Jump to content

[Resolved] newbie: delivery status notification (failure) - find source of spoofed email?


spamnewbie

Recommended Posts

Hello,

I apologize in advance if this is the wrong place to post this question... I am a complete neophyte when it comes to this stuff (just a typical computer end-user) and I am hoping someone here would be kind enough to either help me directly or point me to some resources that can help me. I have tried researching this topic on the web but it quickly gets too technical for me to understand.

I am getting occasional "delivery status notification (failure)" messages for emails that I have not sent (and are clearly spam). I am trying to discern two things:

1) Whether these messages are legitimate (i.e. did a mail server somewhere truly get a spam message with my return address and then bounce it back to me) or is this email itself a form of spam that has been sent to me in an effort to get me to click on one of the embedded links?

2) More importantly: has someone legitimately compromised my email (or computer or phone) and are they using it to send spam?

Plugging the complete bounced message into spamcop.net returns a long report, but I am unable to parse it due to not knowing enough about how the technical underpinnings of email works. Plugging in just the "body" of the text (i.e. what looks like a header that was bounced back) results in spamcop telling me that I have not included a properly formatted header.

Ideally I would just like to know that (hopefully) someone is spoofing my email address, and I am looking for a method that would allow me to either confirm or deny that fact.

I have not pasted in the original message here because I read in one of the FAQ's that it was suggested we not do that. I am willing to post it here (or portions of it) if that is requested. Any guidance would be greatly appreciated.

Link to comment
Share on other sites

Ideally I would just like to know that (hopefully) someone is spoofing my email address, and I am looking for a method that would allow me to either confirm or deny that fact.

The good news is that the easiest thing to forge in an email header is the REPLY-TO: Return-Path: . The bad news is that many ISP (that don't know any better) use those lines to bounce email instead of taking the time to do what spamcop does and parse the email header to find the real unspoofable source of the email. My domain has gotten on someone's list and sometimes I get 15-20 bounces a day, then nothing for a while.

Of course there are other possibilities but spoofing is most likely. If you had included the TRACKING URL then "we" all could look at what evidence you have.

Link to comment
Share on other sites

If a message that you didn't send gets bounced back to you, that probably counts as a misdirected bounce.

I agree with LKing: if you are able to provide a tracking URL, we might be able to assist in your analysis of what's going on.

I'd suggest that it's probably better to report the misdirected bounce rather than the message that was bounced. The bounce/NDR/DSN is spam you received, and the bounced message is the intended recipient's spam.

Link to comment
Share on other sites

Thanks all for the really quick replies.

Here is the tracking URL (I think):

http://www.spamcop.net/sc?id=z5921826966z6...1c01fb48de096dz

Let me know if I did that wrong.

The tracking link you provided is perfect. Though, I do find it interesting that the message appears to have started inside of google? Most definitely not something I would have sent and it is not showing as coming from the everything.net server. I would call this a misdirected bounce.

Link to comment
Share on other sites

The tracking link you provided is perfect. Though, I do find it interesting that the message appears to have started inside of google? Most definitely not something I would have sent and it is not showing as coming from the everything.net server. I would call this a misdirected bounce.

Thanks for looking and for the info. I really appreciate it.

Link to comment
Share on other sites

One more question. Should I then complete this report via spamcop or cancel it? I'm not sure if this counts as spam or not.

As lisati mentioned, that a misdirected bounce is spam. This is because you are sent the email without sending a related email first. See http://forum.spamcop.net/scwik/Bounce for more information.

If a message that you didn't send gets bounced back to you, that probably counts as a misdirected bounce.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...