Spammers getting into LMP

[ruben]

Yesterday, I got a slew of returned mail from various forged spam
addresses that have my nichemarketingsecrets.com address on them.  I
even got a flame from someone demanding I take them off my list.

The spammers are somehow sending from my website.  I've found that
sometimes the route they use is by signing themselves up to my
autoresponder.

Sure enough, in checking my LMP lists, I found two email addresses
that were suspicious:
staff@nichemarketingsecrets.com
management@nichemarketingsecrets.com

I did NOT subscribemyself under those addresses.  I deleted them but
don't know if that will stop them.

The question is, LMP needs some kind of safeguard to prevent outsiders
from signing up fake names under your own websites url, such as
staff@nichemarketingsecrets.com

Or, at least the search feature needs to be able to look up the
domain name part of an email, such as anyone @ 'nichemarketingsecrets.com' and
produce all those addresses in the list so they can be removed
manually.

This is getting to be a serious problem.  My domain will be soon
blacklisted, if it's not already.  It's very, very hard to get out of
blacklisting, especially if the spammers are still using your email
address.

Here are just a few of the address they used:
aguuqk@nichemarketingsecrets.com
qneuydhk@nichemarketingsecrets.com
gsumsuevjj@nichemarketingsecrets.com
jhkbwersio@nichemarketingsecrets.com
skcbgvfyco@nichemarketingsecrets.com
ycecfsjv@nichemarketingsecrets.com  

Please give this some serious thought and see what you can do to
prevent further occurances.

Rufina

[DW]

It seems that someone experienced is using tactics to make you look bad.  The spammers are very likely NOT sending from your web site.  What is happening could be that they are setting the "From" address for their mailings to an address on your domain.  The "From" address, used for display and replies can, on most servers, be set to anything the user wants regardless if the address exists or not on that server.  This can cause all sorts of problems like some hosts mistakenly flagging you as the sender and/or bouncing email back to you.  On some servers, senders can even set the "bounce" address to anything they want, which makes it even harder to avoid confusion.

If you look closely at the headers of the messages you will almost certainly find that the originating server is not your own.  You may see your domain in the "Return-path" or the "From" header, but this does not necessarily mean the message(s) originated from your server.  Look for the first "Received from" header for this.

Unfortunately, there isn't much you can do to stop other people forging your address and, again unfortunately, you will have to deal with any bounces that come to you by deleting them.  IMHO, blacklisting is practically inevitable these days anyway, even when running an opt-in list.  You will have to rely on the response of your subscribers who do not use blacklists or filters.

If you see people have signed up to your autoresponder, this is a bit different.  Basically, anyone can freely subscribe to your newsletters.  If you notice it's always from the same, or similar, IP address, we could employ a manual block of anyone subscribing from the IP by modifying your signup.php file.  The next version of ListMail will feature a ban address (and, I just realized the need for) banned IP address support.

[alan]

Unless they have your password and want to get to your mailing list. The truth is, many servers are set up that if I change my from email address in outlook to me@yoursite.com, and set the smtp server to smtp.yoursite.com chances are yoursite.com will acknowledge me as a valid user and allow me to "relay" messages from your mail server.

Some servers you'll notice need a password and username in the "advanced" section of your outlook outgoing mail server. this means that regardless of what you put as your return address in outlook, you need a username and password to send messages from that smtp.yoursite.com

The first type of server is regarded as an "open relay" server and will get blacklisted should someone maliciously send spam from your site. The responsibility rests on you to make sure your server is not an open relay.