I have spamcop setup, plus firewall and up to date antivirus. I KNOW I don't have any virus on my system. But it looks like someone sending spams is spoofing my sender address. I am getting about 4 bounce back emails per hour from invalid addresses responding to emails I didn't send, where the sending address is spoofed at hgjkf@positech.co.uk (or similar).
It seems to be spam which is spoofing a random domain name as the sender, and I've been picked to be one of the spoofed domains. Is anyone else getting this? or know what I can do about it?
Im wary of reporting it to spamcop because I don't want positech.co.uk blacklisted.

Very unlucky :( Your best bet is to talk to your host, put up a notice on your site saying the e-mails aren't originating from you, and make it clear that you arent spending spam.

This has been happening a lot to me, and lots of other people I know running websites. It seems to be the latest spam technique. You'll probably get those bounces for a couple of days before it trickles off.

You could try using SpamCop and just watch very carefully which addresses it suggests emailing complaints to. If any of the addresses relate to your host, cancel the submission. But I think they're just forging the from field, and the headers will accurate tell who the spammer is.

I also think there's possibility to TRACK emails. That way you could know from where it comes from. Ask your service provider about this.

The website these guys were promoting (selling pirate software) is now down, and been down for hours, so I suspect they have been caught, or at least swamped by angry people like me ;)
Still getting a handful of bounces though.

Irritating :( hope you solve the issue 100%.

and notice: it's possible that some of the emails were sent before they got down, it can take 24 hours for email to reach you you know ;)

I just got a notice from my provider saying that spammers are hijacking form-to-mail CGI programs now. Glad I don't have one yet... :cool:

That's so grim. luckily it looks like the spam is dying out for me now, but something has to be done about these people.

Tips: Any form mail scripts we have are specifically designed to help prevent possible abuse. For example, they all check the referrer to make sure form input came from one of our urls, for our contact forms the to address is forced to our email so someone can't abuse this to spam others, and for send to friend forms it only sends a pre-canned email text messages so there is no opportunity to insert possible spam text.

the swine are back, this time here:
http://193.19.120.45/cdc/

Yeah be careful when you copy/download free CGI-scripts. Free form-mail scripts can be helpful, especially if you're new to web programming. But keep in mind, the source code for those scripts is freely available and there's a large group of abusers/hackers who look for inexperienced webmasters who put these scripts on their websites with default settings. Since the hackers/abusers know the ends and outs of the source code, they can very easily compromise your site/mail system.

This is why I tend to avoid "free" scripts. I custom code all my scripts. It'll take a fairly experienced hacker to compromise my system and not just your run-of-the-mill spammer.

If you must use a free script, be sure to change all the default values! If the script has a referrer check option, use it! Also, try changing the file name of the script. So for example, if the default name is "formmail.pl", then change it to "contact_mycompany.pl" This helps throw off a potential spammer since it's not instantly noticeable that you're using a commonly used mail script. Finally, in general just try to customize the script as much as your technical knowledge and time will permit.

Hope that helps some.

Brian's advice is great, especially the bit about "send to friend" forms. Be careful not to rely on the Referer field though, because it is one of the easiest things to forge, and some people browse with referer reporting turned off anyway. But it's a good extra line of defense.

Also, when forcing the to address, make sure you force it by embedding the address in the script itself, or at least checking it against a list of allowable addresses embedded in the script. Putting it as a hidden variable in an HTML form is (of course) no form of protection at all.