dave rogers

dave rogers

sometimes-programmer and sometimes-teacher living alongside the edge of the known world

Am I not Master of My (E-mail) Domain?

For the past year or so, some jackass has hijacked my yukondude.com domain to serve as the return address for uncountable spam mailings. I've since grown inured to the inconvenience, but a recent Yukon Jen posting was like déjà vu all over again.

It started abruptly. One morning my inbox was filled with hundreds of bounce messages from overseas e-mail servers -- predominantly German, for some reason. The messages tended to report that somebody@somewhere.de was an illegal e-mail address, or the mailbox was full, or the message was rejected because, lo and behold, it was spam. The sender addresses of the bounced messages were all of the form qqxgobbledegook@yukondude.com.

My first panicked reaction was that a computer in the house had been zombified and was spewing spam at the behest of some Eastern European gangster. Anti-virus and anti-spamware scans didn't turn up anything, but it wasn't until I ran a packet sniffer on my home network over a weekend that my panic was assuaged: my computers weren't responsible.

No, the spammer had merely chosen my domain on a whim as the source of untold thousands of low-cap stock, ersatz Rolex, or herbal ED remedy solicitations. The Simple Mail Transfer Protocol, which handles all e-mail on the Internet, is surprisingly susceptible to forgery. Replacing the sender's address with another domain is a mere matter of typing: I used to demonstrate that very exploit in my programming courses.

Of course, no prospective buyer -- idiot! -- of the spam-sold wares would be able to reply to the enticement, but the body of the message will usually direct the reader to a website anyway.

Meanwhile, yukondude.com is very likely blacklisted in parts of central Europe. My e-mail server does implement a protocol that verifies whether a message was legitimately sent from yukondude.com, but that's still a newish concept, and not all recipient servers bother to check.

The torrent of bounces has diminished, but every so often a new wave of them crops up for a week at a time. Yet one more unanticipated consequence of wiring together the world's supply of jerks.

Update Oct. 29

The bounce messages are back with a vengeance: 412 today and counting. I should also mention that the Sender Policy Framework protocol that I mentioned is really enabled via the domain's DNS registration rather than on the e-mail server.

Comments