Javier Posted August 6, 2013 Share Posted August 6, 2013 Hello at all. I am receiving several notifications of 'Delivery Failure' from MAILER-DAEMON[at]c60.cesmail.net about email messages that I have not sent (in fact, the recipients are unknown for me). They are like these: The following message to <--edited--[at]twcny.rr.com> was undeliverable. The reason for the problem: 5.1.0 - Unknown address error 550-'5.1.1 - Invalid mailbox: --edited--[at]twcny.rr.com' The following message to <--edited--[at]mac.com> was undeliverable. The reason for the problem: 5.1.0 - Unknown address error 550-'5.7.0 Blocked - see https://support.proofpoint.com/dnsbl-lookup...216.154.195.49: --edited--[at]mac.com' The following message to <--edited--[at]aol.com> was undeliverable. The reason for the problem: 5.1.0 - Unknown address error 550-'5.1.1 <--edited--[at]aol.com>: Recipient address rejected: aol.com' Any hint about the cause of this issue? Javier.- Link to comment Share on other sites More sharing options...
petzl Posted August 6, 2013 Share Posted August 6, 2013 Hello at all. I am receiving several notifications of 'Delivery Failure' from MAILER-DAEMON[at]c60.cesmail.net about email messages that I have not sent (in fact, the recipients are unknown for me). They are like these: Any hint about the cause of this issue? Javier.- 216.154.195.49 is SpamCop email SMTP (send) server Someones account has been compromised? https://www.senderscore.org/lookup.php?look...p;ipLookup.y=10 this site updates every few hours This figure should be 99 to drop like this indicates it's spewing spam and hitting spamtraps as a precaution log into webmail and change your password also a spyware scan Link to comment Share on other sites More sharing options...
Javier Posted August 7, 2013 Author Share Posted August 7, 2013 216.154.195.49 is SpamCop email SMTP (send) server Someones account has been compromised? https://www.senderscore.org/lookup.php?look...p;ipLookup.y=10 this site updates every few hours This figure should be 99 to drop like this indicates it's spewing spam and hitting spamtraps as a precaution log into webmail and change your password also a spyware scan Hello, thank you for your reply. I have changed the Spamcop webmail password and have run a full scan (no virus nor spyware detected, however). Today I have received another fifteen or sixteen more of these notifications. As I have seen that other member have posted about this same issue I'm thinking that a sort or header spoofing is behind this. Link to comment Share on other sites More sharing options...
mikemars Posted August 7, 2013 Share Posted August 7, 2013 If it's a 550 bounce then it isn't a simple 'joe-job' reply-address spoof. IMHO that indicates that the spams are genuinely being sent from the spamcop email server (but probably not from your account). Link to comment Share on other sites More sharing options...
petzl Posted August 7, 2013 Share Posted August 7, 2013 Hello, thank you for your reply. I have changed the Spamcop webmail password and have run a full scan (no virus nor spyware detected, however). Today I have received another fifteen or sixteen more of these notifications. As I have seen that other member have posted about this same issue I'm thinking that a sort or header spoofing is behind this. Seems a "perfect storm"; SC email is catching up, or trying to, same time as it's spewing spam! Might not be you. but better safe than sorry don't hurt to change passwords and scan. For windows spybot is preety good and free for home use http://www.senderbase.org/senderbase_queri...=216.154.195.49 The volume (send change) is now down from over 2000% increase to 720% at present A good freeware "Gadget" for windows desktop to monitor upload download speeds is here http://addgadgets.com/network_meter/ Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted August 7, 2013 Share Posted August 7, 2013 5.1.0 - Unknown address error 550-'5.7.0 Blocked - see https://support.proofpoint.com/dnsbl-lookup...216.154.195.49: If you could send me a complete copy of that delivery failure notice, I would appreciate it very much. Please use the PM feature of this forum. - Don D'Minion - SpamCop Admin - - Service[at]Admin.SpamCop.net - . Link to comment Share on other sites More sharing options...
ken Posted August 7, 2013 Share Posted August 7, 2013 5.1.0 - Unknown address error 550-'5.7.0 Blocked - see https://support.proofpoint.com/dnsbl-lookup...216.154.195.49: If you could send me a complete copy of that delivery failure notice, I would appreciate it very much. Please use the PM feature of this forum. - Don D'Minion - SpamCop Admin - - Service[at]Admin.SpamCop.net - . I'm getting the same problem. I have already changed my password, and am reasonably confident that the mail is *not* originating from me. If you would like a copy of the mail, I'm more than happy to pass an example on. Ken Link to comment Share on other sites More sharing options...
petzl Posted August 7, 2013 Share Posted August 7, 2013 I'm getting the same problem. I have already changed my password, and am reasonably confident that the mail is *not* originating from me. If you would like a copy of the mail, I'm more than happy to pass an example on. Ken Do it please (takes maybe 20 hours for Don to get it by the mail I'm now getting Link to comment Share on other sites More sharing options...
email_support Posted August 7, 2013 Share Posted August 7, 2013 Hello, thank you for your reply. I have changed the Spamcop webmail password and have run a full scan (no virus nor spyware detected, however). Today I have received another fifteen or sixteen more of these notifications. As I have seen that other member have posted about this same issue I'm thinking that a sort or header spoofing is behind this. Please write to me at support [at] cesmail.net and include a couple of copy/pastes of the complete bounce message including all headers and the text. TY Link to comment Share on other sites More sharing options...
Javier Posted August 7, 2013 Author Share Posted August 7, 2013 5.1.0 - Unknown address error 550-'5.7.0 Blocked - see https://support.proofpoint.com/dnsbl-lookup...216.154.195.49: If you could send me a complete copy of that delivery failure notice, I would appreciate it very much. Please use the PM feature of this forum. - Don D'Minion - SpamCop Admin - - Service[at]Admin.SpamCop.net - . Hello Don. I have PM'ed you two of these emails. If you need some more, please let me know. The delivery failure notices from Yahoo have more details, as they include part of the "original" message. I'm not an expert, but looking at them I would bet that an spammer have spoofed (or get a foot into) the SpamCop mail server. Regards, Javier.- Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted August 8, 2013 Share Posted August 8, 2013 Please send the information to support [at] cesmail.net as they requested. - Don D'Minion - SpamCop Admin - - Service[at]Admin.SpamCop.net - Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.