Sunday, 21 September 2008

Domain poisoning by spam

Hi,

I hold and administer few private domain names for friends and family and each in turn has fallen prey to domain steeling scum. This is not a new problem and is well documented on the net.

An innocent domain name is used as the return address for outbound spam resulting in that domain owner getting all the out of office and non-delivery bound backs. Often the email addresses being used are just "random characters"@domain.net eg: resuling with an email box full of junk such as

From: "yy Maskiew" yy-aecirp@MyDomain.net
From: "Landon Button" adresbeh1965@MyDomain.net
From: "Faramarz Leake" Faramarz-affubs@MyDomain.net
.. snip
From: "Duy meisenheimer" Duy-afgegeve@MyDomain.net
From: "aguskos Greenlott" aguskos-aeristic@MyDomain.net
From: "prasenjit Bluett" aduriked1970@MyDomain.net
From: "DiQiu Giaimo" DiQiu-agijukos@MyDomain.net
From: "Galen Grabek" adyhtims2005@MyDomain.net
From: "elsie masson" elsie-aermster@MyDomain.net

and there can be 100s of these. So here are my tips on handling a long term non-commercial domain name to try and prevent/reduce the impact of this illegal activity by spamming scum.

1) Set up multiple email addresses and keep some for private / trusted contacts and some for public correspondence and websites. Be prepared to change email address about every 2/3 years as even the private ones will leak out.

2) Set up a Sender policy framework on your domain. This should restrict how useful the domain is to spammers. An SPF record says which mail servers can legitimately send email with that domain name. I have to say that this is not as widely implemented as it should be amongst mail servers.

3) Black hole or set email rule and bucket all email that has not be specifically sent to your live email addresses. Some domain hosing companies will have a forwarding address such as blackhole@ispXXX.com that you set as a forwarding address for junk.

4) If you have email addresses that have fallen into the hands of spammers don't let them have a free ride with it. Hunt down any even vaguely legitimate company that has sent you email without your prior consent. Phone up and complain, demand to know how they got your email. But don't bother chasing the pill pushers.

5) Remember "Commercial speech is not free speech." The fact that audiences cost money to reach is one of the few limiting factors that keeps rampant mail/email marketing in check.


Cheers

Gannett

No comments: