Spoof'd email addresses

JayEmm · 23 Jul 2016, 05:12 AM

I have an email account at something like "username@fastmailhost.com"
and when using it I always specify a "subdomain address" of the
form "somename@username.fastmailhost.com" (and never use just
"username@fastmailhost.com").

On several occasions now I get many emails from the likes of
"postmaster@somehost.com", "MAILER-DAEMON@somehost.com", etc.
addressed to "somename@username.fastmailhost.com stating that
email to some other person could not be delivered for one
reason or another.

Apparently spammers are using my subdomain address with random
"somename" to send email and the email hosts are failing to
realize it's a spoof'd email. This happened before for about
5 months from January 2015 thru May 2015, then again in May of
2016 and now has started again in June and July of 2016.

I would like to share my solution with the fastmail community,
to see if there is a better one. Luckily for me, I have a file
on my computer that has all the subdomain addresses I've ever used
(so when I get a spam email I know which contact has had their
email account compromised). I also have a program to manipulate
an imap email account remotely which lets me do the following.
When a new email arrives in my inbox I check its "To" address
to see if it's one that I have used. If not I move it to a
"spoof" folder and overnight I delete all files in my "spoof"
folder(s), keeping a record of all the "To" names so I can double
check I didn't make a mistake (which has never happened).

This works well for me but it would even better if Fastmail
offered a feature to do this so it was more efficient. Perhaps
it could keep track of all "From" addresses used when sending
email and/or allow users to upload a file of subdomain addresses
used. Then any email that is not in the file would be rejected or
directly put into a "spoof folder" (which would be more efficient).

Who will read this?

NumberSix · 25 Jul 2016, 01:21 PM

I read it

Hmm, yes, another good idea that will never be implemented. Please don't stay up nights waiting for this

I believe the technical term for the type of bounced emails you're receiving is "backscatter", and I thought that FM's excellent spam-handling system was already taking steps to eliminate it. I think usually the backscattered email already contains a payload that qualifies as spam, no? In that case, if you simply mark it as spam, FM should learn it as such and the incidents should decrease.

Funny, tho... I've been using subdomain addresses ever since I joined FM, some.... uh, 14 years ago, but don't recall ever seeing backscatter that made use of one of my subdomains.

And welcome to the forums.

23 Jul 2016, 05:12 AM	#1
JayEmm Junior Member Join Date: May 2016 Posts: 1	Spoof'd email addresses I have an email account at something like "username@fastmailhost.com" and when using it I always specify a "subdomain address" of the form "somename@username.fastmailhost.com" (and never use just "username@fastmailhost.com"). On several occasions now I get many emails from the likes of "postmaster@somehost.com", "MAILER-DAEMON@somehost.com", etc. addressed to "somename@username.fastmailhost.com stating that email to some other person could not be delivered for one reason or another. Apparently spammers are using my subdomain address with random "somename" to send email and the email hosts are failing to realize it's a spoof'd email. This happened before for about 5 months from January 2015 thru May 2015, then again in May of 2016 and now has started again in June and July of 2016. I would like to share my solution with the fastmail community, to see if there is a better one. Luckily for me, I have a file on my computer that has all the subdomain addresses I've ever used (so when I get a spam email I know which contact has had their email account compromised). I also have a program to manipulate an imap email account remotely which lets me do the following. When a new email arrives in my inbox I check its "To" address to see if it's one that I have used. If not I move it to a "spoof" folder and overnight I delete all files in my "spoof" folder(s), keeping a record of all the "To" names so I can double check I didn't make a mistake (which has never happened). This works well for me but it would even better if Fastmail offered a feature to do this so it was more efficient. Perhaps it could keep track of all "From" addresses used when sending email and/or allow users to upload a file of subdomain addresses used. Then any email that is not in the file would be rejected or directly put into a "spoof folder" (which would be more efficient). Who will read this?

25 Jul 2016, 01:21 PM	#2
NumberSix Cornerstone of the Community Join Date: Jan 2003 Location: The Village Posts: 616	I read it Hmm, yes, another good idea that will never be implemented. Please don't stay up nights waiting for this I believe the technical term for the type of bounced emails you're receiving is "backscatter", and I thought that FM's excellent spam-handling system was already taking steps to eliminate it. I think usually the backscattered email already contains a payload that qualifies as spam, no? In that case, if you simply mark it as spam, FM should learn it as such and the incidents should decrease. Funny, tho... I've been using subdomain addresses ever since I joined FM, some.... uh, 14 years ago, but don't recall ever seeing backscatter that made use of one of my subdomains. And welcome to the forums.