"Steven Banks" <roadkingman_FING***@hotmail.com> wrote in message
news:O9WK8F3dFHA.688@TK2MSFTNGP14.phx.gbl...
> Hello All:
>
> I have an issue that is bugging the living daylights out of me. I started
> using 1and1 MS Hosting services for my domain. In the past three weeks I
> have been getting email that appears to be from my domain. I know for a
> fact that they are not because none of the email addresses really exist.
> To add fuel to the fire, these emails contain an attached virus in the
> form of a .zip file.
>
> Typically the emails look to be from these addresses:
> serv***@mydomain.com
> ad***@mydomain.com
> administra***@mydomain.com
> webmas***@mydomain.com
> supp***@mydomain.com
> i***@mydomain.com
> m***@mydomain.com
> regis***@mydomain.com
>
> You can see the pattern here...
>
> I'm smart enough to not have opened a single one, and have spam and junk
> filters to "move" but not get rid of the problem. The fact that this is
> happening at all really irks me. Plus, I don't know if this technique is
> being used to send other people this destructive email using my domain
> name. That'd be horrible!
>
> How are the perpetrators doing this, why is it getting past my domain
> hosts, and what can/should 1and1 hosting be doing to stop this from taking
> happening?
>
> Any clues or help appreciated.

news:Ongiiv3dFHA.228@TK2MSFTNGP12.phx.gbl...
> Sounds like someone out there has a virus/worm that's creating emails with
> fake addresses that are getting delivered to you. It's happened to me at
> times also. Not much you can do from your end (other than filtering them
> and using an antivirus program). Maybe you can setup some server side
> filtering.
>
> "Steven Banks" <roadkingman_FING***@hotmail.com> wrote in message
> news:O9WK8F3dFHA.688@TK2MSFTNGP14.phx.gbl...
>> Hello All:
>>
>> I have an issue that is bugging the living daylights out of me. I started
>> using 1and1 MS Hosting services for my domain. In the past three weeks I
>> have been getting email that appears to be from my domain. I know for a
>> fact that they are not because none of the email addresses really exist.
>> To add fuel to the fire, these emails contain an attached virus in the
>> form of a .zip file.
>>
>> Typically the emails look to be from these addresses:
>> serv***@mydomain.com
>> ad***@mydomain.com
>> administra***@mydomain.com
>> webmas***@mydomain.com
>> supp***@mydomain.com
>> i***@mydomain.com
>> m***@mydomain.com
>> regis***@mydomain.com
>>
>> You can see the pattern here...
>>
>> I'm smart enough to not have opened a single one, and have spam and junk
>> filters to "move" but not get rid of the problem. The fact that this is
>> happening at all really irks me. Plus, I don't know if this technique is
>> being used to send other people this destructive email using my domain
>> name. That'd be horrible!
>>
>> How are the perpetrators doing this, why is it getting past my domain
>> hosts, and what can/should 1and1 hosting be doing to stop this from
>> taking happening?
>>
>> Any clues or help appreciated.
>
>

"Wolfman" <Wolf***@discussions.microsoft.com> wrote in message
news:84BDA13E-7C60-48BA-9336-EAC3B8968D84@microsoft.com...
> Steve,
>
> We're suffering from a very similar thing but luckily it's not getting as
> far as yours. We have in place SurfControl E-mail filter and from looking
> at
> our system we are having someone/something attempt to use us to e-mail
> out.
> What we are seeing on SurfControl is this:
>
> Denied Relay from <supp***@ourdomain.co.uk> from host 195.102.244.132 to
> <d***@ourdomain.co.uk> (Senders IP not in relay sources list)
>
> We are getting those from these:
> mail@
> admin@
> administrator@
> webmaster@
> service@
>
> And we get those like clockwork every 20 minutes. The IP address shown is
> like in your case, the Mail servers of our ISP. Because we have our system
> to
> deny relays like these it's not as such causing a problem. Apart from
> filling
> up logs etc. We are not hitting anything major. Most of the addresses they
> try to e-mail to do not exist but there is one that is correct. So if we
> didn't have the system set up as we do then we could potentially be in the
> same boat as you.
>
> I would suggest looking in to the Denying Relays. I'm not sure as to how
> and
> where to do it as this was something my Boss set up before I started here.
>
> Hope that can be of some help.
>
> --
> Regards,
> Ash.

"Steven Banks" <roadkingman_FING***@hotmail.com> wrote in message
news:O9WK8F3dFHA.688@TK2MSFTNGP14.phx.gbl...
> Hello All:
>
> I have an issue that is bugging the living daylights out of me. I started
> using 1and1 MS Hosting services for my domain. In the past three weeks I
> have been getting email that appears to be from my domain. I know for a
> fact that they are not because none of the email addresses really exist.
> To add fuel to the fire, these emails contain an attached virus in the
> form of a .zip file.
>
> Typically the emails look to be from these addresses:
> serv***@mydomain.com
> ad***@mydomain.com
> administra***@mydomain.com
> webmas***@mydomain.com
> supp***@mydomain.com
> i***@mydomain.com
> m***@mydomain.com
> regis***@mydomain.com
>
> You can see the pattern here...
>
> I'm smart enough to not have opened a single one, and have spam and junk
> filters to "move" but not get rid of the problem. The fact that this is
> happening at all really irks me. Plus, I don't know if this technique is
> being used to send other people this destructive email using my domain
> name. That'd be horrible!
>
> How are the perpetrators doing this, why is it getting past my domain
> hosts, and what can/should 1and1 hosting be doing to stop this from taking
> happening?
>
> Any clues or help appreciated.
>
> Steve Banks
>