Close
Close

Spam Emails from ProBlogger

Just a short note to let those who may have received spam from a problogger.net email address today that this was not actually sent by me.

A spammer who is using a legitimate email that I sent from one of my other blogs as a cover for his ads then sent the email from a problogger.net email address.

You can read full details of what they did here. My apologies to those who were sent this email – I understand that you are upset by it but it is not something that I had any control over and is not something I am connect with what so ever.

About Darren Rowse

Darren Rowse is the founder and editor of ProBlogger Blog Tips and Digital Photography School. Learn more about him here and connect with him on Twitter, Facebook, Google+ and LinkedIn.

Problogger.net runs on the Genesis Framework

Genesis Framework

The Genesis Framework empowers you to quickly and easily build incredible websites with WordPress. Genesis provides the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go.

Check out the incredible features and the selection of designs. It's that simple - start using Genesis now!

Comments

  1. Tim says:

    I have spammers using my domain to send junk mail from too – The only way I know is because I receive “Mailbox full” and “out of office” notices. The sender address is normally [some random characters]@[my domain].co.nz

    Systems like http://www.openspf.org/ and http://en.wikipedia.org/wiki/Sender_ID might help

  2. I have a feeling that some stupid script kiddy is having fun sending spam e-mail and viruses with other people’s e-mail addresses. Don’t they have lives?

  3. Teresa says:

    “Don’t they have lives?”

    No..and sadly they make money at it.

  4. Everyone should be adding SPF records to their domain name. This makes it easier for mail servers supporting SPF (like Gmail) to indentify email forgery.

    http://en.wikipedia.org/wiki/Sender_Policy_Framework

    http://old.openspf.org/wizard.html

  5. Hi Darren,

    I’ve had jerks do this with several of my domains.

    Adding something called an SPF Record to your DNS helps.

    See: http://www.openspf.org/Introduction

  6. Mat says:

    You know you’ve made it when the spammers come.

    Just about the only positive one can draw from such a scenario.

  7. Such is life, unfortunately. Consider yourself lucky that you’re not as bad off as eBay or Paypal whose email addresses are spoofed constantly for this kind of thing for more malicious purposes. I know it’s an inconvenience to you, but they’ll get over it soon when the novelty wears off. As long as they’re spoofing your email address and not accessing the email account through your server, you’re in the clear, and I wouldn’t really worry about it too much.

  8. Dave Starr says:

    A lot of people on-line, in the blogosphere and otherwise are thinking about/actively looking for the “next big idea” that could make them famous … or rich … or both.

    I’ve been actively working on different facets of the Internet since long before it was called “the Internet” … can anyone still spell “DARPA”?

    When the first implementations of email were first introduced a common cry from the network gurus and engineers was, “This method is no good, we need something that can’t be so easily spammed or spoofed.”

    twenty plus years later the situation hasn’t gotten better, if anything it is worse. It is almost trivially easy to masquerade as anyone and send out mails in their name. A true opportunity awaits the smart guy/gal who can devise and implement a real solution.

  9. Bes Zain says:

    At least to me, you don’t need to apologize. I got the same e-mail and spent a good 10+ minutes wondering why you would write W8 loss in the subject line, and why the e-mail address was problogger.net while the content was from your digital site. I was only wondering to myself: “Hmmm, Darren is cuckoo after all.”

    It would be interesting to know how they spoofed the account or how they got hold of the account while putting in legitimate content in the newsletter along with their ad in the end.

    I was just kidding about the cuckoo thing, by the way.

  10. MJ Ray says:

    SPF is not the answer: it breaks some mail forwarding and relaying systems (which is what gives email some of its flexibility and usefulness); it is implemented in DNS, which itself has little security; and more spammers use SPF than legitimate emailers according to http://www.theregister.co.uk/2004/09/03/email_authentication_spam/

  11. Cameron says:

    This happened to the company that I work for. We found out that the thing that was allowing the spammers to hijack our domain was that we had a “catchall” email account. When an email goes out, the receiving server checks to see if the sender account is valid by pinging (or something) the server that it’s supposedly coming from to see if the account is valid. Since a catchall will accept email from any non-valid email account on the domain, it accepts this “ping” and the receiving server thinks the account is valid. We disabled the catchall account, and haven’t had a problem since. If your domain is being hijacked by spammers, make sure that your catchall is disabled.

  12. Spamming with others people domains is a nasty one. It is hard to imagine, how much more nasty spammers can become.

  13. Same thing happend to one of my client. You could prevent that problem in the future by adding SPF record to your domain.
    At the moment the report for your domain shows:
    “Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it).”

Trackbacks

  1. [...] After being the victim of a Spammer hijacking my newsletter for their own purposes earlier today there are a few lessons that I’ve learned: [...]

  2. [...] I’ve been following an issue over at Problogger.net wherein Darren Rowse became a victim of a spammer who hijacked his domain and used it to send spam through his newsletter. I did not receive any spam from Darren so it’s either I’m among the lucky few whom the spammers missed or I’m no longer subscribed to the Problogger newsletter. As always, Darren has managed to turn something disastrous like this into something positive by sharing the lessons he has learned from it. [...]