Someone "hijacking" domain name

[sunshinesky]

We have two domain names that we have purchased and own. Someone is using them to send spam. They are sending spam from an original address that is not ours and then using our domain names (like name@domain.com) as the "from" address in the emails.

We have contacted our ISP, ICAAN and others. They have no idea what to do or how to stop it, even saying it is not theirs to help us.

Please don't tell me about all the nightmarish things about someone doing this to us. It is frightening enough seeing all the return emails coming back to us from people we didn't email to.

Please help us understand how we can find out who is doing this and/or get them to stop. I have received these spam emails as we must be on some spam list (like most people are). I went to properties and found the source numbers (i think they are IP address numbers) of where the emails might be coming from but don't know how to look it up.

It feels like someone has "hijacked" our domain names. Can you help us get them back and stop this from happening in the future? It started with one domain name. Now they are using another one of ours.

Thanks

[the tree]

It's surprisingly simple to fake the "from" header.
To look up an ip adress you could just type it into a browser adress bar or use a WhoIs Lookup.

I'd advise that you leave a message on your homepage explaining the situation.

[felgall]

You can't stop people sending mail that claims to come from your domain. Most spam just grabs two email addresses and uses one as the To address and the other as the From address. The email doesn't originate anywhere near either address. The problem is with mail servers that are set up to bounce certain types of emails which then send the spam to the second address instead of the first and are therefore contributing to the spam problem instead of helping solve it.

You can stop spam actually being sent via your domain. Your hosting provider should be able to assist with that.

[mdoigny]

SPF was created to reduce spoofing of "from" addresses, but it's not well implemented.
Basically, you create a special TXT record in DNS indicating the IP's and servers that are allowed to send mail from your domain. Since the domain owner is the only one having access to DNS records, users can rely on this information.
When a mail server receives mail, it checks for the presence of the DNS SPF TXT record and allow or block the mail. But the number of mail servers that perform SPF checks is very limited, so for now it's quite useless. In think hotmail performs SPF checks, but none of our national ISPs do.

The originators of SPF didn't update their website in 2005, so it's possible that SPF will be dead meat within some months.