cancel
Showing results for 
Search instead for 
Did you mean: 

Freenetname domain - impersonation/ domain spoofing

Thorneyfields
Dabbler
Posts: 15
Thanks: 2
Registered: ‎19-10-2019

Freenetname domain - impersonation/ domain spoofing

Hi

 

A long time ago I set up a domain at Freenetname. I now retain the email forwarding for my primary address, whilst retaining the domain.

 

All OK - except that this week I have suddenly had many new email addresses suddenly appear with my domain name. I only know this because I see them in my master email account as they attempt to register with similar names at myMail and requests to reset passwords at Humble Bundle.

 

Does anyone know how I can prevent this and clear up the current contamination? I've not done anything with the domain settings since I set the account up in 1999. In fact I wouldn't know how find where to make any changes.

 

Any help here would be much appreciated. This may be very annoying right now but I am concerned it could turn into a more serious hack.

 

Thanks.

7 REPLIES 7
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,930
Thanks: 5,017
Fixes: 317
Registered: ‎04-04-2007

Re: Freenetname domain - impersonation/ domain spoofing

I'm struggling to follow your description, however the first thing I would suggest you do is change your Freenetname password.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Thorneyfields
Dabbler
Posts: 15
Thanks: 2
Registered: ‎19-10-2019

Re: Freenetname domain - impersonation/ domain spoofing

Hi - thanks, I've done that now that I found the Madasafish site. Fingers crossed another heap of aliases won't appear any day soon.

 

Thanks for responding. 

corringham
Seasoned Champion
Posts: 1,394
Thanks: 724
Fixes: 19
Registered: ‎25-09-2015

Re: Freenetname domain - impersonation/ domain spoofing


@Thorneyfields wrote:

...this week I have suddenly had many new email addresses suddenly appear with my domain name. I only know this because I see them in my master email account as they attempt to register with similar names at myMail and requests to reset passwords at Humble Bundle.

Just to be clear, do you mean you have received emails addressed to non-existent addresses with your domain - or have new e-mail accounts/aliases been created?

I'm guessing you mean the former. The latter would mean your account has been compromised, but the former is just people making up addresses to put on on-line forms (for various, possibly nefarious, reasons).  I run a number of domains, and see lots of these - I do monitor them, but only worry if there is a response to something that looks as if it is a reply to something sent from one of my domains (that has only happened once and was a fairly sophisticated scam).

Thorneyfields
Dabbler
Posts: 15
Thanks: 2
Registered: ‎19-10-2019

Re: Freenetname domain - impersonation/ domain spoofing

Hi - I think it's the former. But I am unsure how to check if anything has been set up.

 

The reason I think it's the former is because the email addresses I've seen returned from myMail etc have been simple variants on my email address i.e. same address but with a number tagged on; it also seems like they stopped after a number of attempts (<20).  There have been no replies received other than those which appear to be from completed forms as you suggest.

Having changed pretty much every password to something stronger and individual it's a watching brief now I guess. (And, yes, I know I should have done so ages ago and regularly. This is all schoolboy error stuff on my part.)

 

Thanks for yr help.

Thorneyfields
Dabbler
Posts: 15
Thanks: 2
Registered: ‎19-10-2019

Re: Freenetname domain - impersonation/ domain spoofing

btw - I saw this at Nominet, whilst trawling for help. Can anyone advise on how to action this?

 

Nominet - DNS.jpg

corringham
Seasoned Champion
Posts: 1,394
Thanks: 724
Fixes: 19
Registered: ‎25-09-2015

Re: Freenetname domain - impersonation/ domain spoofing

There is a nice overview of DNSSEC at The Internet Society

Basically, your top level domain must be signed (it will be if it is a .com or .co.uk, more obscure country codes may not be), and both your domain registrar and hosting provider must support DNSSEC.

With Freenetname, I doubt DNSNSEC is an option but someone else may be able to say for certain.

EDIT: Just to add that I wouldn't worry too much about DNSSEC for a small non-commercial domain - man in the middle attacks aren't common and require some effort, so a site with no commercial value isn't a likely target.

Thorneyfields
Dabbler
Posts: 15
Thanks: 2
Registered: ‎19-10-2019

Re: Freenetname domain - impersonation/ domain spoofing

That is really helpful - mine is a .co.uk. - hoping this is a non issue. However, having been spooked I will investigate. Thanks again.