How did they do it to me??

[Miss Betsy]

Any advice on how to handle this PLEASE??

Thanks so much for your help,

Sounds to me you are doing a good job! You might want to brush up on 'assertiveness' training (one technique that I remember is to have an action that you want them to do - for instance, I want assurance that this affliate will never use my domain again, and keep repeating it whether or not it is relevant to what they say (i.e. thank you for your information, but I want ............. Please connect me with someone who has the authority to make it happen.); also insist on speaking with a supervisor or someone who can make the action happen. You may have to settle for speaking with a supervisor before you can effectively repeat what you want.)

Another is to put a disclaimer on your web site.

Can anyone tell me what's happening here? You help is appreciated.

I looked a few posts back in this topic and didn't see an explanation of how you get a bounce. Basically, if the receiving server accepts an email and there is no email account by that name, they can send an email to whatever email address is in the return path and tell them that it is undeliverable. Before spammers this was a useful thing. However, as in your case, the spammers and virus writers are forging the return path so you are getting 'bounces' for emails you didn't send and it is as annoying as spam (partly because they are spam emails).

There is little that can be done. Usually, they stop after a short time. There are enough people who understand even more than I do about email who are affected - some of whom are mad enough to attempt finding the spammer and complaining 'assertively' enough that the spammer is shut down. If you have time, you can learn how to do it. However, it is very timeconsuming.

And I thought bounces were now reportable. Perhaps you should send a copy to the deputies (deputies <at> spamcop.net)

Miss Betsy

[hugo]

Yes, you are quite correct.  I seem to tick people off when I take things literally or try to correct the wrong use of terminology, but ... in this case, I did a search on "forged address" amd came up with lots of hits, picking this as the most recent/worked-over discussion.  As soon as I post this, I'm going to go move/merge yet another one in this same "issue area" .. noting that the Title on that Topic was "Alias return addresses" ....  which is a long ways down the road from "forged address" ...

Anyway, hugo (and mpbmari) advised via PM of the move/merge of the original post from the Reporting Help Forum into this existing Topic.

23801[/snapback]

Okay... many thanks to Wazoo for moving my message here. From reading the other messages in this thread I think I understand what is happening.

What I'm not sure of is whether or not I am the actual target of the 'bounced' spam message. I think I am, though, because what seems to be happening is that the spammer is sending his crap to a non-existent e-mail address and forging my address as the sender. Therefore, the message is bound to come back to me. Unless... the addressee is actually real, and has used a bounce function in his mail software. I have that function in Mail, the Mac application that comes with Mac OS X.

Also, I still don't understand why Spamcop says not to report spam-laden bounces, unless by their nature they are too old (more than 24 hours). Anyone have any ideas? I understand from other message in this thread that it is possible to tell from the long-header whether the address the spam is bounced back to is the real originator or not (although I don't know how myself) so presumably it's possible to trace the IP of the spammer...

Lastly, I wonder why these spam-bounces never seem to get stopped and held by Spamcop's filters?

Hopefully, with help here I'll be able to understand all this

[Miss Betsy]

What I'm not sure of is whether or not I am the actual target of the 'bounced' spam message.

No, IMHO, you are not. Spammers seem to pick addresses for forging at random.

There are several types of responses to forged email that SpamCop has in the past prohibited. However, these messages have become a big enough problem that we now allow them to be reported as the spam that they technically are.

Examples of messages in this category:

1. Misdirected bounces

In the past, spamcop did not allow the reporting of 'bounces' (and I hope you never use the function you have!), because the ones who were doing the bounces were doing so according to the 'rules.' However, most awake server admins know that to 'bounce' as in send an email after accepting the email goes to innocent parties more often than legitimate recipients, and so the spammers have spoiled another useful function. Therefore, apparently spamcop has decided to report (and add to the blocklist) those who use email bounces. You still cannot report the spam contained within the bounce because it is not yours.

IIUC, the parser is being gradually modified so if you have submitted a 'bounce' to be parsed and it was refused, you can send it to the deputies so that that particular code can be changed to allow it to go through.

Miss Betsy

[Wazoo]

Back when the "net" was developed, its future was based on use by U.S.Government entities, one of the primary features was the 'self-healing' that would allow continued connectivity between other entities even after certain portions of the network had disappeaed from the face of the earth. Developed within that environment, the concept of some idiot abusing the network was not one of those items considered. Thus the ease of spammer abuse, not being of the type to be trusted with sharp tools ...

Being singled out as a specific target is not outside the probabilities of truth, but ... these days it's more seen as your turn in the barrel ...

Bounce reporting was an option in the early days of the SpamCop system. However, ISP actions, spammer learned constructs, and reporters without a clue all worked towards the blanket "no bounce reporting" era. Some ISP bounces contained the complete bounced e-mail, some only sent snippets of the e-mail or perhaps just the bounce message itself, spammers played games with the forged addresses again, and some folks reported everything they received, so way too many USPs were receiving spam complaints about their bounce message (therefore having no relationship to the actual spam) ....

Basically, the problem in reporting through the SpamCop parser is that the parser has to sart making decisions based on what it sees ... was the spam constructed to confuse the parser, was the reporter usinf his/her tools the right way to obtain the sata submitted, did the submittal survive the transfer from the user's InBox to the parser intact .. on and on ... only then getting to looking at the details ...and somehow the code must habdle all these issues gracefully ....