cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New

Stopping "back scatter" spam - mailer-daemon

Hello,

 

I'm getting a lot of "Message Delivery Failure" messages from messages I never sent. After and due to recent contact with a colleague in China with a qq.com address, someone is spoofing my address to send messages to many users in China, all from the qq.com domain.

 

Already changed my password twice, so I know I wasn't hacked - just spoofed.

 

Anyone have any experience and suggestions with this?

 

Thanks very much in advance.

9 REPLIES 9

Re: Stopping "back scatter" spam - mailer-daemon

I have had the same problem on several occasions. Would like GoDaddy support to help us with this.

New

Re: Stopping "back scatter" spam - mailer-daemon

Hi, 

Same here , same bounce back originating from the same qq.com address and bounced off the smtp servers at 184.105.206.32 to 184.105.206.255 . If 3 Godaddy users are commenting on this, then it is a Godaddy problem to block at their SMTP level.

Call me a sceptic, but I bet Godaddy is about to launch a hosted spam add-on. In much the same way as we only started getting our website hacked , 2 weeks before GoDaddy launched a website security addon with compusory joining.  - Good luck

New

Re: Stopping "back scatter" spam - mailer-daemon

Bevrob and JohnLou, thanks for your replies. Sorry to hear you're having similar issues, but at least I know it's not just me, too!

 

Do either of you know how I can write to GoDaddy e-mail support directly? I'd rather write this up than call and try to explain. I formerly worked in IT support, and with something like this, it's important to reach the right person.

 

Thanks again!

New

Re: Stopping "back scatter" spam - mailer-daemon

Just an update - no backscatter from qq.com since early on 4 June. So far, so good - hope it's over.

Helper I

Re: Stopping "back scatter" spam - mailer-daemon

This is relentless. I called them out publicly on Twitter and they continue to insist that it's not THEIR problem when it clearly is. I have done everything recommended - changed DNS record, changed password, run malware scan, etc. - SEVERAL times. To no avail. If you HAVE a Twitter account, join me in calling them out. They need to FIX THIS.

Helper I

Re: Stopping "back scatter" spam - mailer-daemon

That's messed up. But not surprising.

Helper I

Re: Stopping "back scatter" spam - mailer-daemon

I've got five email accounts through GoDaddy and for weeks now two of them have been experiencing huge amounts of bounce-back emails from emails I NEVER SENT (see below): 

 

Message Delivery Failure
mailer-daemon@secureserver.net [mailer-daemon@secureserver.net]
Sent: Wed, 2:23 pm
To: my email address
Attachments: untitled-[2]untitled-[3]???????????????????????554758?C0M?????188?18?0?,??Q8115 13 237???.eml
This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed permanently:

* 2228322698@qq.com

Reason: There was an error while attempting to deliver your message with [Subject: "措核舅押厕霜舸迎锚讴摩垦逻切澳菛威尼斯人554758点C0M邀您紸冊拿188盈18⒏0提,专员Q8115 13 237拿行为"] to 2228322698@qq.com. MTA p3plsmtpa11-08.prod.phx3.secureserver.net received this response from the destination host IP - 184.105.206.30 - 550 , 550 Mailbox not found. http://service.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000728
.==================

 

Godaddy tells me to:

 

Change the password. DONE. Several times.

Change the DNS record for my domain/s. DONE.

Run a malware scan. DONE. No malware on MY end.

 

Every time I write or call they give me the runaround. This is NOT a Godaddy problem they say. Then why are so many others having the same exact problem? Why are you repeatedly sending me these emails:

 

Dear Pamela Grow,

GoDaddy understands that email is a vital part of business today and we take our commitment to customer security seriously. We have reason to believe that your email account pamela@pamelagrow.com may have been compromised.

For your protection, and the protection of others, we have suspended the ability for this address to send mail through third-party clients such as Outlook, Thunderbird, etc.

What's the next step?

As soon as possible, please update your password using these instructions (more info). We encourage you to use a strong password and to change your previous password (or any variations) anywhere else you may have used it.

Once your password has been updated, we will lift the suspension and the email account will be able to send mail through third party clients again.

Please keep in mind that this email account can still send and receive messages through web-based email, provided the storage quota has not been exceeded.

Thank you for your understanding and cooperation. Please feel free to contact us if you need help or have questions.

The GoDaddy Email Team

 

============

WHEN WILL YOU FINALLY ADDRESS THIS PROBLEM AND FIX IT???

Re: Stopping "back scatter" spam - mailer-daemon

I am having the same issue. 9 calls to tech support since may 29th. still my relays are going up and i am getting bounce backs unless i turn off relays.

  • changed passwords A LOT on three different networks using virtual keyboard
  • malware virus scans done repeatedly
  • chrome uninstalled and reinstalled
  • spf records updated 
  • EVERYTHING 

last call they said sorry, nothing else we can do

Re: Stopping "back scatter" spam - mailer-daemon

Okay, here is what worked:
1.) Change Email Password.

2.) Login to your Godaddy account,

3.) select products,

4.) select your domain,

5.) select DNS,

6.) then go into DNS Management and add: 

TXT @ v=spf1 mx -all

then, save.

7.) Last but not in anyway the least - very important - uninstall and fully remove your default browser especially if it's Google Chrome, then reinstall Google Chrome with MS Edge and select Chrome as default browser.

This solved the problem with permanently.