Transterrestrial Musings  

Amazon Honor System Click Here to Pay

Alan Boyle (MSNBC)
Space Politics (Jeff Foust)
Space Transport News (Clark Lindsey)
NASA Watch
NASA Space Flight
Hobby Space
A Voyage To Arcturus (Jay Manifold)
Dispatches From The Final Frontier (Michael Belfiore)
Personal Spaceflight (Jeff Foust)
Mars Blog
The Flame Trench (Florida Today)
Space Cynic
Rocket Forge (Michael Mealing)
COTS Watch (Michael Mealing)
Curmudgeon's Corner (Mark Whittington)
Selenian Boondocks
Tales of the Heliosphere
Out Of The Cradle
Space For Commerce (Brian Dunbar)
True Anomaly
Kevin Parkin
The Speculist (Phil Bowermaster)
Spacecraft (Chris Hall)
Space Pragmatism (Dan Schrimpsher)
Eternal Golden Braid (Fred Kiesche)
Carried Away (Dan Schmelzer)
Laughing Wolf (C. Blake Powers)
Chair Force Engineer (Air Force Procurement)
Saturn Follies
JesusPhreaks (Scott Bell)
The Ombudsgod
Cut On The Bias (Susanna Cornett)
Joanne Jacobs

Site designed by

Powered by
Movable Type
Biting Commentary about Infinity, and Beyond!

« A (Little) Good News | Main | Fool Me Once »

Email Flood

Some cretin has set up a spam system to send emails to a vast number of people with the return address as *

While I was up at the cape, I got over two hundred emails to the effect that: so and so is out of the office, such and such a spamfilter blocked this email, etc.

All with return addresses of random names from my domain. I can't imagine that they're originating from my machine, since I don't even use that domain myself for outgoing email.

Question. Other than blocking all incoming email to * other than, what do I do about this, if anything? There's certainly nothing I can do to prevent a third party from sending out email with a return address with my domain, though if there was, torching their genitals would be too good for them.

Posted by Rand Simberg at July 02, 2006 05:00 AM
TrackBack URL for this entry:

Listed below are links to weblogs that reference this post from Transterrestrial Musings.

Rand, The same thing happened to me a couple of times. As far as I know, the only thing you can do is to bear with it. My sympathy!

Posted by Bernard W Joseph at July 2, 2006 07:25 AM

It has hit me once or twice too, and there is nothing you can do. I did end up having to notify one clueless sysadmin that the e-mail was not originating with me (easy to tell, actually, as everything but the name clearly came from different server and location), but other than that just rode it out.

Posted by Laughing Wolf at July 2, 2006 07:38 AM

It's the work of a script monkey. Set it up to look for domain names, and turn those into fake email addresses. I haven't the foggiest as to what to do. I can advise that you save a few "bounces" with the headers, and take note of the IP numbers. It might help you find the point of origination and lead to the perp or someone connected to him.

Good luck.

Posted by Alan Kellogg at July 2, 2006 01:58 PM

Its a computer out on the internet somewhere that is infected with a virus that spawns a number of zombie processes. Lots of viruses will setup a SMTP mail system on your computer without you knowing about it. Then, it goes through the infected computer's temporary internet history. The virus sends out random emails using domain names and email addresses parsed out of the temp folders. Lots of viruses will scan Outlook pst files and pull addresses and email addresses at random out of contact lists and email headers. The problem is that it could be any computer anywhere on the internet that just so happened to have your email address or domain name in their temp files somewhere.

There is not an effective means to track this computer down. Also notice that your spam filters are probably catching the actual spam message. But even the best spam filter will allow return notices to the original sender indicating a message delivery. A zombie mailer is out there pinging other networks with the spam message and those 3rd party mail systems are bouncing messages back to you since your address is in the from field of the message. *wheeze*

The best way to immediately stop this is install a software firewall that blocks outgoing traffic. Hardware routers (linksys routers) generally accept any command sent from a computer on the inside of the network. So a zombie process can open a port and send message after message out no problem. There are free software firewalls that will block malicious outgoing network attempts.

I thought this was helpful:

Posted by Josh Reiter at July 2, 2006 06:06 PM

Just to clarify my last statement. That applies to computers you think are infected and sending out mass mailings without your knowledge. A software firewall will not block incoming spam messages or return to sender notficiations from 3rd party mail systems.

Posted by Josh Reiter at July 2, 2006 06:18 PM

Your SMTP server should definitely should reject e-mails sent to random names. Why did you even set it not to? Lessee...

[zaitcev@lembas ~]$ host -t mx mail is handled by 10
[zaitcev@lembas ~]$ telnet 25
Connected to (
Escape character is '^]'.
220 ESMTP Sendmail 8.13.4/8.12.10; Sun, 2 Jul 2006 21:06:51 -0700 (PDT)
221 2.0.0 closing connection
Connection closed by foreign host.
[zaitcev@lembas ~]$

Looks like a case of an incompetent hosting provider.

Posted by Pete Zaitcev at July 2, 2006 09:07 PM

Your SMTP server should definitely should reject e-mails sent to random names.

My SMPT server is, who wouldn't care. I don't know who the SMPT server is for the people actually sending out these emails.

Posted by Rand Simberg at July 2, 2006 09:36 PM

It happened to me at about the same time as you Rand, to both and I thought it was a strange coincidence, and then hearing your story. I wonder if someone is specifically using space website email addresses to spam for some reason.

I did block all email that doesn't go specifically to my info@ addresses. It's reduced my workload, but I'm a little concerned about peoples' emails going astray.

Posted by Fraser Cain at July 5, 2006 09:34 AM

Post a comment

Email Address: