with a copy of the emails to what I believe is the ISP of record in Brazil but have not heard any response. I had considered calling the ISP's phone number but I am wondering the chances of someone speaking English. -Dave Vantine -----Original Message----- From: B. van Ouwerkerk [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 3:14 AM To: Exchange Discussions Subject: RE: Domain used by Spammers Been there, done that. Most ISP's don't bother. However, check to see a domainname and find out who is hosting it. I had some success closing down the offenders website.. --B. At 09:10 07-02-2003 -0800, you wrote: >trace the header ip's to track down the originator and get in contact >with the isp? > >-----Original Message----- >From: Dave Vantine [mailto:[EMAIL PROTECTED]] >Sent: Friday, February 07, 2003 7:57 AM >To: Exchange Discussions >Subject: Domain used by Spammers > > > > >For the last few weeks I have been plagued by what I had originally >considered to be spam attacks. These were showing up as NDR's which I >have forwarded to my own mailbox for review. They were always some >nonexistent random alphanumeric user i.e. [EMAIL PROTECTED] ><mailto:[EMAIL PROTECTED]> . This morning I had over one hundred of >them so decided to investigate further and see if there was way to >screen them out. > >As it turns out, these are not emails being sent to me, but rather >someone is spamming using these random alphanumeric in the From field >and the NDR's are coming back to me from whoever is in the To field. > >I re-tested my own exchange server to ensure that they were not >relaying of the Exchange server. I then telneted to my personal >attbi.com mail server and sent and email as a nonexistent user in my >domain to a bogus mail address. The attbi.com server promptly sent back >and NDR to my domain. > >I concerned about any implications of getting on any RBL lists. I guess >I would equate this to identity theft but have no how to address this >serious issue. > >Thanks >-Dave Vantine > >_________________________________________________________________ >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe: mailto:[EMAIL PROTECTED] >Exchange List admin: [EMAIL PROTECTED] > >_________________________________________________________________ >List posting FAQ: http://www.swinc.com/resource/exch_faq.htm >Archives: http://www.swynk.com/sitesearch/search.asp >To unsubscribe: mailto:[EMAIL PROTECTED] >Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]