VO-BB - 20 YEARS OLD!

[SoundsGreat-Elaine Singer]

The last couple of days I've been getting a lot of mail delivery failure notices. They are being sent to an email address made up of random letters at soundsgreat.ca, e.g. qoid@soundsgreat.ca.

Is this something I should be worried about? Is it possible my website will be blacklisted (or whatever)?

Thanks.
_________________
Elaine
The Youthful Mature Voice (Emeritus)
Senectitude is not for the faint of heart.

[Philip Banks]

Been happening to me as well. Part of the nuisance element on the internet.
No idea how it can be prevented, like you I'd welcome suggestions.

[sdelgo]

It is called "e-mail spoofing" it's a spammer ploy to get around various spam filters. When you receive a "failure" notice it just so happened that one of the many e-mail accounts that "you" sent an e-mail to was non-exsistent thus getting a mailer daemon. It's not coming from your e-mail account it's coming from the spammer's account but the spammer spoofs his account with your e-mail address, then when the e-mail hits a non-exsistent account the automatic daemon replies to the spoofed address instead of the spammer's address. So you are really not sending out 1000's of e-mails it just appears that your are BUT you are getting the replies from the failed e-mails.

All of it is illegal.

Sdelgo
_________________
you'll always have something on your plate... if you keep your bearings straight.

www.steviedproductions.com

[Deirdre]

And seemingly untraceable.

The bad guys are using your domain and a random "email user" as their "reply-to" part of their spam mail-outs.
_________________
DBCooperVO.com
IMDB

[SoundsGreat-Elaine Singer]

So as long as the emails aren't originating from my domain, I should be okay.

Thanks.
_________________
Elaine
The Youthful Mature Voice (Emeritus)
Senectitude is not for the faint of heart.

[Doc]

I have been researching this problem for several months now. The only solution I have found which may or may not be appropriate for you is to use a contact form (which does not display your e-mail address) for replies and responses from your website.

Bots cruise the web collecting ALL e-mail addresses they find to conduct their unsavory acts of virtual vandalism.

The one other trick I have heard about is to put a couple of asterisks on either side of the your e-mail address. This supposedly confuses the bot which prevents it from recognizing, thus STEALING your e-mail addy.

Either of these solutions, however, render actually linking your e-mail address on your site.

Best I've found so far. Anyone with better ideas or solutions, PLEASE fire away. I'm really tired of deleting 2/3 of my e-mail every day before I'm able to read the e-mail I want.

And, oh yes... Happy New Year to ALL my board buds!

[ConnieTerwilliger]

Thanks for bringing this up - I get a ton of these everyday as well. And they go straight to my Delete folder.

But now that I think about it, I thought I had my system set to reject anything that didn't come specifically to me. So time for a call to my ISP!
_________________
Playing for a living...
www.voiceover-talent.com
YouTube Channel: http://youtube.com/connieterwilliger

[asnively]

I recommend embedding your email address in a tidy little script that will hide it from the bad 'bots. Here is one for you, and it's free!

Enkoder
_________________
Marriage Advice Forum

[SoundsGreat-Elaine Singer]

The whole thing is they are not using my official email address. I have my website set up so that I receive anything that has soundsgreat.ca after the @ sign. So now I'm getting all the delivery denied notifications coming to lty@soundsgreat.ca or ldjf@soundsgreat.ca

My main concern is that the domain doesn't get blacklisted as sending out spam because it looks like the email was originally sent from ldjf@soundsgreat.ca, etc.

This is the header from the original email that was sent from my domain, the delivery of which was denied.

[Doc]

Amy,

I hadn't SEEN that little utility before... very cool, indeed!

I may just give it a try since my site is done in html.

I'll let you know how it works.

Thanks ever so much! (My mother was frightened by Shirley Temple)

[DaveChristi]

Elaine,

If I can put your mind at rest. Webmasters and Postmasters look at the offending EMAIL server. Not the domain of the address.

[billelder]

This took my web site down and stopped my domain e-mail from working. One day I got an "account suspended" note where my web site should have been. The problem with this is that future and potential clients see this and think I don't pay my bills or something.

I had my e-mail forwarded to Earthlink/MindSpring because it is convenient. I also had a "catchall" address which appears was the problem. Catall means that any name...like "moron@billsdomain.com" would still get forwarded to me. Here is the first note as to why from my web host.

[asnively]

Elaine-- I know we used to always do that in the good old days, but nowadays the recommended practice is to have specific email addresses only to foil alphabet attacks. You might choose Elaine@, info@, and studio@ or similar and then all others should (in my opinion) bounce back on the sender.
_________________
united states economy

[mcm]

Does anybody use extra stuff in their email link that has to be removed, e.g., mcm<remove this>@mcmvoices.com

I'm wondering if that is effective at eliminating some of the spam, or are the bots onto that too.

[sdelgo]

Here is a piece from www.windowssecurity.com on how to prevent spoofing.

http://www.windowsecurity.com/articles/Email-Spoofing.html

Technological Solutions
Although legislation may help to deter some spoofing, most agree that it is a technological problem that requires a technological solution. One way to control spoofing is to use a mechanism that will authenticate or verify the origins of each e-mail message.

The Sender Policy Framework (SPF) is an emerging standard by which the owners of domains identify their outgoing mail servers in DNS, and then SMTP servers can check the addresses in the mail headers against that information to determine whether a message contains a spoofed address.

The downside is that mail system administrators have to take specific action to publish SPF records for their domains. Users need to implement Simple Authentication and Security Layer (SASL) SMTP for sending mail. Once this is accomplished, administrators can set their domains so that unauthenticated mail sent from them will fail, and the domain’s name can’t be forged.

Note:
For more information about SPF, see http://spf.pobox.com. The specifications for SASL are available in RFC 2222 at http://www.ietf.org/rfc/rfc2222.txt.

Microsoft and others in the industry are working on the Sender ID Framework, which is based on SPF and is under review by the Internet Engineering Task Force (IETF). The technology has been the source of some controversy. AOL recently withdrew its support for Sender ID and went back to SPF, and the Apache Software Foundation announced in September that they were rejecting Sender ID. Most of the controversy is due to patent and licensing issues, but there are some technical differences in the two mechanisms: Sender ID uses RFC 2822 specifications for checking header information in e-mail messages, while SPF uses those of RFC 2821 (“mailfrom” verification).

Steve
_________________
you'll always have something on your plate... if you keep your bearings straight.

www.steviedproductions.com