[CLUE-Tech] email address hijacked by spammers

Wed Mar 31 00:05:46 MST 2004

----- Original Message ----- 
From: "Dan Harris" <coronadh at coronasolutions.com>
To: <clue-tech at clue.denver.co.us>
Sent: Tuesday, March 30, 2004 17:26
Subject: [CLUE-Tech] email address hijacked by spammers

> Well, the unthinkable has finally happened to me.  I've had this email
> address for nearly 7 years now and I've been able to cope with all the
> spam I get using spamassassin and thunderbird filters, but this is
> different.  It appears that last night some spammer(s) began using my
> address as the 'From' on their spams.
>
> So today, I am getting bombarded with 'recipient not found' and 'this
> message was rejected because it is spam' messages.  I don't know who I'm
> more pissed off at, the spammer(s) who hijacked my email or the idiots
> who reply to every spam message saying "this is spam".. You'd think that
> if they were smart enough to set up a spam filter that they would
> realize that spammers FORGE the From address and not bother replying to
> it.. *sigh*.  The ones that did send me a rejection sometimes included
> the headers of the sent message which let me see what hosts were
> originating the messages.  However, by the time I get the rejections and
> start trying to investigate those hosts, they have already pulled the
> plug and switched IP addresses.
>
> This is driving me NUTS.  I can deal with spam, but this crap is over my
> limit of tolerance.
>
> Anyway, before I kill this address, which has a mind boggling number of
> important ties to it including domain registrations and list servers, I
> wanted to solicit some opions about what other people may have done in
> this situation..
>
> I'm considering doing to the following:
>
> A) wait and see if they give up using my address ( I assume this is not
> likely to happen )
>
> B) create a new single address and use multiple receive aliases.  This
> way I can change the aliases easier than changing my account.  Only
> problem here seems to be that most lists won't let you send from a
> different address than your "to" address, which I would be doing in this
> case.
>
> or
>
> C) create multiple accounts.  One for each list I'm on, one for domain
> registrations, one for personal email, etc.  This is by far the most
> burdensome for me since I could see myself having 5 or 6 different
> accounts to set up and maintain.  But, at least I could tell which one
> was compromised and only have to change a more limited number of
> subscriptions, etc.
>
> Please help!  Thanks for any advice.
>
> -Dan
>
I see this from time to time.  Has happened with my main business e-mail 2-3
times, a few clients, most recently Friday.  I tightened up his spam filter
a couple of notches (he was pretty loose) and the bounces are being filtered
now.  Generally, it stops after a few days with a few strays that quit
trying after 4-5 days.  Never give up!

Many zombie boxes now appear to be on Comcast and the media picked up on
this recently, but Roadrunner seemed to be among the worst affected networks
for the past few months.  The worms are opening the spam doors.

BTW, a friend in the ** support group mentioned the other day that if you
took a Windows laptop and plugged into **'s network, you'd be infected
before your firewall loaded.  Apparently M$ ran a test program called 'PC
Satisfaction(?)' recently, much of which will serve as basis for XP SP2.
One big change will be that XP will load the firewall security before
networking on bootup which should stop some of the current mess.

Frank
Greeley