Jump to content
Sign in to follow this  
kmp

Bounced mail from ISP?

Recommended Posts

I am, all of a sudden, getting several of my own reports sent to my (regular) email address...

These are all SpamCop reports that I've sent regarding IP address 84.97.101.2; what I'm trying to understand is how these reports have gotten to me.

Looking at the headers, there is no evidence at all that they came through my ISP, nor to any address that I use, nor any address that I own.

Here, for example, are the headers from one of the messages that I received... it's otherwise just a normal SpamCop report:

Return-Path: <1035874640[at]bounces.spamcop.net>

Delivered-To: test-abuse[at]gandalf.gaoland.net

Received: from dns2.gaoland.net (dns2.gaoland.net [212.94.162.33]) by gandalf.gaoland.net (Postfix) with ESMTP id AE0EB1B6AF for <test-abuse[at]gandalf.gaoland.net>; Fri, 28 May 2004 21:19:36 +0200 (CEST)

Received: from aubade.gaoland.net (aubade.gaoland.net [212.94.162.69]) by dns2.gaoland.net (Postfix) with ESMTP id A5859F3104 for <test-abuse[at]gandalf.gaoland.net>; Fri, 28 May 2004 21:19:36 +0200 (CEST)

Received: by aubade.gaoland.net (Postfix) id A97E383CB6; Fri, 28 May 2004 21:14:00 +0200 (CEST)

Delivered-To: abuse[at]gaoland.net

Received: from dns2.gaoland.net (dns2.gaoland.net [212.94.162.33]) by aubade.gaoland.net (Postfix) with ESMTP id 923AA83CB5 for <abuse[at]gaoland.net>; Fri, 28 May 2004 21:14:00 +0200 (CEST)

Received: from smtp2.ldcom.fr (smtp2.ldcom.fr [62.39.9.137]) by dns2.gaoland.net (Postfix) with ESMTP id 7E162F3104 for <abuse[at]gaoland.net>; Fri, 28 May 2004 21:19:36 +0200 (CEST)

Received: from smtp2.ldcom.fr (localhost [127.0.0.1]) by smtp2.smtp2.ldcom.fr (Postfix) with ESMTP id 5FDD87D24A for <abuse[at]gaoland.net>; Fri, 28 May 2004 21:17:06 +0200 (MEST)

Received: from ldcomsw00108.burv.ldcom.ad (ldcomsw00108e0.cbv.ldcom.ld [10.92.48.97]) by smtp2.ldcom.fr (Postfix) with ESMTP id 3D53F7D23D for <abuse[at]gaoland.net>; Fri, 28 May 2004 21:17:06 +0200 (MEST)

Received: by ldcomsw00108e1.cbv.ldcom.ld with Internet Mail Service (5.5.2653.19) id <LFQ87BZH>; Fri, 28 May 2004 21:19:36 +0200

Received: from smtp2.ldcom.fr ([62.39.9.137]) by ldcomsw00169.burv.ldcom.ad with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id LFRA5K7Q; Fri, 28 May 2004 21:19:30 +0200

Received: from smtp2.ldcom.fr (localhost [127.0.0.1]) by smtp2.smtp2.ldcom.fr (Postfix) with ESMTP id DC6027D24A for <abuse[at]ldcom.fr>; Fri, 28 May 2004 21:16:59 +0200 (MEST)

Received: from vmx1.spamcop.net (vmx1.spamcop.net [206.14.107.113]) by smtp2.ldcom.fr (Postfix) with ESMTP id D5A6E7D23D for <abuse[at]ldcom.fr>; Fri, 28 May 2004 21:16:58 +0200 (MEST)

Received: from sc-app2.verio.ironport.com (HELO spamcop.net) (192.168.11.202) by vmx1.spamcop.net with SMTP; 28 May 2004 12:19:26 -0700

From: "K. M. Peterson" <1035874640[at]reports.spamcop.net>

To: abuse[at]ldcom.fr

Subject: [spamCop (84.97.101.2) id:1035874640]Affordable pharmaceuticals (Phentermine,Valium,etc..

Precedence: list

Message-ID: <rid_1035874640[at]msgid.spamcop.net>

Date: 28 May 2004 16:52:31 -0000

X-SpamCop-sourceip:

X-Mailer: http://www.spamcop.net/ v1.316

[ SpamCop V1.316 ]

This message is brief for your comfort. Please use links below for details.

The only possibility I know of is that somehow my mail client is pulling mail from my SpamCop account and putting it into my "Master" account - but I don't have any automation that might do this, and it's only this one set of reports (4) that this has happened to.

Even if the headers I have are forged or otherwise inaccurate, I should at least have a Received: line from my ISP, pair Networks, and my MX (merau.pair.com) host...

Anyone seen anything like this?

Share this post


Link to post
Share on other sites

My first thought was that perhaps you had selected the "send me a CC: of the report" in your settings, but that wouldn't quite explain seeing the e-mail tracks through the ldcom.fr domain/servers ... so the next possible guess is that this report was "managed" somewhere that also added your "address" (the report number <at> spamcop) in a BCC: line ...??? I know you said "the rest is a standard ..." .. but I still have that funny feeling that there's just a bit of data missing that would clear things up ... but that's probably more driven buy the fact that I don't see the "real" answer in what you've provided ... and I hate that <g>

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×