An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Topic Options
#30723 - 08/02/14 08:32 AM Business email ISP sends me stroppy note
Bensheim Offline


Registered: 08/16/09
Loc: UK
(rant)

Today my Mail / Get Mail didn't work (again). I could connect to the internet but not to the business mailbox. Fortunately I found someone in on a Saturday on their website, to conduct a Live Chat, and said I assumed that their verification server was playing up (again).

They directed me to an email they'd sent to a backup Yahoo account, which had not occurred to me. It said:

Dear Sir,

We would like to inform you that your domain xxxxxxx.com has been sending a large volume of Unsolicited Commercial Email (UCE, or spam). This has caused high load on our servers, and may result in our IP addresses being added to block lists. This affects all customers of our service, and is a violation of our terms of services.


It went on to say that therefore they had changed all our passwords.

I was completely taken aback and really did not like their instant assumption that WE had been the cause of all this spam, when I am sitting here doing everything I can to prevent it. I have had Boxtrapper enabled for years, and added in Spam Assassin. Despite those I have had to delete dozens of spams four times a day every day: and they blame us!

Their reaction (on live chat) after I had expressed my extreme displeasure at their instant assumption that we were effing spam-generators, was words to the effect of "oh, someone has been using your domain name and sending spam....so we shut down your access...."

DOH! I realise that! I'm doing ALL I CAN at this end!

So ok, I'm back in now, with their new 15-character new passwords emailed to me on Yahoo. But I'm still exasperated* at their ungracious assumption of guilt.
(/rant)

*euphemism

Top
#30724 - 08/02/14 11:33 AM Re: Business email ISP sends me stroppy note [Re: Bensheim]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Rant if you will, but all the provider has to go on are the statistics they see at their end. With the plethora of tricks and mis-direction spammers can use to spoof the source of messages, it can be very time consuming not to mention expensive to track down the actual source. Since you are a Mac shop, it is not likely you are the actual source but it could be a Windows laptop in your shop, an infected machine belonging to one of your customers, suppliers, correspondents, etc of course without their knowledge.
_________________________
joemikeb • moderator

Top
#30729 - 08/03/14 12:26 AM Re: Business email ISP sends me stroppy note [Re: joemikeb]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Shop? We don't run a shop selling Macs or anything else. confused

Just a small office with four Macs in it and only two email addresses.

I've been getting spam emails lately allegedly coming from
noreply@(this domain).com
fax@(this domain).com
my name full out @(this domain).com
briantbroussiard@(this domain).com
enquiries@(this domain).com

none of which exist.

Top
#30730 - 08/03/14 12:37 AM Re: Business email ISP sends me stroppy note [Re: Bensheim]
artie505 Online


Registered: 08/04/09
"Shop" means your business, whatever it is.

As joemike said, it's likely that one of your clients/customers/suppliers/???'s infected PC is being used to send out spam at your expense.

I hope your new passwords turn the trick for good.

Edit: I don't know how large your mailing list is, but would it be feasible to send out a blanket e-mail advising everyone on it to check their PCs for viruses (without getting busted for spamming, of course)?


Edited by artie505 (08/03/14 02:07 PM)
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#30735 - 08/03/14 04:17 PM Re: Business email ISP sends me stroppy note [Re: Bensheim]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Originally Posted By: Bensheim
(rant)

I was completely taken aback and really did not like their instant assumption that WE had been the cause of all this spam, when I am sitting here doing everything I can to prevent it. I have had Boxtrapper enabled for years, and added in Spam Assassin. Despite those I have had to delete dozens of spams four times a day every day: and they blame us!


It sounds like oyu're mistaking spam received by your email servers for spam sent from your domain.

Running Boxtapper and Spam Assassin, and deleting spams every day--these combat spam messages being sent TO YOU, not FROM YOU.

One of the many things spammers do is they look for Web sites that have weak security (for example, poor FTP passwords, poor Web control panel passwords, outdated copies of CMS software like WordPress or Joomla, and so on), then they secretly install malicious software on the web server that allows them to take control of the server and use it as a mail system to send spam.

Boxtrapper, Spam Assassin, and so on do no good at all to prevent your server from sending spam by means of a malicious email application installed on the server.

When you get this kind of email message, something has gone wrong and your domain has been hacked. Time to girt your teeth, change all your server, control panel, and FTP passwords, look at all your logs, make sure you're not running insecure software on your Web site, and figure out how they got in.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#30736 - 08/03/14 04:24 PM Re: Business email ISP sends me stroppy note [Re: tacit]
artie505 Online


Registered: 08/04/09
Then, this is definitely not an instance of somebody else's PC having been infected with a virus?
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#30737 - 08/03/14 04:27 PM Re: Business email ISP sends me stroppy note [Re: artie505]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Nope. This is server-side spam. See it all the time. Spammers are increasingly attacking Web servers, because (a) lots and lots of people have their own personal Web sites these days but don't understand server security, and (b) servers usually have much faster bandwidth than home computers, so hacking a server to send spam can result in far more spam emails being sent in a shorter time.

Server security is hard. All it takes is someone not using a good FTP password, or running something like WordPress but then not installing a security update as soon as it comes out, and the hackers are in like Flynn.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top
#30739 - 08/03/14 04:47 PM Re: Business email ISP sends me stroppy note [Re: tacit]
artie505 Online


Registered: 08/04/09
Thanks for the explanation.
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#30744 - 08/04/14 05:27 AM Re: Business email ISP sends me stroppy note [Re: tacit]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Hi Tacit, thanks for popping in to this thread.

Thing is, we don't have a website. For all sorts of reasons.

My Mail passwords have been changed to 14-character mixes of upper and lower case and numbers none of which make any word; my webmail access has been changed similarly.

Our domain name is only used for business mail.

Top
#30749 - 08/05/14 02:18 PM Re: Business email ISP sends me stroppy note [Re: Bensheim]
tacit Offline


Registered: 08/03/09
Loc: Portland, Oregon, USA
Hmm. If you have a domain that's used for business mail but not a Web site, that suggests the compromise was on your mail server. That might be down to a problem with you (if you used weak passwords--attacking email servers with brute-force password attacks is starting to become a thing these days, I had one of my email servers attacked a while ago), but if you used robust passwords, it's more likely down to a security problem on your ISP's end.

Nowadays, using really strong email passwords is a vital thing if you don't want your email account and/or server commandeered to pump out spam.
_________________________
Photo gallery, all about me, and more: www.xeromag.com/franklin.html

Top

Moderator:  alternaut, dianne, MacManiac