Help! Spammers are spoofing with my domain name!
Well this is something a bit worse now...
Some spammer is spoofing (I believe) using my domain name. Is there anything that can be done?
Here is an example in a returned email:
============================================================
From: Mail Administrator <postmaster@teleline.es>
Date: Wed Jul 14, 2004 12:30:42 PM America/New_York
To: eunufma@howdymedia.com
Subject: Mail System Error - Returned Mail
Reply-To: Mail Administrator <postmaster@teleline.es>
This Message was undeliverable due to the following reason:
The following destination addresses were unknown (please check
the addresses and re-mail the message):
SMTP <kewa@terra.es>
Please reply to <postmaster@teleline.es>
if you feel this message to be in error.
Reporting-MTA: dns; tsmtp10.mail.isp
Received-From-MTA:dns; howdymedia.com (220.116.217.73)
Arrival-Date: Wed, 14 Jul 2004 18:28:18 +0200
Final-Recipient: rfc822;kewa@terra.es
Diagnostic-Code: smtp;551 User unknown
Action: failed
Status: 5.1.6
Last-Attempt-Date: Wed, 14 Jul 2004 18:30:42 +0200
From: "Abril Abernethy" <eunufma@howdymedia.com>
Date: Wed Jul 14, 2004 12:31:03 PM America/New_York
To: kewa@terra.es
Subject: Cheap Software offer for you 744
Dis(5b1820e1)con(1897a7d42)tinue
LaFkD1HJLK..wpASi.T0Bxe/ If we had paid no more attention to our plants than we have to our children, we would now be living in a jungle of weed.,The epitaphs on tombstones of a great many people should read: Died at thirty, and buried at sixty.,If you commit a crime, you're guilty.,Noble fathers have noble children. brz npz, kbl, pxo . nhce rgp tty, jmaamb, dcdp . pyto wbwyi rqnnj, oiqa, smmksq . huef uuly jio, ycphl, pdgaxs . hmfvu bbow zupkcg, cid, vjay . dvjr wwaq brnzpm, eyxk, bus . pbnps lbh xgspf, htvy, qeiqpu . loed rsjjfl vkapa, ljbgj, wnqoe . gsbmvt neovri cji, rtp, byazn . osgwkj hep jdr, nkews, pnzho . knlddf zrwj byumd, orwtp, dfddo . cagpfm qnnnx qxgc, squq, lgpsju . ayjiqp mfi uhnke, mhnfdf, plh . udqw
============================================================
Do note, the IP address that it has been sent from DNS: 220.116.217.73
That IP address is not anything near what my servers are or the computer I'm on even.
I thought maybe they are using the server's system formmail.cgi, but I'm told that they can't execute it... I should do some tests
