Ethical Hacker Community Forums

Hello

I am at a loss and don't know where to turn hence why I am now posting on this board. We have discovered that our company email address is being used by some pharmacutical company in Canada ' the usual crap, viagra etc, however as a subsequent effect many of our customers now do not receive our emails as they are marked as spam. We have contacted the company and had no response at all which we kind of expected. We are now seeking alternative means of stopping this. Can anyone help or suggest anything we can do  ?? Any help would be greatfully received as we are losing a lot of business and cannot continue if this persists.

Regards

Gavin

Not exactly sure how they are using your email address. Did you not renew your domain name registration and they swiped it? Are they spoofing the address, so it looks like yours but the link actually goes to one of theirs on a separate domain? Did they break into your (or a 3rd party) network and take over your email server?

Bottom line is if you can somehow prove that the address is yours and they are using it in some illegal fashion, I would call your local FBI office. The threshold for monetary damages is $5000 before they'll get involved. Seems like you've lost way more than that. Getting the proper autorities involved will not only make sure you follow proper procedures and not do anything illegal yourself. It will also put some real pressure on the other side to stop whatever it is they are doing.

Hope this helps,
Don

If you are using Exchange server and have open relay set then they are just bouncing e-mails from your network. 1st thing to do is make sure you e-mail server and/or domain is under your control. Next is to hit all the black list sites like sorbs and the others and request to be removed from there black list. You can google to see the different sites that have publicly open black lists. Once you find what black list you might be on then you can request to be removed from the black list. This kind of stuff is normal from an ISP prospective and you might be able to get some help from you ISP's abuse group.

Brian

As Don have already explained, you need to get some email samples as an attachments, and study them carefully to see if the case was email spoofing, or if they are really using some of your infrastructure as slimjim100 have pointed one example. I have seen this happen in the past using broken cgi scripts such as formmail, if any of your publicly accessible servers can act as open proxy/relay of some sort, they can use your ip addresses as the originating addresses, and the email spoofing is much easier then. first invest in investigating how this is done, what was exploited, and whom is responsible for it. prove that you can trace it back, and contain the problem, you can google for incident handling, or email fornesics if you can not afford to hire a security consultant ::)