Opened my email this morning only to find that someone has used my email address as "sender" and send out 100.000s of spams. Russians of course.. but half of them are bouncing back and I cant check or find any normal emails.

No idea what to do, does anyone have experiance of how it works and if there is anything that can be done?

Found who it is.. some c*nt in Malasia. And of course nothing I can do, you can't get hold of anyone. The network owners take no responsibility, no one answers the phone..


inetnum: 60.48.0.0 - 60.54.255.255
netname: XDSLSTREAMYX
descr: Telekom Malaysia Berhad
descr: Network Strategy
descr: Wisma Telekom
descr: Jalan Pantai Baru
descr: 50672 Kuala Lumpur
country: MY
admin-c: TIA7-AP
tech-c: TIA7-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-AP-STREAMYX
mnt-routes: MAINT-AP-STREAMYX
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20040607
changed: hm-changed@apnic.net 20070209
source: APNIC
role: TMNST IP Administrator
address: TELEKOM MALAYSIA BERHAD, Level 17 TM Annex E 1,
address: JALAN PANTAI BARU
address: 50672 KUALA LUMPUR
country: MY
phone: +603 22406120
fax-no: +603 22402126
e-mail: ainols@tm.com.my
trouble: abuse@tm.net.my
admin-c: AS115-AP
tech-c: AS115-AP
nic-hdl: TIA7-AP
notify: ainols@tm.com.my
changed: hm-changed@apnic.net 20070209
mnt-by: MAINT-AP-STREAMYX
source: APNIC

when that happened to me a few years ago, i had over 10,000 emails bounce to me. i had not a clue what was going on, and while i was figuring it out, my host called and said i had been reported for spamming. luckily i had been with them for years, but after the dust settled, i had to contact a bunch of isps and convince them i wasn't the spammer. that info you have above will help a lot - and also if they sent a sponsor link, the sponsor may be able to identify the account used in the spam.

We have had this going on for a while with Boyfunk addresses. If they're returning to random addresses@gaydemon.com, you could set your mail serverl to filter and discard all email addresses except the ones you actually use. Another option (which is a little fancier) is to configure Procmail to parse the mail, and look for bounces, which would probably contain the outbound IP or network or other unique info somewhere, and discard all of that mail.

I have always wondered if these mailings have arisen from the NATS compromise. It seems this all started happening around the time the NATS stuff was apparently first reported to NATS (long before it was made public.)

there is no way to prevent this, everybody can send emails using your email address as sender. Using most of the mail client you can setup a filter rule to auto-trash the bounced emails.

imo the problem isn't the emails themselves - the problem is how various companies like comcast, earthilnk and roadrunner will deal with a bunch of complaints from customers who are receiving spam emails from gaydemon.com.

imo the problem isn't the emails themselves - the problem is how various companies like comcast, earthilnk and roadrunner will deal with a bunch of complaints from customers who are receiving spam emails from gaydemon.com.


That is the problem. IF enough people report it as spam, you get in serious trouble. I had the same damn thing happen a year or so ago.

This is why good spam filters don't penalize the "from" e-mail address, but rather the server where the e-mails originated.

If you don't have SPF setup on your DNS server, you might look into it. It lets you specify which servers are authorized to send e-mail for your domain. Emails from other servers are treated with suspicion. SPF isn't perfect (the spammers set up SPF records for their domains too), but it does deal with the question at hand, which is spammers sending e-mail "from" your domain.

Wow. That sucks Bjorn. Sorry to hear this.

I'll certainly keep an eye for this.

it's easy enough for a spammer to spoof the email server - and believe me, it works great. one of my domains - the one i wrote about above - was blocked by earthlink.


This is why good spam filters don't penalize the "from" e-mail address, but rather the server where the e-mails originated.

If you don't have SPF setup on your DNS server, you might look into it. It lets you specify which servers are authorized to send e-mail for your domain. Emails from other servers are treated with suspicion. SPF isn't perfect (the spammers set up SPF records for their domains too), but it does deal with the question at hand, which is spammers sending e-mail "from" your domain.

We had this happen earlier this year and are still trying to convince HOTMAIL of all people that we are not spammers.

I am also sorry to hear this has happen to you Bjorn.I really want to know what they get out of this shit?A good laugh or just purely to annoy any and everybody. :bang: