Avalanche of Spam
The beginning of August was disrupted for me by an avalanche of Spam.
It started when I checked my email early one evening and found over 30 messages in my Spam folder. I may have been lucky until now, but this was unusually high for me. So I checked the folder and was horrified to discover the dreaded bounced back spam mails were back: every single one was a bounced back spam email that had failed to be delivered and appeared to come from my domain name. (See my earlier post, Email spoofing - Spammers are pretending to be me).
But it was to get much worse.
I moved that first batch to save in a folder in case I needed to investigate them later. When my Spam folder refreshed itself, another 30 emails appeared. I tried refreshing it again, and the number of Spam mails went up to 60. Every time I refreshed my Spam folder another 30 spam mails appeared, and this went on for the next 6 hours until I had over 3000 bounced back spam emails. I dreaded to think how many other spam mails might have got through.
I put the ’sorry but it’s not my fault’ type spam message back at the top of my home page, expecting fallout throughout the next couple of days, and started testing my SPF record. The SPF instructions are terrible, so not surprisingly it wasn’t quite right. This was annoying in itself, as every time I changed it via my web hosts the change would take at least 6 hours to propagate through the internet. I changed it several times after this until the testing script finally said it was valid.
In between testing my SPF records, I started checking through the spam mail headers to see if any of it could be traced or reported to anyone. I found the most complete headers generally came back from ‘qmail’ programs. I posted every one I could find into ‘Spam Cop’, which traced most of them to a server in Mexico and a couple to other servers as well, so I sent spam reports for all of these. I also reported as many as I could stand to the address that Gmail suggests for this purpose, which is: spam@uce.gov
I continued doing this as more and more of the spam mails came back. The next day I expected a second avalanche of angry responses from real people, but thankfully most of them seemed to either recognise spam without opening it or ignore it: I only had one reply from someone in Australia, saying ‘Please don’t send emails any more’. I felt bad that even one person would think I would send this rubbish.
I must have sent some of it to some kind of email address collectors as well, as I have been receiving a lot more spam myself since then.