Jump to content

spammer spoofing spamcop addresses?


MyNameHere

Recommended Posts

Posted

It looks like someone is sending spam using gmail but spoofing my SpamCop address. The bounces are being sent by gmail, but when I look at the headers of the "bounced" message, I see this line:

Received: from h216-45-119-187.dynamic.matriksdata.com (HELO [192.168.1.188]) (myaccount[at]spamcop.net[at]216.45.119.187)

by frontend9.matriksdata.com with SMTP

(f3fb9070-6e17-11e1-8f08-001143d827f1); Sat, 16 Jun 2012 09:48:08 -0500

Note that the 216... IP is a Canadian address and 192... is a special reserved private address block:

Addresses from this block can be used by

anyone without any need to coordinate with

IANA or an Internet registry. Addresses from

this block are used in multiple, separately

operated networks.

Is it reasonable for me to assume that I have nothing to do with these emails and that a spammer is spoofing my address?

Is there any point in reporting these bounces to anyone (gmail, for example)?

Thanks!

Posted

If you didn't send them, gmail shouldn't be bouncing them to you. They need a heads up to fix that, if they're smart enough/motivated enough. If these are being bounced direct to your SC account you should be able to give them reports through SC (abuse[at]google.com). Bounces are reportable (to gmail), just don't attempt to extract the bounced message to report that to the origin's abuse address - that is gmail's problem. Have you tried SC reporting one of the bounces?

Posted

Please send me a complete copy of the bounce email so I can see all the details.

service[at]spamcop.net

Thanks!

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Posted

The SpamCop parser found that the failure messages came from Google.

Here is one of the reports.

None of the recipients of bounced messages is from my contact list, so I don't think these have any connection to me other than a spammer's decision to forge a SpamCop address.

P.S. The failure messages were in my Inbox, not my Held Mail.

Posted

The SpamCop parser found that the failure messages came from Google.

Here is one of the reports.

None of the recipients of bounced messages is from my contact list, so I don't think these have any connection to me other than a spammer's decision to forge a SpamCop address.

P.S. The failure messages were in my Inbox, not my Held Mail.

You have to copy the www bit (can't access mailsc without your password)

Not that I disbelieve you just want to see it could be a compromised account.

Not had any Gmail spam for ages. A lot of spammers put a Gmail addy on the from

Why I blacklist all mail from Gmail.com, Yahoo.com, Hotmail.com, etc

Posted

Sorry for my ignorance, but I submitted those by forwarding them to SpamCop reporting, not quick reporting via webmail, so I don't know how to get the WWW link.

???

Posted

Thanks MyNameHere. I'm no great shakes at analysis but it looks to me like gmail had three possible sources in the original spam (77.52.252.42, 124.40.41.92 = AKAMAI/Spamcop via the munged domain/address - and 216.45.119.187) - and they unerringly picked the least justified and most easily spoofed of the lot when they picked you. Fair to say they had dropped the connection before they realised stevens_rt[at]192.101.80.17 was not a deliverable address and there is no way they should have tried to return the message (to anyone).

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...