Herself's Webtools

Scripts, HowTos, Templates, Plugins, Widgets, Tips

Oh no I’ve been spoofed!

with 2 comments

So what happens when a spammer spoofs your email address and you start getting complaints from your not so techy relatives? Or your ‘catch all’ email address has a zillion bounces?

If it is a friend or relative, first have them forward you the email with full headers. Have you been spoofed or have you been hacked? Check the IP address. If you are using gmail, click the little tiny arrow next to ‘Reply’ and select ‘Show Original’. It is usually clearer on other email platforms. You will see several ‘Received: by followed by information. The bottom one is where the email was originally sent from. Are any of them your website IP? If so you need to get on the phone with your hosting company and secure your ( or their ) email server. Make sure your SMTP server requires authentication.

Most likely it did not originate on your server. Most likely it is the IP address from some spammer or some poor soul whose machine has been hacked. You may or may not get useful information by using Arin to find out who the offending IP belongs to. Each IP is a bounce that email went through on its way to the final recipient. Sometimes useful information can be gleaned from doing reverse IP searches on the bounces. Perhaps it left a home IP address from a IP pool but bounced off the work server of the person doing the spamming. So check out each and every one.

More often than not you will find a relative’s IP number whose computer is riddled with viruses, or find nothing useful at all. If it is a friend or relative’s IP number, offer to go clean out their computer. You can find your friends and relatives IP addresses in the header information of emails they have sent to you.

A ‘catch all’ email is one you set up with your hosting company. All emails improperly addressed to your domain end up in the catch all email. This is a useful tool for finding out that a domain of yours is being spoofed. It is not an email address you want downloading to your phone or home computer. It can get busy.

There is little to nothing you can do unless you are very lucky finding the source of the spoofed emails.

More information:
100 email bouncebacks? You’ve been backscattered
Spoofed/Forged email ( Cert.org)

Written by Linda MacPhee-Cobb

March 31st, 2008 at 5:00 am

Posted in things you should know

Digg this

Twitter this

Stumble it!

Email this page

«
»

2 Responses to 'Oh no I’ve been spoofed!'

Subscribe to comments with RSS or TrackBack to 'Oh no I’ve been spoofed!'.

  1. Start introducing your friends to PGP and signed emails.

    unwesen

    31 Mar 08 at 7:41 am

  2. Good idea but I think that is way beyond them at this point still.

    ljmacphee

    31 Mar 08 at 9:20 pm

Leave a Reply

You must be logged in to post a comment.