We have a problem with our Mailenable, in which the MTA is activated in the MXSCAN software. Everything worked perfectly. Today, however, we found that we can only send emails but cannot receive them. We checked the logs in MxScan message logs when a stranger with an external IP and post office (null) and sender email (not from local domains) tries to send random emails every millisecond, and of course are blocked, we have blocked the IP for the incoming firewall rules as well, but still no impact that makes our mail activation so busy.
I didn't try to redirect this thread because I assume you're talking about real people sending spam. I only had the need to suggest the add-on. As with normal spammers, there is nothing you can really do unless you can somehow get their IP address. Then you could see if they had a suitable account and block their IP address. If emails are sent to your administrator account and not to an external provider, it may be possible to get the IP address. Although you should have a look around.
We already stop access when we see spam evidence and do not offer a refund. But it's pretty obvious that people just come back under new names.
I have half the wisdom of asking for a deposit in advance because spammers will be separated within a few days at most. But that would deter legitimate customers.
What is free with the 12th month or free with the 6th month? Spammer accounts would never last that long.
What about discounts for a WHT account that has been open for more than a year and we would have the user link their WHT or other forum account to their account with us when they signed up to receive this discount.
It cannot be a recurring discount because the utility company does not offer this. But I can take a small hit if I don't have to turn around and destroy the box a day later.
Their only goal is to deliver the selected text block to the victim. Whether and how often they change a (fake) e-mail address is unclear, as individuals or marketing groups all work independently.
If an e-mail address is blacklisted, it is usually helpful to change an e-mail address, because in this case the message is not transmitted to the victim (spammers are stupid).
I get these messages or notifications from some Russians, or at least I think it's Ukrainians asking me to like sites that all have beautiful sexy women. I can not block her because I can not write her name in Russian.
What can I do against it? I get some every day.
I have received the following email with the following headers. How do spammers use this method to trick users into hacking their account?
How can you stop spammers with our e-mail? For non-techies like my grandma, it can be scary to receive an e-mail like this one that says her account is hacked.
What is the spammer doing right in the headers below? Does it show which application you are using for it?
The way back:
X-Original To: email@example.com Submitted to: firstname.lastname@example.org Obtained: from gateway5.unifiedlayer.com (gateway5.unifiedlayer.com) [188.8.131.52]) (Using TLSv1.2 with encryption ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client Certificate requested) from mail17i.protonmail.ch (Postfix) with ESMTPS ID 420623000080 to the ; Marry, 6 Mar 2019 19:25:57 +0000 (UTC) Obtained: from cm4.websitewelcome.com (unknown [184.108.40.206]) by gateway5.unifiedlayer.com (Postfix) with the ESMTP ID AF51A20196C14 for ; Marry, 6 Mar 2019 13:25:55 -0600 (CST) Obtained: from uscentral427.accountservergroup.com ([220.127.116.11]) of cmsmtp with ESMTP ID 1cAth7PiS5rNM1cAthzAVL; Wed, 06. March 2019 13:25:55 - 600 Received from [18.104.22.168] (port = 51959 helo =[184-183-252-87.filibe.net]) by uscentral427.accountservergroup.com with esmtpsa (TLSv1: ECDHE-RSA-AES256-SHA: 256) (Exim 4.91) (cover off ) id 1h1cAr-0024QG-EJ for email@example.com; Wed, 06. March 2019 14:25:55 - 500 Authentication results: mail17i.protonmail.ch; dmarc = none (p = no dis = none) header.from = xcubicle.com Authentication results: mail17i.protonmail.ch; spf = no firstname.lastname@example.org Authentication results: mail17i.protonmail.ch; dkim = fail reason = "Key not found in DNS" (0-bit key) header.d = zeroplusbd.com email@example.com header.b = "kBI6UFVj" X-Authority reason: nr = 8 Dkim signature: v = 1; a = rsa-sha256; q = dns / txt; c = relaxed / relaxed; d = zeroplusbd.com; s = default; h = From: MIME Version: Content Type: Message ID: List ID: Date: Subject: To: Sender: Reply To: Cc: Content-Transfer-Encoding: Content ID: Content-Description: Date resent: Resent-From: Resent Sender: Resent-To: Resent-Cc: Resent-Message-ID: In-Reply-To: References: List-Help: List Unsubscribe: List Subscribe: List Post: List Owner: List Archive; bh = oj1E + Py8RM4SW8xpzCQWMyx9GodmBpw8HrVQgEtGCkw =; b = kBI6UFVjOJ6gguimz80GscFl2T OLPs8fsRExWixOejYw4T4 + itDQNQPEy7NT + RBH + D055aCgf2clk8w44DauK2Lye1uw9ZFP6tlwQ3F 2kKxi3ea3Vaeo1ojR3yshBjGaj2Yit / 5mas9dAQLKOlXfd7dVSthXl2hiza9XbMbP6WSUw2g / zdek / jnxnN410aiy7vES / sbKi4v5PyDPTe8kYSkcHVZrFIP9XpNLjrzXiw18lo97osS1pl3Oe9ySv3DVF WXOfdIxAhvZCqq0o4329IO3oT + O8GGwiY2BAvH1L4JCrRK0y8An6I2ZAhii6XTEaoViKt3FVhESz 1PvGPDMA ==; To: firstname.lastname@example.org X-Abuse Reports To: X-Mailer: Microsoft Outlook Express 6.00.2900.5843 Subject: pat X-Aid: 3931138227 Date: Wed, 6th March 2019 20:25:52 +0100 List ID: y2znb9cxhdkkp12r9ojihcp70vn50etc23e368dl Message ID: <email@example.com> X complaints to: Content Type: Text / HTML MIME version: 1.0 From: X-channel: firstname.lastname@example.org X Anti-Abuse: This header has been added to track abuse. Please attach it to the abuse report X Anti-Abuse: Primary Host Name - uscentral427.accountservergroup.com X Anti-Abuse: Original Domain - xcubicle.com X-Anti-Abuse: Sender / Caller UID / GID - [47 12] / [47 12] X Anti-Abuse: sender address domain - zeroplusbd.com X-Bwhitelist: no X-Source IP: 87,252,183,184 X-Source-L: No. ---------- X-Exim-Id: 1h1cAr-0024QG-EJ X source transmitter: ([184-183-252-87.filibe.net]) [22.214.171.124]51959 X-Source Auth: email@example.com X-Email Count: 244 X-Source-Cap: emVyb3BsdXM7aW1wbG9kZWk7dXNjZW50cmFsNDI3LmFjY291bnRzZXJ2ZXJncm91cC5jb20 = X-Local-Domain: yes X-Spam flag: YES X-Spam Status: Yes, Rating = 11.7 Required = 4.0 Tests = BAYES_50, DKIM_INVALID, DKIM_SIGNED, FORGED_MUA_OUTLOOK, FORGED_OUTLOOK_TAGS, HEADER_FROM_DIFFERENT_DOMAINS, HTML_IMAGE_ONLY_04, HTML_MESSAGE, LOCALPART_IN_SUBJECT, MIME_HTML_MOSTLY, MPART_ALT_DIFF, RCVD_IN_BRBL autolearn = no autolearn_force = no version = 3.4.2 X-Spam Report: * 4.0 BAYES_50 BODY: The Bayesian spam probability is 40 to 60% * [score: 0.4999] * 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level * Mail domains differ * 1.1 LOCALPART_IN_SUBJECT Local part of To: Address appears in * Object * 0.4 MIME_HTML_MOSTLY BODY: Multi-part message, mostly text / HTML MIME * 0.0 HTML_MESSAGE BODY: HTML in the message * 0.8 MPART_ALT_DIFF BODY: HTML and text parts differ * 1.2 HTML_IMAGE_ONLY_04 BODY: HTML: Images with 0-400 bytes of words * 0.1 DKIM_SIGNED message has a DKIM or DK signature, not necessarily * valid * 2.0 RCVD_IN_BRBL Received is listed in Barracuda RBL * bb.barracudacentral.org * 0.1 FORGED_OUTLOOK_TAGS Outlook can not send HTML in this format. * 0.1 DKIM_INVALID DKIM or DK signature is present but invalid * 1.9 FORGED_MUA_OUTLOOK Fake mail purporting to be from MS Outlook X-Spam Level: *********** X-Spam Checker Version: SpamAssassin 3.4.2 (2018-09-13) on maili.protonmail.ch X-Attached: 1551903952102.jpg X-Pm-Origin: external X-Pm content encryption: on delivery X-Pm transmission encryption: TLSv1.2 with encryption ECDHE-RSA-AES256-GCM-SHA384 (256/256 bit) ----- BEGIN PGP MESSAGE ----- Version: ProtonMail Comment: https://protonmail.com wcBMAwRosWm2Ti4BAQf / Ykwvv6atXqvoTqX + F4J6T2IriLr3Ol294QaLqwpZ VRJuZ0g39DFmnWhHiZtPwo0WEr4Tvn4dg1g7wWTT8r / w5rJ7M2cukmKTdZR6 eRXtm0PDO2mWzoOo7ra6YsmrakB0asnTL1oA2DWi9u + TrXr / DyeYetnwqwQ1 TIrhG + HXuiFUTa8fxvvi3VHUNFI0fCIxxaZtHFGEH05wqGTxSgTiNYUJYeSE cJcWpLm7X4cp / AiiJeFqmG0LrUB7qmJnonu / EbfxFIec2YBwcTDZmN1yw9BS
We have a huge problem with the passwords of users' e-mail accounts, which are vulnerable to IP addresses around the world and used to send spam.
Usually we just change the password in the email account and write the user. Recently, however, there have been multiple email accounts for these accounts that are at risk or the same email account has been compromised time and again.
Mostly the problem is an extremely weak or insecure password. In other cases, I suspect that the user has malware installed on their computer (and does not know what else is going on with their computer) or checks the account over insecure networks.
If it happens over and over again, sometimes we will proactively change the passwords of all of the account's email accounts or lock the account at other times. But apparently people do not like it – and they would as well outsource their hosting to a company that either knows no compromise issues or to a web hosting company that does not care about sending spam repeatedly.
I begin to believe that I lose the hard battle. I think it might be easier to let the spammers run rampant. And then, when people complain that they can not send mail for blacklisting, I simply tell them "hard%? $ #!".
I mean, is that what everyone else is doing?
Sorry, I did too much the weekend and this week and had to get into my soapbox a bit.