Monday 9 June 2014

Dealing with spammers using your e-mail address as the 'from' address

This post is a bit different from my normal ones but one I thought may come in useful to people if they ever have the same problem as me.  A week or so ago I started receiving bounce backs to e-mails I had never sent, spam e-mails usually sent to multiple e-mail address as the same time.

Below is an example of the kind of messages I was getting. 

The bounce back I received

All the bounce backs would come around the same time, as if someone had just sent loads of messages from my e-mail account.  To be honest I couldn't figure out how this could happen, and I presumed someone had hacked my e-mail account so I changed my password and forgot about it.

Then just today it happened again so I decided to look into it a bit further and see whether I had been hacked again or if somehow the spammers were using my e-mail address without hacking my account my some way.

A little bit of digging and I found out I was subject to a Joe Jobs attack, which Wikipedia defines as 'a spamming technique that sends out unsolicited e-mails using spoofed sender data'.

Which means that the people receiving that spam thinks that it comes from you as your e-mail address is in the from box.  Obviously I really do not want my business account associated with spam otherwise the messages I really am sending may end up going into people's junk folders.  Plus it could damage my company's reputation if people think it is me doing the spamming.


So how do you stop a Joe Jobs attack?

Firstly, although the sender can fake the 'from' address in the e-mail, it will still show their IP address in the header. If you scroll down the bounce back, or look at the attached original e-mail you will find the IP in the e-mail header.


The e-mail header

It may look a bit like gobblygook, just like the header above but if you like a proper look through you will find the IP address (I've highlighted it in red).

I used an IP locator which told me that the person sending the e-mails was in Bangkok, Thailand.  I then used Whois lookup to see who was hosting the server they are using.  This showed me that it was actually a well known host in the UK.

Luckily said host (who I won't name because it's not their fault and I doubt they want to be associated with this kind of thing) has an e-mail address you can use to report an abuse of their servers.  So I have forwarded them the original e-mail advising them that the person at that IP is using their servers to send spam and could they please stop them.  

I've asked them to let me know when they have put a stop to it, so hopefully I will get an e-mail off them in the next day or so and that person will be stopped from using my e-mail address to send spam e-mails.  Fingers crossed!

So there you have it, information I hope you will never have to use but just in case you do here it is.  If you start to get bounce backs to e-mails you've never sent don't just delete them, look into it and see if you too are suffering from a Joe Job attack.

UPDATE - October 2014

When I managed to get these e-mails stopped using the steps above I thought this was the end to all this.  Unfortunetly a few months later I'm now realising the longer lasting effects.  Thanks to so many spam e-mails having been sent purportedly from my e-mail address spam filters are now blocking the genuine e-mails I am sending.  There's a few people I was trying to contact and they weren't receiving my e-mail then looking into it I found their mail servers had bounced the e-mails because they thought it was spam. 

So now I no longer know if my e-mails are actually getting through to people.  Plus it's not just the e-mail address, it's any other e-mail addresses from that domain (ie. all my business e-mail addresses).  So now I'm going to have to set up new e-mail accounts from another domain I own (luckily I own the .co.uk and the .com) so I will have to switch from .co.uk to .com in my e-mail addresses.   Which means notifying all my customers and contacts, printing new business cards, updating it where ever I have published my details.  Basically a lot of extra work thanks to those spammers.

2 comments:

Amy's Crafty Shenanigans said...

Thank you for this - I am so happy someone else is all tech-y and with the knowledge to pass on to the rest of us!!!

liniecat said...

Yes many thanks for this, I do get odd bounce back emails that I havent sent and have often wondered why that happened.
Ive simply deleted them without openign them, but this is brilliant to know how to track them back and maybe put a stop to them.
Good luck! and thanks again : )

Blogging tips