Apparently I’m caught in what seems to be the receiving end of a spammers attempt to use my domain name as the vessel for creating random email addresses for his bulk of the day.
I keep getting replies from mail servers all over the interwebs telling me emails either got refused or that the recipient address simply doesn’t exist. I get those in my mailbox because I’m using a catchall forward for any mail that gets sent to my domain as an admin.
The problem with email, known to anyone with a bit of knowledge of the protocol, is that this kind of (harmless) domain hijack is something that any fool with the right tool can do, being it a simple mail client.
So if you ended up getting a lot of email from people with oddly looking user names from my domain, well… I’ll have to quote Bart Simpson and tell you it wasn’t me.
Spammers have a lot of tricks up their sleeves lately, and I almost fell for one of them a few weeks ago. I got this German email that looked like I was being sued for something. Now I don’t master the German language, but it’s close enough to Dutch to get the general idea that someone thought that I was some vile spamming bastard, and they where going to get my ass for it too.
This is kinda scary really, because the text itself seemed to be legit. Not that funny Ingrish style stuff you know is spam, but that typical lawyers style incomprehensible lecture.
What triggered a little alarmbell in my head however was that there where some odd looking email addresses in there, and none of them where from the same domain.
First of all it was sent to the info@ address of my domain, which I don’t use or publicise, but since emails are automatically forwarded to my general account I get them anyway. The domain the email came from was also not the domain who had been receiving the spam, which doesn’t make much sense. Last, the lawyer to contact concerning the matter had an odd looking address as well.
So instead of replying to the email telling them they probably made a mistake, which was my initial intention, I forwarded it to someone who actually speaks German and could help figure out if this was for real or not.
He got suspicious as well about the email addresses, and he also knew that the domain the email was coming from was known for it’s free email accounts, which where frequently used by spammers to spread their junk. That, together with some Google searches on phrases from the email made it clear this was just a bait email.
It turns out the content of the email was actually put online by a real lawyer, to be used as a template for anyone who had been targeted by a spammer. But now spammers are baiting domain admins with this, by randomly mailing general email addresses hoping they will reply anything, which will give the spammers yet another active email address.
Here’s the full email in cause you’re interested.
Don’t let these bastards fool you!
Since I switched from Blogger to WordPress I have been getting more comment spam. Blogger used a captcha technique which seemed to be blocking the spam, or maybe just because my blog wasn’t quite that visible to spammers on Blogger. But now that it’s on WordPress things are different.
In fact, I’m guessing that those handy blog-ping update services are used by vile spammers to detect new blogs using blogging software like WordPress that their spamming scripts are written for.
Early this week I was getting hit by another spamming round and I was getting unintended notifications of these crap posts in my GMail because of emails bouncing from the invalid auto-generated emails.
I cleaned up the spam comments asap, cause I hate to see them pollute my blog, but I wanted to find a more permanent solution for the problem.
I didn’t quite think of it but WP already has a plugin ready for spam control called Akismet. I didn’t activate it before because I had to go through the trouble of getting a WordPress API key from the WP site. This time the spammers annoyed me enough to do so.
Posts now get automatically scanned by the Akismet engine, and right now it has trapped 37 comments, all spam, and I didn’t have to do jack for it.
So for anyone out there with a WordPress blog and a spam problem. Get that plugin registered and relax. It’s sweet.