Around midnight last night I started to recieve a series of bounced Mail Undelivered messages from lots and lot of email addresses in Russia.
This was odd, because I didn’t email anyone in Russia.
It turns out that my main email address smcgarr{AT}tuppenceworth DOT ie has been the victim of a Joe Job– that is to say it is being used as the fake ‘reply to’ email address by spammers. So today my Inbox has been deluged in bounced ads for mickey pills (I’m guessing) in Cyrillic. Many of them include a telephone number.
In recent hours my enterprising Eastern Alter Ego has branched out into selling Maddona Albums and Replica Bulgari watches. I would like to say the following to anyone who has received one of these messages.
People of Russia. I am your friend. I have no Mickey Pills, fake watches or Aging 80s popstrels to sell you, nor would I try to do so if I had.
I have contacted Blacknight, who look after my mail server and they have set me on the path to health again as follows
Unfortunately there is little we can do about this. Your email account is safe, i.e. nobody logged into your account to create this mail. The headers of the email have been modified to make it appear the mail came from you.
The only impact we can have on this is to add an SPF record to this domain. This would list all the mail servers that are valid for mail from your domain to come from. If the mail comes from any other mail server, it would be rejected.
Hopefully this will allow things to return to normal. In the meantime, please do not point your missiles at tuppenceworth.
PS Is it mad to think that this might be related to the vanishing Paper Round wiki?
6 Comments
Unfortunately, it is indeed mad. The wiki appears to have a configuration error in the main configuration file (LocalSettings.php). How the error got there is another question as normally, one needs to have ftp / ssh access to update that file. In such situations the most common source of the problem is “operator error”.
The spammer reply-to addresses is a different story altogether – faking a mail header is a really easy thing to do . Why somebody chose your email address is an interesting question, the most probable answer is ‘randomness’, but you can’t rule out malice.
Anyway, if you want I’ll take a look under the hood of the wiki and tell you what happened and why and I’m sure I’ll be able to fix it for you too.
SKURTEE SKILLZ I HAZ TEHM
Chekov,
Total ignorance and the shared experience of internet imps causing me the badness is the only thing that links the two in my mind. I am relieved that one is very unlikely to have anything to do with the other.
I intend to take you up on your offer of wiki help. It is beyond my ken.
NOOO! I HAZ NO SKURTEE!
Simon, have you complained vociferously about any mislaid baggage recently?
Simon, cool, drop me an email and we can coordinate.
I feel your pain. I get over a thousand of these ‘replies’ a day. I’ll have to see about the SPF thing, sounds great!
SPF can help, but it won’t solve all the problems unfortunately. Justin Mason posted about this in the last couple of days:
http://taint.org/2008/04/12/235407a.html
Regards
Michele