View Full Version : AOL spam

12-06-2003, 03:44 AM
I'm lately getting lots of "Mail Delivery Subsystem" mails from AOL. It seems that a spamer is using my domain in the "from" part of the e-mail. The header info confirms that it is not from me however.
Then I got a e-mail saying that the mail (that I didnt send) was refused because of complaints.

So, is AOL blocking my domains mail?
Or, is AOL smart enough to block based on header info not "from" info?
Is there a way to stop the spammers from doing this?

12-06-2003, 08:42 AM
This is a really annoying problem I've had too. Except in my case, it was my address being used to send Worms and therefore rejection notices due to "Virus found" and the like.

One would hope AOL is smart enough to block by other header information as opposed to just From:, but you never know. I'm not sure - maybe you should call them up or e-mail them to ask. Also, if you know somebody that has an AOL account, you could send them a mail to see if it is rejected or if it is let through.

As for stopping spammers using your address, unfortunately, there is no way to do that - or at least none that I have discovered (and I've looked for a way to do it). But, there are a few things you can do in this case:

1. Use Procmail to filter out the rejection notices. You'll have to study the headers in depth to look for patterns to match on - patterns that will let legit mail (and notices) through but not those that you did not send.

2. This is a bit drastic: stop making use of that particular e-mail address, notify all your contacts and put a notice on your site, and then use a new address. Just make sure not to use the new address as a mailto: link on any web page whatsoever. In fact, don't even type it in the standard username@domain format - spam harvesters will pick up on it, and you'll be back to the situation you are in now.

12-06-2003, 12:15 PM
I get a bunch of these as well. In fact I get two kinds of non-delivery emails.
1. the kind you mention, which are sent to 5 different AOL users with a return address which is usually a random name at my domain (asdert@mydomain.com for example). When I look at the from address of the original email, then it is usually sent from some home users computer that has been trojanned to send out spam.
2. The second kind is a mail that has been created to look like a bounce, but is not in fact a bounce. Its one way of getting through spam filters I guess.
3. There is also a third kind I guess, which is a true bounce. I have one email address that I set in procmail to bounce back to the sender and as spam ususally has a false return address, that bounces back to the postmaster account.

Nothing to worry about, its just a pain in the *ss.

12-14-2003, 12:55 PM
I've just noticed I'm getting this problem too. I've got a real strong dislike of spam and a strict anti-spam policy, so was shocked to find my domain is being used as a false "from" address for this junk. Thanks for putting my mind slightly more at ease jalal - far a few moments I had horrible visions of my domain being blacklisted as a spam source (which it most certainly is not).