Spam from my real mail address

Chat
,
1

Hello friends,
I have a new annoying problem: I get mass of spam mail from my own public mail address. Now I am thinking about a strategy and a technical implementation to prevent it for me and I want to discuss here.
I don’t even want to imagine how many people receive spam mails from me and are annoyed about me. Only the fewest will be able to analyze the mail header. That’s the really angering thing, but it’s impossible to get rid of it.

If I analyze the mail header I get such information like:

Delivered-To: myVHOSTdomain_marko_dargel@mySYSTEMdomain.de
Received: from srv01.mySYSTEMdomain.de
by srv01.mySYSTEMdomain.de with LMTP id oJH1qebigtrwAAr2bkHA
for myVHOSTdomain_marko_dargel@mySYSTEMdomain.de; Sun, 25 Apr 2021 14:11:19 +0200
Received: from d716.319papago.idv.tw (adsfsdf-i40p.northeurope.cloudapp.azure.com [23.102.2.134])
by srv01.mySYSTEMdomain.de (Postfix) with ESMTP id 3A1698103FEC
for marko.dargel@myVHOSTdomain.de; Sun, 25 Apr 2021 14:11:13 +0200 (CEST)
To: marko.dargel@myVHOSTdomain.de
From: “Marko Dargel” marko.dargel@myVHOSTdomain.de

That means for me, anybody uses my public mail address to send spam, but not from my server. So the sender address was faked. Basically, I have to be thankful to the spammer that he is so stupid to take me as the addressee, since I became aware of the problem in the first place.

  1. My current mail architecture:
    1.1 I use a registered domain for operating my Nethserver, called here: mySYSTEMdomain.de and a Nethserver account with marko
    Obligatory I also have a mail account with marko@mySYSTEMdomain.de
    1.2 I have some vhosts with different domain addresses, called here: myVHOSTdomain.de and a corresponding Nethserver account myVHOSTdomain_marko_dargel
    1.3 In Nethserver mail I have configured…

    • a vhost with a domain name: myVHOSTdomain.de
    • a mail domain: myVHOSTdomain.de
    • a Nethserver account: myVHOSTdomain_marko_dargel
    • a mail box: myVHOSTdomain_marko_dargel@mySYSTEMdomain.de
    • a mail adress: VHOSTdomain_marko_dargel@mySYSTEMdomain.de (internal/orange colored and destination myVHOSTdomain_marko_dargel)
    • a mail adress: marko.dargel@myVHOSTdomain.de (external/blue colored and destination myVHOSTdomain_marko_dargel) >> this one is used by spammers
      1.4 my mail clients are receiving mails from myVHOSTdomain_marko_dargel@mySYSTEMdomain.de and the corresponding alias marko.dargel@myVHOSTdomain.de

  2. my plan
    I need to change my mail address used for registration purposes marko.dargel@myVHOSTdomain.de on my accounts like on Facebook, LinkedIn, Amazon and so on. I plan to substitute my currently used address with unique addresses like marko.dargel.<random number>@myVHOSTdomain.de. This mail address I have to create in Nethserver and to redirect to my account/mail box myVHOSTdomain_marko_dargel.
    In the future, when I get spam from marko.dargel.[random number]@myVHOSTdomain.de, I can identify which company had a case of data riches and had given my mail address to spammers.
    My current mail address marko.dargel@myVHOSTdomain.de gets deactivated and never used in future
    My main communication partners will get a new private mail address, which I will never use again for registration with online portals or companies.
    At the same time I will announce on my blog with an article that my current address will be deactivated and mails sent to me will no longer be delivered. Via a form affected persons can get a new mail address to be able to reach me by mail.

The effort involved is of course daunting at first, as I really have a lot of registrations with the address.
And of course, my current mail address will not be able to be removed from the world and deprived of the spammers. I am really sorry for the addressees who will continue to receive spam supposed from me in the future.

  1. questions to discuss
    3.1 What are your basic thoughts about my plan? Do you have different suggestions?
    3.2. In exceptional cases, how is it possible to communicate in an uncomplicated way with the company concerned (for example, in the case of support) via the new registered unique mail address marko.dargel.[random number]@myVHOSTdomain.de?
    3.3. Does the sending of spam mails with my (faked) mail address not only affect my own reputation with the harassed people but also my mail server, even if it was not physically used for sending?

Sincerely, Marko

2

Hi @capote,

Sorry to hear of the spam situation, it is not a great place to be in.

For question 3.1: The description of your plan definitely sounds like the way to go. I know that one of my work colleges in charge of security and data protection is currently doing what you described for several years now and it definitely helps to identify where your email address gets leaked from or abused and in those situation where you want to then change it, its fairly easy as its isolated to that one location.

For question 3.2: That really depends on the company that the email address is registered with and the framework they have setup to communicate with them. It is essentially speaking to their customer services team and politely advise them that either you are being spammed via their systems/services or that their systems have been compromised and therefore an unauthorised 3rd party now has your email address and is spamming you because of it and provide them with the logs of the spam as evidence.

For question 3.3: That is a tough one, it is unfortunately going to irritate and upset some people and maybe cause a bit of reputation damage temporarily until you explain to them what happened. I would guess about 98% of the time it can be resolved by explaining to them what happened and what you’ve done to fix it.

2 Likes
3

Thank you James.

Perhaps I phrased the question incorrectly. It’s not about contacting them about sending spam. I have in mind the case that I have individualized my mail address at Amazon, for example, but need to communicate with their support because of a problem. I want to do that with the new individualized mail address as the sending address.

I want to avoid…
a) that I have to create a new mailbox in the mail client for each individualized mail address
b) that I have to communicate with my real mail address, although only the individualized address should be known there.

For question 3.3:

Same here, maybe wrong phrased…
I just want to assess if my server suffers reputation damage as well, even though only my mail address is abused and not my server.
Sincerely, Marko

4

SFP/DKIM/DMARC are of help but depends on the receiving server doing the verification checks against the real domain.

About the e-mail addresses with numbers, have you tried if sub-addressing / plus-addressing (plus-aliases) are enabled/working? In example, youremail+anything@yourdomain.tld I think it is enabled by default on NethServer.

1 Like
5

That’s I have full implemented.

youremail+anything@yourdomain.tld

I have tried this before and would not want to do it again. Indeed, it has significant disadvantages:

  1. not every mail server can handle it and not all registration forms accept such addresses
  2. it is easy to manipulate by spammers by leaving out the +alias, because the primary address exists anyway and can be guessed easily.

Thank you, Marko

6

Just an FYI, spammers vey frequently use the recipient’s mail address as the from. Probably 75% of the spam I get comes from “myself”.
Cheers.

2 Likes
7

Apologies for misunderstanding

You could setup the individualised email addresses as aliases to a specific mailbox.

So that way, you’re only managing a single mailbox on the client while still giving each service (like Amazon or eBay or Paypal or Netflix) its own email address.

Managing the server reputation is something each mail server administrator has to do. If set up the infrastructure correctly and work with the reputable DRBLs and keep on top of things, any reputation issues should be short lived.
I’ve been there, done that…

2 Likes
8

no problem! Thank you for your hints.