Tot Causes Spam Flood

[Khun Jack]

TOT started to block our domain smtp ports some time ago and however this blocking is sometimes off and on, the smtp server of TOT is not very reliable in mail delivery or is sometimes unreachable.

Two days ago we received 1200 emails back, this were bounces from other mail servers with non existent addresses but with @ourdomain.

Those emails were never send from our computers, and TOT's smtp server is not password protected, don't' know if you can use this smtp server with an other ISP account but anyway TOT smtp server is a SPAM server.

So I tried to explain this to TOT( Phuket Office) but I can't get trough to make them understand the problem.

Is there some contact person of TOT in Bangkok who can handle the situation?.

[LivinLOS]

hmmm.. you may have just pointed out how some odd bounce mail with my domain happened...

[monty]

It'll be hard to convince TOT that their smtp servers are ebing used by spammers!

What is happening in your case, is that there probably are a bunch of bots (=infected computers) around spoofing your domain and using TOT's (or any other) open smtp server.

One way to stop getting bothered by those annoying cannot be delivered messages is by changing the settings at your mailserver at your domain.

It currently is set to forward any mail sent to any non-existing mail address (e.g. [email protected]) to an existing mail address (e.g. [email protected]).

This can be useful to catch emails sent by people who misspelled your e-mail address. This way it'll still arrive in your info inbox.

You can however change this (most often through the control panel of your host), so that any mail sent to a non-existent address at your domain will bounce and the sender will get a non-deliverable message due to non-existing e-mail address.

[zzSleepyJohn]

.......Two days ago we received 1200 emails back, this were bounces from other mail servers with non existent addresses but with @ourdomain.

I'm on TT&T, not TOT, but am also suffering from a recent plague of spoofing [email protected] addresses. I don't think this is purely a TOT phenomenon; more like a new global wave of exploitation by spammers.

+ SJ

[Khun Jack]

How it's possible that any ISP has an open SMTP server, those servers get blacklisted in notime.

Changing mail setting at the mail server of our domains has no effect, the send email from ToT's smtp server never passes this server but the bounces we do receive because the address in from field in the spam is an existing mail account.

I have created a spoofed account for testing and it does work through TOT.

One year ago we received daily 100 Mb spam, and now till the bounce flood we received only a few dozens a day, does the name Joy Suphrata ring a bell?, she sends large attachments and managed to fill the box to the limit.

[Prasert]

How it's possible that any ISP has an open SMTP server, those servers get blacklisted in notime.

It's possible because it's not open.

It's allows unauthenticated connections from the TOT IP range, which is a very normal practice for every ISP who offers a mail server for sending out mail.

The current smtp server (118.175.8.10) does not allow connections from outside the TOT network.

So before making such a statement, check first that you're also correct.

[Khun Jack]

How it's possible that any ISP has an open SMTP server, those servers get blacklisted in notime.

It's possible because it's not open.

It's allows unauthenticated connections from the TOT IP range, which is a very normal practice for every ISP who offers a mail server for sending out mail.

The current smtp server (118.175.8.10) does not allow connections from outside the TOT network.

So before making such a statement, check first that you're also correct.

It was more a question than a statement, and is the purpose of this internet forum not educating but to function as a medium for correct statements?. Lets help here each other a bit to understand how things work and why deserves TOT such a courtesy, it has cost a lot of time and frustration trying get the mail working.

[alex_aka_P]

How it's possible that any ISP has an open SMTP server, those servers get blacklisted in notime.

It's possible because it's not open.

It's allows unauthenticated connections from the TOT IP range, which is a very normal practice for every ISP who offers a mail server for sending out mail.

The current smtp server (118.175.8.10) does not allow connections from outside the TOT network.

You are trying to tell me that NO ONE of TOT customers (say, half of this country) sending spam - through their beloved SMTP by default? Or noone of TOT client's computers get bot'ted? Why not - it will be fully accepted by the TOT's SMTP...

Dont make me laugh, bro. The thai portion of spam still around us. Especially at this country with low-level education (in IT, too). I have seen HUNDREDS of workers who are clicking on EACH .exe file received by email from somewhere. Without antivirus (or with, but never updated since installation), of course.

[Prasert]

How it's possible that any ISP has an open SMTP server, those servers get blacklisted in notime.

It's possible because it's not open.

It's allows unauthenticated connections from the TOT IP range, which is a very normal practice for every ISP who offers a mail server for sending out mail.

The current smtp server (118.175.8.10) does not allow connections from outside the TOT network.

You are trying to tell me that NO ONE of TOT customers (say, half of this country) sending spam - through their beloved SMTP by default? Or noone of TOT client's computers get bot'ted? Why not - it will be fully accepted by the TOT's SMTP...

Dont make me laugh, bro. The thai portion of spam still around us. Especially at this country with low-level education (in IT, too). I have seen HUNDREDS of workers who are clicking on EACH .exe file received by email from somewhere. Without antivirus (or with, but never updated since installation), of course.

I'm not trying to tell you that no spam is sent by TOT-connected computers.

I'm not trying to make you laugh, bro.

But I do ask you to read the posts again, and then think.

[Guest Reimar]

Prasert is right: the SMTP of the ISP's are NOT open. To use an SMTP Server of an ISP in Thailand, you need to be on the Network of that ISP.

But Spam is a different game. Even for the ISP sometimes difficult to handle because the Spammers using all possible ways to get their spam out and running. And you can't blame the ISP for that.

The controlling of spamming is a very difficult task even on havy censored networks which isn't the fact in Thailand.

Cheers.

[Veazer]

Dont make me laugh, bro. The thai portion of spam still around us. Especially at this country with low-level education (in IT, too). I have seen HUNDREDS of workers who are clicking on EACH .exe file received by email from somewhere. Without antivirus (or with, but never updated since installation), of course.

I was a network admin for a consulting company in the late 90s. At the time there were occiasional viruses that would arrive in the mail server that were not yet in servers antivirus signature database, the antivirus companies were a little slower to respond in those days.

At nearly every weekly meeting i would remind users to not open mysterious attachments, .exe attachments, etc. but the instructions would always fall on deaf ears. Finally i got tired of it and made a script file that would maximize the volume levels of a person's computer and play a loud alarm noise. Then i would send it out to various people at the company from random fake emails addresses. It was quite entertaining to sit there with my office door open and actually hear which employees were dumb enough to open it.

[tuky]

That reminds me of the email file that got sent around a few years ago, when opened it yelled out "I am looking at porn"

caused a few red faces in the office that is for sure.