email hijack can make your life a mess

[loublou]

After several years I may gave to give up a domain that I registered due to nasty people hijacking or spoofing my address. This is where someone sends email using your address as a header or reply address.

The problem started straight away but is now to the point of irate people contacting me about some mail I never sent.

Worse I hear that hijacked address's may be reported and stut down without warning.

This makes the whole domain increasing dodgy and don't know what else can be done. Filters don't stop the important email address being used by someone else.

For some time I had the account set to dump emails but this has not helped at all, only made it worse really by not acting sooner.

If anyone has some good ideas I'd love to hear them, but from my searches there appears to be very little can be done.

 

[Gary0]

Not an expert, and not wanting to state the obvious, but you are sure your PC hasn't been infected by a bot that is sending out these things from your PC ?

I guess it need not do to spoof an address, but it was just a thought. May be worthwhile scanning for virii and adware etc..

Best of luck, whatever.

 

[loublou]

you are sure your PC hasn't been infected......

I guess it need not do to spoof an address, but it was just a thought. May be worthwhile scanning for virii and adware etc..

Yes, good point from what I've read and i'm sure I'm not. This is something that comes of mail lists being thrown around and the problem just goes completely bonkers from there.

I do all the regular checks and run an active real time scan. It's not my main email and hasn't been for a long time because of this.

What I'm worried about is that soon it'll reach a point of no return and I can't see any way of avoiding it.

I also can see how this could happen to any email account, with the level of this junk about. 6000 spam in a fortnight!

 

[AdamW]

Yes, I had something similar once. I thoroughly wound up some lame script kiddies (wannabe hackers). So, they "mailbombed", that is they sent lots of spam out with my address in the return field. It's a simple trick that anyone can do, and highlighted just how gay these kiddies were.

So, I had a period of a month or so where I got e-mails back for "not known at this domain" and god knows whatever else from other countries.

Lou, is it possible you know someone who reckons they are a hacker, who is now trying to punish you because he has a tiny todger?

 

[loublou]

Yes, I had something similar once. I thoroughly wound up some lame script kiddies (wannabe hackers).
Lou, is it possible you know someone who reckons they are a hacker, who is now trying to punish you because he has a tiny todger?

Ah yes the tiny todger! This is a great theory that may go some way to explain half the worlds problems......I often wonder about certain world leaders but alas come back to ruling it out as they can sure afford the very best cosmetic surgery to ensure the very best of todgers.

In this case no, I think a lot was due to two things. Firstly I don't trust the domain company who seem to make it easy from the start for spammers and secondly the big mistake of taking my girlfriends advice of putting an email address, as a link, on the frontpage of the web site making it so easy for trawlers to pick it up.

I should have at least put it as a jpg or gif image. Ideally never have put it on it at all. Second and later pages don't seem to get trawled in that same manner.

 

[uptown47]

I know very little about DIY but I know quite a bit about computers. I've posted a DIY question in the Your Projects section and I'm looking for help... in order that I can put something back into this community I'll try and help with some computer questions.

Firstly, bots trawl the net and 'harvest' email addresses. They then use these to either send emails out OR to send emails to. The idea being that the 'spammer' gets a higher 'hit rate' cos people getting the email may trust its originator and therefore download it.

There is a program called Mailwasher that I use that's excellent at filtering your email whilst on the server and therefore reducing the risk of downloading spam and malicious email content. It gives you the ability to delete the email on the server without ever getting to your computer. Also it allows you to create a 'blacklist' of email addresses and also 'bounce' emails back to the spammer to fool them into thinking your email address is invalid (and then hopefully making them remove it from their list)

Mailwasher isn't free (I think its about £14) but worth the money in my humble. You can read about it and download a trial here..
http://www.firetrust.com/

Secondly, if you are putting an email address on your own site then you can use this handy javascript script on your webpage to stop 'bots' reading your email address. However it lets visitors click the address and send emails as normal..


Email: <b>
<script>

<!--

function escramble(){
var a,b,c,d,e,f,g,h,i
a='<a href=\"mai'
b='JOHNNYT'
c='\">'
a+='lto:'
b+='@'
e='</a>'
f=''
b+='YAH'
b+='OO.COM'
g='<img src=\"'
h=''
i='\" alt="Email us." border="0">'

if (f) d=f
else if (h) d=g+h+i
else d=b

document.write(a+b+c+d+e)
}

escramble()
//-->
</script>

The example above is set for the email address [email protected] which isn't my email address by the way, just put that in order to demonstrate which bits you need to change to suit your own needs.

Cheers

JT

 

[Gary0]

Meanwhile, you may need to create a different email address and abandon the old

 

[loublou]

I know very little about DIY but I know quite a bit about computers. ... in order that I can put something back into this community I'll try and help with some computer questions.

JT, many thanks. The last bit is very useful and I'll be trying that one out for sure.

However the problem I have is not with getting emails it's with emails being sent with my email address in the header or return email.

I am being stuffed!

It is such a problem that I do feel the best thing to do may be to not only give up the email address but the whole domain as soon it may be blocked or put on some 'nasties' listing as the level of bogus emails is out of control!

I've just set it up to forward 'dump' all emails (again) as it is the best temporary action I can take but having monitored it for over two months I have found it to be a lost case. It will be only a matter of time before someone is bound to use it to spread one of their nasty bugs or really get on someone's (corporate) tit!

I don't want to have to ditch the domain unless absolutely essential but I do feel my good name (not so good looks!) may be at stake.

many thanks

 

[loublou]

Meanwhile, you may need to create a different email address and abandon the old

I have several email addresses and this one is the email for the domain that I really need to find a way to protect if at all possible.
My domain registry only allows for one forwarding but even if it did allow for more I could not keep up with the level of hiking going on with it.
ta

 

[Moz]

JohnnyT
regarding your points on Email ,

an brilliants points

well done .. ALTHOUGH THE OLD BILL /POLICE

aregurning now .

 

[uptown47]

However the problem I have is not with getting emails it's with emails being sent with my email address in the header or return email.

I doubt that this is a direct attempt to target you and your domain. Firstly, add the javascript I posted to all your emails on your website. Secondly, run a good spyware detector on your computer and delete anything it identifies as dodgy. I use Ad-Aware which is free, you can find it here:
http://www.lavasoftusa.com/support/download/

Then run a good virus scanner. There's a free one online that's very good, you can find it here:
http://www.pandasoftware.com/products/activescan

Once you are happy that you haven't got any 'malware' on your computer AND that your email addresses are protected. You should see the level of ****e emails decreasing.

If possible, change your email address and go into your domain control panel to set up your new email address with a different username/password log on. Then you can just configure your email software to only check for emails from your new email address.

Obviously, this is awkward if your email address is already printed on literature etc but if you are already at the stage where you are thinking of dumping your domain altogether then this might be the way to go.

Once everything is set up (and you've told your address book of your new email address) refrain from using your email address when signing up for things on the net where the site may sell your email address to spammers.

Use a free email address for this. You can get a good free email account here:
http://mail.centralpets.com/cgi-bin/login

Use the free email address anytime you need to fill in an email address online. If you find your free address becomes full of spam, just abandon it and make a new one.

Hope this helps

Cheers

JT

 

[johnny_t]

That gave me a fright - Thought I'd had a blackout and been posting without remembering it....

Nice Usename

 

[uptown47]

Nice Usename

Cheers mate, you too!

 

[empip]

Meanwhile, you may need to create a different email address and abandon the old

I have several email addresses and this one is the email for the domain that I really need to find a way to protect if at all possible.
My domain registry only allows for one forwarding but even if it did allow for more I could not keep up with the level of hiking going on with it.
ta

This is excellent, provided with BBand, from BT Yahoo. AddressGuard

 

[David-IkonIT]

Hi All

I'm getting the same problem, only difference is that the problem is happening to a client of my company, we can't rename the domain, we can't change the email, we need to either block the rout or back-track their IP and get them shut down, anybody have any experience with tools that can do either of those things?