Someone has started using our .ORG email domain, relaying spam messages.

We found out because we are now getting a ton of returned emails, although (1) we didnt send them, and (2) the FROM is a made up garbage name@ourdomain.org.

Is there anything we (at the ORG company, not at the ISP) can do about this?

Our ISP says they can cancel the name and give us a new one, but that's all they can do.

The person who said this may be the first level of support at our ISP.

If the ISP CAN do more, what do I tell them to get them to act (short of reading character for character, what they need to do)?

Thanks!

Are you hosting your own mail server, or is it being hosted somewhere else?

Your email system may be acting as a spam relay!
There are fixes you can apply
Are you running your own email system or hosting it externally!

But in the end anyone with the requisite hacking knowledge can spoof any email address from any organization due to the inherent bad design of the SMTP protocol!

Your ISP is most probably correct in what they say!

Tracing spammers whilst not impossible in all cases is a very laborious and time consuming problem which they would not have time to do for every customer on their books!
If you can grab IP addresses you can narrow it down to locations , ISP's.

An open proxy is an invitation to spammers. I would suggest hiring a real site admin and having him patch things up.

If you are getting a ton of bounces, then yes, your SMTP server may be an open relay. To close this down, ensure that (1) your SMTP server is configured to require passwords, and (2) every account has a secure password.

But it is also possible that the emails aren't going through your server at all. In most cases you can configure your email address to anything you like, no matter what SMTP server you use to actually send your messages. Of course, this is very spammer-friendly.

After a quick analysis of the full headers of a few bounces (and perhaps some SMTP traffic logs) your ISP should be able to tell you whether your server is actually being used as a spam relay, or merely being besmirched from afar.

The email server is being handled by ATT Global Crossing.

You can test your server for open relay by using smtp commands!

or try here

http://www.abuse.net/relay.html