Domain Spam Attack

[janetatwell]

One day, about three weeks ago, my website was hacked into and most of my pages were deleted. (The culprit was an ex-employee and he has been charged) Right after that, and I am sure they are not related, I began receiving mail that was reported to be sent from my company account and was undeliverable. Upon reading them over, I discovered that they were sent from account names@my company domain.com that do not exist.

I contacted my hosting provider and was told that I needed to acquire a program that verifies and certifies my email accounts using ip addresses because my domain name was being used as a fake address so that the emails would not be blocked when the domain was checked. I went to the recommended site for the program, Mail-SpamAssassin-3.2.3.tar. Then I read all the material that was suppose to explain it to me and tell me how to use it. Most of it was techie jargon that I was unable to understand.

Now, I am not by any means stupid but, why is it that these programmers think that we can all read and understand that type of language?

Also, what does a person do when they are constantly getting what appears to be legitimate emails that turn out to be for Viagra or Megadik? When I track the links in some of them I find that they really do go to a site that sells the stuff even though the address that the emails come from is faked.

Thank you for any help you can offer me.

[nyjimbo]

SpamAssassin is not meant for the typical end-user, its mostly a server level program which requires a rather complicated installation and configuration. It can be used at the end-user level but does require shell access to your account and extra things like procmail, perl modules, etc.. and I dont think you really need to do all that for the spam issues you are having.

I think the problem you are having is that someone used your email address to send out email and you are getting the bounces that come back or complaints from servers who see you as the spammer. There is little you can do to prevent someone from sending out email AS YOU. Some techniques like using SPF records are implemented by some hosts but its very limited and will not stop the problem.

If you are not running your own actual web server, just a site on a server, then your host should be helping you with spam control. Almost all modern email servers have the ability to reduce spam through filtering and other measures and your host should be able to help you set it up or at least give you some guidance. These bounce backs can be filtered out too so you at least dont see them, since there is not much you can do to stop their creation by spammers in the first place.