Asterix Posted May 25, 2011 Share Posted May 25, 2011 Either I've annoyed a spammer or it's just my lucky week, but some scammer sending out a range of advance fee fraud emails is using the address Juancforero<at>cable.net.co as the sender. I've no connection to that address or the ISP in question. The problem is that it appears they have set the above address to automatically forward email to my account, namely the hundreds of bounces and out-of-office replies. In a normal misdirected bounce situation, those emails are reportable as spam since the bouncing server should not be sending email to whatever address happens to have been forged in the 'from' field. However with this apparent forwarding setup, bounces are apparently being legitimately sent but I've been reporting them through SpamCop and apparently annoying abuse desks. Below is a sample reply to the SpamCop report: Your address Juancforero[at]cable.net.co has sent us a large amount of mails from the server ironport2.cable.net.co which seems to be your outgoing mailserver. Please explain to me why you are reporting us for unsolicited bounces to that when you get auto-replies to the mails sent. It looks to me like you should be reported for spamming? If we cannot resolve what it is you have misunderstood or have been a victim of we will of course speak to spamcop regarding your false reports against our servers instead. Abuse [at] One.com 5514451308[at]reports.spamcop.net wrote: > [ SpamCop V4.6.1.007 ] > This message is brief for your comfort. Please use links below for details. > > Unsolicited bounce from: 126.96.36.199 > http://www.spamcop.net/w3m?i=z5514451308z4...9048b6f8aa9754z > 188.8.131.52 appears to be sending unsolicited bounces, please see: > http://www.spamcop.net/fom-serve/cache/329.html > > [ Offending message ] > X-Apparently-To: x via 184.108.40.206; Wed, 25 May 2011 05:33:09 -0700 > Received-SPF: none (mta128.mail.sp2.yahoo.com: domain of > autoresponse[at]mx-r.b-one.net does not designate permitted sender hosts) > X-YMailISG: 00zzuaIcZApPI7wBZKmGyzpIWsSk2KnjeLZvttigTe5XuK_4 > 0Z8S6DIOdYg.IVfp4poRYWjm6sdUNz5GnUIbma0Ei2lo1Y4ovbF7Rhg8mGS1 > kzHh_JyKQf1cb1oP12wZR6Q.u_u79PNsuFIy4TuMDLNOItpSBso9756Dt8qI > lVNbVOwya3205RP.FTZbVPyEbQHbgCNwyHAoJnPcj2oaqjhS5BcaXzrmemsw > l2GC7xzwuSjjCEqtWLoFGaa6aWwPV4PucyecYR_v2gr1LwsuiVbN8AOghqNJ > IUMXTY3suLkL5_4aM6FTbSrGz5JUW3tw62c.p6PJ78wgMBqigjgEicKSCx.Z > x4Htz303zqRzSi8Y6ODUHaVdkozWCg5JSM1x9GkMOb21gFNzjHsaWe4yn4VD > 7Z.sEBELpFdlfkpw3Xvv0.gEBq3KIdOtAmUU2.BwPcsnwqd1iMGok1oxlTjF > CKFCPLqzn0crFBpJcWzOxsGxV_vRX5tD6HRz4G2n1dmM8Ir8V6d2wjlD1Zk5 > TRcugwJcIdbU32YF.2qcDZwJsmQ3otIWDDu0_L9Uo8fUyYs5nHLnRZsgr3G1 > kJkY7Kmq_ugTamYeuMaPfWOdO3n2aDIE1NugmqPBq_sugBb991IQ.2jI75vd > d5kTx7DGX6ogoGV5zLByr8VEni5UG3xz7Ion56qRSvtIvt.xOR4uFq8aoQsO > qX_FCsl89oVqRrUJZOjNYnJdvIwCkwY2sHARacDE8kxL5IUD27WhZFeYX2jE > OCsWy0nk3pmMExmUkR0kWpQB.nLpnI5UutTi.Vv835OZCtpKYXxfWXMYCCs4 > zWxt1Ez0D3CknU6_tD5vw05IPOdKYnzaILtUj1wCQtKZD0eoZrZVfActJlsT > czwxNymljYWHConBHYeOKcx5yP9xcvUz1651ZKl1JmB8GzmCHOuPLt2xblby > HXhVMkRvhO5nXE41k73MNqeODABo0MQvRo79Q6YsR3n4K36nQBydglZqRsI1 > fVDw0S3A28J89YjB9MXtWJMkA3Vu6KC_BHKLUjg2IzODGZYdPrvRVL3iIA_Y > Pxv8BQPYdd2AKhzzS3KXGYlIW0Nr_kH9d2jpgVjR8UTkwfzoy0hR0306l_FD > SwMlpKWE6.iUBJT1_Dr7iI0rAb9cm9SLnqC5HGc_EFERTRblEkcg_Ku9TivC > gM1Ijg_4NJNKyJcs_wSvvh7vs7UBQepIiL_euwNdp.m09nFlKrhQAWg_phvi > LHP1XPinhh2W8TXFwS.fy9v8jSlCUxHdGTxchd5Bh7DzagnsiM8Fu_.2wptc > M9_5R2fvWlQHMRKIE.GAflU- > X-Originating-IP: [220.127.116.11] > Authentication-Results: mta128.mail.sp2.yahoo.com from=hpvinfo.se; > domainkeys=neutral (no sig); from=hpvinfo.se; dkim=neutral (no sig) > Received: from 127.0.0.1 (EHLO ironport2.cable.net.co) (18.104.22.168) > by mta128.mail.sp2.yahoo.com with SMTP; Wed, 25 May 2011 05:33:09 -0700 > X-IronPort-Anti-spam-Filtered: true > X-IronPort-Anti-spam-Result: > Ai4HAB323E2sHwID/2dsb2JhbACEXZNIjgV4iGmdbI4jkHyBK4NqgQcElQIJiiw > X-IronPort-AV: E=Sophos;i="4.65,266,1304312400"; > d="scan'208";a="246377481" > Received: from unknown (HELO vulcano.cable.net.co) ([172.31.2.3]) > by ironport2.cable.net.co with ESMTP; 25 May 2011 07:33:04 -0500 > Received: from ironport.cable.net.co ([22.214.171.124]) > by vulcano.cable.net.co (Sun Java System Messaging Server 6.1 HotFix 0.09 > (built Dec 14 2004)) with ESMTP id <0LLR001KM3QDYVI0[at]vulcano.cable.net.co> > for > x (ORCPT x); Wed, > 25 May 2011 07:23:04 -0500 (COT) > Received: from mx-r.one.com (HELO mx-r.b-one.net) ([126.96.36.199]) > by ironport.cable.net.co with ESMTP; Wed, 25 May 2011 07:33:03 -0500 > Received: by mx-r.b-one.net (Postfix, from userid 102) id F40E677A; Wed, > 25 May 2011 14:33:05 +0200 (CEST) > Date: Wed, 25 May 2011 14:33:05 +0200 (CEST) > From: info[at]hpvinfo.se > Subject: Auto: E-mail > To: x > Reply-to: info[at]hpvinfo.se > Auto-submitted: auto-replied > MIME-version: 1.0 > Content-type: text/plain; charset=UTF-8 > Content-transfer-encoding: 8BIT > X-IronPort-Anti-spam-Filtered: true > X-IronPort-Anti-spam-Result: > AuwBAB323E1bxqn5mWdsb2JhbACEXZNIjhkBAQEBAQgLCwcUJohpnWyOI5B8gSuDaoEHBIoylQU > X-IronPort-AV: E=Sophos;i="4.65,266,1304312400"; d="scan'208";a="578220753" > > Tack fÃƒÂ¶r ditt E-mail - vi ÃƒÂ¥terkommer. > New state of this ticket is : new -- SpamCop reports for these bounces are being sent to abuse<at>cable.net.co (owner of IP 188.8.131.52) as well as the bounce originator. Separate email to that abuse address bounces with the message the mailbox is full. So my questions: 1) Should reports be canceled for any reporting address other than that for IP address 184.108.40.206 (such as the Abuse [at] one.com complaining above)? 2) Is there anything further I can do to address the problem of the Juancforero<at>cable.net.co account automatically redirecting to my address? Thanks for any suggestions. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.