Spoofing Info

Can you post the full headers. More than likely its someone sending it, who is infected with a virus. Many of those going around lately.

Its virus or spam ... they "spoof" the headers, and there's really nothing you can do about it except intercept it and trash it.

In Cpanel, under "Email", look for the option to process all mail that is NOT to a valid email address. You'll see a bounce option and one for just trashing those messages ... using :blackhole: ... and I would recommend just trashing them.

You wouldn't want to do that for a site where customers may want to contact the owner by using a common email address like "support@domain" or "webmaster@domain", but its appropriate for sites where the general public won't be emailing the site owners.

Spoof...

Chris and Frank,

Thank you. That's what I figured, but was a little surprised that they used the domain they did.

I already have :blackhole: on, the mail went to the active address. My concern is that the attachment 'likely a virus' might be going to other domains, and I consider that a problem. I'll ask the owner to send me the headers and perhaps we'll change his e-mail address and kill the other account, but that's a pain.

I'll post the header if I can get it. I've told him to just trash the stuff and hope it tapers off shortly. In any event, thank you both.

- Fran

I just want to warn anybody/everybody of what happened to me:
1. I had [anything]@domain.com enabled for a brief while on one of my domains
2. A spammer picked up on it and started sending out as [random characters]@domain.com
3. I quickly fixed it by disabling the catch-all, however the powers that be here said that it cannot happen again, as if this were my intention... thankfully a block that was put in placed was removed by request.

Accounts suspended for others missuse or abuse of a company that we professionally service and pledge to protect? I don't consider this very healthy for anyone involved. I'm just crossing my fingers that it doesn't happen again, and customer service can pick up on these things...

But it could of been prevented by you, the customer first, by disabling the "catch-all". Why even have it on, is beyond me. I cheked mine the other day, (setup an email address for it, and let it fill up) got several thousand emails in one day. All crap emails. Same as the test account gets @ work.

I couldn't agree more. There is absolutely no reason to have a catch-all enabled these days. It was handy in the day before people started taking advantage. I just don't think that it should be grounds for a permanent block or suspension. This I think is unprofessional.

If I'm going to discontinue service for a client of mine that continues to pay me monthly, I provide them the courtesy of letting them know first, or providing them alternatives.

If there is something you are doing, on your domain that in endangering the rest of the people on the server, the Admins will let you know/do something about it. It's a shared environment. What your domain does, or what happens due to whatever on it, causes or can cause issues for the rest of the users, then "the needs of the many, outweight the needs of the few, or one".

As I've stated before, if one of my domains gets outta control and is threatening the server, I EXPECT Andrew or the Admins to take approiate meauses to keep the server stable. If my own personal domain(s) or one I hosts, has a script that could cause the machine to be hacked, or compromised, I EXPECT Dathorn to step up, and take care of it.

I've already had one user, who tried to compile a "Steam Server (Halflife/Counterstrike)" on his shared account. His account got perm suspended. Also found out the user was attempting to access IRC programs and such via shell. I lost a paying customer due to it, but perserved the server, which not only held my own accounts, but other customer's here as well.


--------------------

But you've already stated that he did indeed let you know.

I wish I could say this was true, but it was not. I had to troubleshoot email for a couple days with the client before I was able to find out that there was a block on the IP. Very unfortunate, and of course all unbillable time.

BTW: I agree with everything you've stated above...