How do I stop sending spam email? Why am I getting email failure notices? Many spammers will send out spam email using your email address as the reply address. When your email address is specified as the return address, any failed (failure notice) email attempts will bounce back to you.
This is also called email spoofing.
First, you should determine that it isn't you sending the spam by looking at the email header from one of the 'delivery failure' emails.
You're looking for entries in the email header that resemble the following:
Javascript | | copy code | | ? |
01 | |
02 | Return-Path: <a href="mailto:Quinn1C54677@vizow.com"><Quinn1C54677@vizow.com></a> |
03 | Received: (qmail 6681 invoked by uid 0); 25 Jun 2012 10:26:42 +0200 |
04 | Received: from unknown (HELO 90.148.16.160.dynamic.saudi.net.sa) (90.148.16.160) |
05 | by luke.widhost.net with SMTP; 25 Jun 2012 10:26:42 +0200 |
06 | Message-Id: <20120625112325.9A2569507AD0B5D98BB20@SHOWROOM-PC> |
07 | From: Deirdre Adams <a href="mailto:Quinn1C54677@vizow.com"><Quinn1C54677@vizow.com></a> |
08 | To: trichardsfn <a href="mailto:trichardsfn@ciasiena.it"><trichardsfn@ciasiena.it></a> |
09 | Reply-To: Earlene Poole <a href="mailto:TrinaF51@revopayments.com"><TrinaF51@revopayments.com></a> |
10 | Subject: Dear trichardsfn |
11 | Mime-Version: 1.0 |
12 | Content-Type: text/plain; charset=utf-8 |
13 | Content-Transfer-Encoding: 7bit |
14 |
The last 'Received:...' variable in the message header will be the originator of the email. If it's one of your machine names or has an IP in a range of one of the servers you host on - the problem is in servers. Remove the infected machine from your server and clean or remove any viruses or malware.
If you don't recognize the name or IP range, then a spammer is email spoofing using your email address and there's little you can do about it. You can try to find out what hosting provider hosts the spammer, based on the name or IP in the last 'Received:...' variable and try to report him.
For example, if you wanted to find out what hosting provider allowed the sending of this spoof email you follow the steps below.
- Copy the IP address in the last 'Recieved...' variable.
Javascript | copy code | ? 1 90.148.16.160
- Go to http://www.dnsstuff.com/ and paste the IP in the 'IP Information' field.
- A map of the location of the hosting service and additional information will be listed.
- Copy the name of the company in the 'Name' field and Google it. You should find the company website along with contact information.
In many cases, the spoofers will be foreign. Use Google Chrome and translate the website. You can complain using any contact forms, social networking profile, etc which might lead the service provider to clean their systems.