[clue-tech] HELP!! Someone has hijacked my mailserver for spam

[Charles Oriez]

At 08:15 AM 2/24/2005, Mike wrote:
> >
> > There are no reports on .sightings or elsewhere showing any spam coming
> > from your IPA, nothing in spamcop, and you didn't post any of the bounces.
> >
>
>That's good, I suppose. What I'm worried about is my domain being
>blacklisted because my email in the From: header. Or is blacklisting
>smarter than that and the actual originating IP address is looked at and
>not the From: header? Also, would I have any success reporting this
>abuse to the originating IP address?

I hang out on the anti spam news groups.

virtually no one blocks on domain name, because spammers forging domain 
names is well known to the point that it's assumed.  the fact that it is a 
criminal offense has no effect on the spammers.  everyone blocks on the 
IPA, not by domain.

reporting success will depend on what ISPs the spam went through.  Some are 
good and some aren't.  Besides China and Korea in general, the worst ISPs 
for blowing off complaints are MCI, SBC, Comcast, XO, Level3, Above, and 
Verizon.  It's almost not worth reporting it to them.  then there's Europe 
...  I helped a company in NY once identify the spammer who was forging 
their domain name and who was benefiting from the spam.  The CEO was 
getting the bounces and was pissed, but personally I think he wasted $1200 
hiring me.  We turned all the evidence over to the NYS Attorney General 
because the spammer used fake addresses in NYC for his domain 
registrations, and Spitzer was making a name for himself chasing spammers, 
but I never heard whether he bothered with this set of small potatoes. He 
might have, since this guy's law firm was a big contributor to Spitzer's 
campaigns.