Jump to content
Olof

Can SpamCop be used for...

Recommended Posts

We are seeing that someone is sending a lots of spam using a mail address (from and reply-to) that belongs to us (we've being spoofed). They are all sent from the same mailserver, and the content is classic spam in a lot of different variants. We are not the recievers of these mails, but we get all the autoreply (as the reply-to is spoofed too). We mainly see autoreplys from 2 targeted domains, that obviously lacking in checking DMARC and SPF, that would have stopped the mails as the origin mail server isn't an approved sender in our spf records. The sender is quite aggressive as we have received about 38.000 mails of this kind the last 7 days. I have blacklisted the mailserver that is sending the spam, so it is solved in that perspective for now, but it is of course not good for us that someone is sending out a lot of spam in our name.

I have read the a bit here about how to report, but not sure if I can report this behavior? I don't have the original mails as they aren't targeted to me. It is not the spam itself i wish to report, but the MTA that is hammering out spam.

Any suggestions?

Thanks

Olof 

Share this post


Link to post
Share on other sites

Did you read https://www.spamcop.net/fom-serve/cache/14.html? Scroll down to Messages which may be reported:

I understand your frustration. Every once in a while one of my domains cycle through the spammer's list of forged "FROM:" or "REPLY:"  Although the admin of the domain receiving the original spam must not have a clue about the difference between FROM: and the IP address of the real source, reporting their invalid bounce messages my get their attention.  If you are nice you could include a note in the spam Report explaining the difference.

Share this post


Link to post
Share on other sites
12 hours ago, Olof said:

We are seeing that someone is sending a lots of spam using a mail address (from and reply-to) that belongs to us (we've being spoofed). They are all sent from the same mailserver, and the content is classic spam in a lot of different variants. We are not the recievers of these mails, but we get all the autoreply (as the reply-to is spoofed too). We mainly see autoreplys from 2 targeted domains, that obviously lacking in checking DMARC and SPF, that would have stopped the mails as the origin mail server isn't an approved sender in our spf records. The sender is quite aggressive as we have received about 38.000 mails of this kind the last 7 days. I have blacklisted the mailserver that is sending the spam, so it is solved in that perspective for now, but it is of course not good for us that someone is sending out a lot of spam in our name.

I have read the a bit here about how to report, but not sure if I can report this behavior? I don't have the original mails as they aren't targeted to me. It is not the spam itself i wish to report, but the MTA that is hammering out spam.

Any suggestions?

Thanks

Olof 

Report one to see what SpamCop makes of it, and submit
Before submitting, at top of report page is a tracking link, copy it and save.
spammers also use reply addresses 
Spoof may well be from spammer

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×