Some cretin has set up a spam system to send emails to a vast number of people with the return address as *@transterrestrial.com.

While I was up at the cape, I got over two hundred emails to the effect that: so and so is out of the office, such and such a spamfilter blocked this email, etc.

All with return addresses of random names from my domain. I can't imagine that they're originating from my machine, since I don't even use that domain myself for outgoing email.

Question. Other than blocking all incoming email to *@transterrestrial.com other than simberg@transterrestrial.com, what do I do about this, if anything? There's certainly nothing I can do to prevent a third party from sending out email with a return address with my domain, though if there was, torching their genitals would be too good for them.

Rand, The same thing happened to me a couple of times. As far as I know, the only thing you can do is to bear with it. My sympathy!

It has hit me once or twice too, and there is nothing you can do. I did end up having to notify one clueless sysadmin that the e-mail was not originating with me (easy to tell, actually, as everything but the name clearly came from different server and location), but other than that just rode it out.

It's the work of a script monkey. Set it up to look for domain names, and turn those into fake email addresses. I haven't the foggiest as to what to do. I can advise that you save a few "bounces" with the headers, and take note of the IP numbers. It might help you find the point of origination and lead to the perp or someone connected to him.

Good luck.

Its a computer out on the internet somewhere that is infected with a virus that spawns a number of zombie processes. Lots of viruses will setup a SMTP mail system on your computer without you knowing about it. Then, it goes through the infected computer's temporary internet history. The virus sends out random emails using domain names and email addresses parsed out of the temp folders. Lots of viruses will scan Outlook pst files and pull addresses and email addresses at random out of contact lists and email headers. The problem is that it could be any computer anywhere on the internet that just so happened to have your email address or domain name in their temp files somewhere.

There is not an effective means to track this computer down. Also notice that your spam filters are probably catching the actual spam message. But even the best spam filter will allow return notices to the original sender indicating a message delivery. A zombie mailer is out there pinging other networks with the spam message and those 3rd party mail systems are bouncing messages back to you since your address is in the from field of the message. *wheeze*

The best way to immediately stop this is install a software firewall that blocks outgoing traffic. Hardware routers (linksys routers) generally accept any command sent from a computer on the inside of the network. So a zombie process can open a port and send message after message out no problem. There are free software firewalls that will block malicious outgoing network attempts.

I thought this was helpful:

http://www.netsquirrel.com/powerpoint/powerpoint/home_computer_security_and_privacy.swf

Just to clarify my last statement. That applies to computers you think are infected and sending out mass mailings without your knowledge. A software firewall will not block incoming spam messages or return to sender notficiations from 3rd party mail systems.

Your SMTP server should definitely should reject e-mails sent to random names. Why did you even set it not to? Lessee...

[zaitcev@lembas ~]$ host -t mx transterrestrial.com
transterrestrial.com mail is handled by 10 mail.transterrestrial.com.
[zaitcev@lembas ~]$ telnet mail.transterrestrial.com 25
Trying 216.17.100.157...
Connected to mail.transterrestrial.com (216.17.100.157).
Escape character is '^]'.
220 bronze.phatservers.com ESMTP Sendmail 8.13.4/8.12.10; Sun, 2 Jul 2006 21:06:51 -0700 (PDT)
quit
221 2.0.0 bronze.phatservers.com closing connection
Connection closed by foreign host.
[zaitcev@lembas ~]$

Looks like a case of an incompetent hosting provider.

Your SMTP server should definitely should reject e-mails sent to random names.

My SMPT server is bellsouth.net, who wouldn't care. I don't know who the SMPT server is for the people actually sending out these emails.

It happened to me at about the same time as you Rand, to both universetoday.com and bautforum.com. I thought it was a strange coincidence, and then hearing your story. I wonder if someone is specifically using space website email addresses to spam for some reason.

I did block all email that doesn't go specifically to my info@ addresses. It's reduced my workload, but I'm a little concerned about peoples' emails going astray.