Our business domain has had hundreds of returned mail presumably from a spam attack bounced back to an unused webmaster@ address.
I've stopped the returns being able to come back to us, but our hoster (1-2-3) don't seem too bothered about stopping the problem.

Firstly, can anyone tell me how the spammers could get hold of our details (presumably needing our mail server address and password) to do this and secondly, will our Webmaster@ address ever be useable in the future - ie do the attacks get stopped eventually by our ISP.

The source of the attack appears to be in Iran.

Nick

 

This is quite commonplace. You haven't been compromised ( - probably, I cannot say for sure obviously so you should get someone qualified to check). webmaster@ addresses are part of RFC 2142 ("Mailbox Names for Common Services, Roles and Functions") so all domains should have them, an obvious target.

I've had this happen to me twice now. Spammer sent mail pretending to be me, I got about 6000 bounced mail messages in the course of three days. Was only a slight inconvenience due to how my mail is set up, but for someone on a dialup it would kill them without ISP intervention.

Your ISP probably can't do any more about spamming than you personally these days, unfortunately.

 

Theres not much you can do with undeliverables. The isp's in my opinion should stop bouncing of mail and just let it disappear into the ether.. Undeliverables create more spam than spam imo

The only options without changing domain name is to employ spam filtering to stop them appearing in your mailbox or use dirty tricks and ban ip ranges from certain Countries connecting to your smtp server if its setup that way. Obviously thats just not cricket...

 

Only in this situation, you can't just "change" SMTP

 

Thanks all.
So will these idiots loose interest in using our webmaster address or is it compromised forever?
We've reported the Iran link to Spamcop if that does any good.

Nick

 

They've probably already stopped sending as your webmaster account and moved onto some other poor persons address, so the bounces will just tail off.