'Delivery Failure' notifications about emails that I have not sent

[Javier]

Hello at all.

I am receiving several notifications of 'Delivery Failure' from MAILER-DAEMON[at]c60.cesmail.net about email messages that I have not sent (in fact, the recipients are unknown for me).

They are like these:

The following message to <--edited--[at]twcny.rr.com> was undeliverable.

The reason for the problem:

5.1.0 - Unknown address error 550-'5.1.1 - Invalid mailbox: --edited--[at]twcny.rr.com'

The following message to <--edited--[at]mac.com> was undeliverable.

The reason for the problem:

5.1.0 - Unknown address error 550-'5.7.0 Blocked - see https://support.proofpoint.com/dnsbl-lookup...216.154.195.49: --edited--[at]mac.com'

The following message to <--edited--[at]aol.com> was undeliverable.

The reason for the problem:

5.1.0 - Unknown address error 550-'5.1.1 <--edited--[at]aol.com>: Recipient address rejected: aol.com'

Any hint about the cause of this issue?

Javier.-

[petzl]

Hello at all.

I am receiving several notifications of 'Delivery Failure' from MAILER-DAEMON[at]c60.cesmail.net about email messages that I have not sent (in fact, the recipients are unknown for me).

They are like these:

Any hint about the cause of this issue?

Javier.-

216.154.195.49 is SpamCop email SMTP (send) server

Someones account has been compromised?

https://www.senderscore.org/lookup.php?look...p;ipLookup.y=10

this site updates every few hours

This figure should be 99 to drop like this indicates it's spewing spam and hitting spamtraps

as a precaution log into webmail and change your password also a spyware scan

[Javier]

216.154.195.49 is SpamCop email SMTP (send) server

Someones account has been compromised?

https://www.senderscore.org/lookup.php?look...p;ipLookup.y=10

this site updates every few hours

This figure should be 99 to drop like this indicates it's spewing spam and hitting spamtraps

as a precaution log into webmail and change your password also a spyware scan

Hello, thank you for your reply.

I have changed the Spamcop webmail password and have run a full scan (no virus nor spyware detected, however).

Today I have received another fifteen or sixteen more of these notifications. As I have seen that other member have posted about this same issue I'm thinking that a sort or header spoofing is behind this.

[mikemars]

If it's a 550 bounce then it isn't a simple 'joe-job' reply-address spoof. IMHO that indicates that the spams are genuinely being sent from the spamcop email server (but probably not from your account).

[petzl]

Hello, thank you for your reply.

I have changed the Spamcop webmail password and have run a full scan (no virus nor spyware detected, however).

Today I have received another fifteen or sixteen more of these notifications. As I have seen that other member have posted about this same issue I'm thinking that a sort or header spoofing is behind this.

Seems a "perfect storm"; SC email is catching up, or trying to, same time as it's spewing spam!

Might not be you. but better safe than sorry don't hurt to change passwords and scan. For windows spybot is preety good and free for home use

http://www.senderbase.org/senderbase_queri...=216.154.195.49

The volume (send change) is now down from over 2000% increase to 720% at present

A good freeware "Gadget" for windows desktop to monitor upload download speeds is here

http://addgadgets.com/network_meter/

[SpamCopAdmin]

5.1.0 - Unknown address error 550-'5.7.0 Blocked - see https://support.proofpoint.com/dnsbl-lookup...216.154.195.49:

If you could send me a complete copy of that delivery failure notice, I would appreciate it very much.

Please use the PM feature of this forum.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

[ken]

5.1.0 - Unknown address error 550-'5.7.0 Blocked - see https://support.proofpoint.com/dnsbl-lookup...216.154.195.49:

If you could send me a complete copy of that delivery failure notice, I would appreciate it very much.

Please use the PM feature of this forum.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

I'm getting the same problem. I have already changed my password, and am reasonably confident that the mail is *not* originating from me.

If you would like a copy of the mail, I'm more than happy to pass an example on.

Ken

[petzl]

I'm getting the same problem. I have already changed my password, and am reasonably confident that the mail is *not* originating from me.

If you would like a copy of the mail, I'm more than happy to pass an example on.

Ken

Do it please (takes maybe 20 hours for Don to get it by the mail I'm now getting

[email_support]

Hello, thank you for your reply.

I have changed the Spamcop webmail password and have run a full scan (no virus nor spyware detected, however).

Today I have received another fifteen or sixteen more of these notifications. As I have seen that other member have posted about this same issue I'm thinking that a sort or header spoofing is behind this.

Please write to me at support [at] cesmail.net and include a couple of copy/pastes of the complete bounce message including all headers and the text. TY

[Javier]

5.1.0 - Unknown address error 550-'5.7.0 Blocked - see https://support.proofpoint.com/dnsbl-lookup...216.154.195.49:

If you could send me a complete copy of that delivery failure notice, I would appreciate it very much.

Please use the PM feature of this forum.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

Hello Don.

I have PM'ed you two of these emails. If you need some more, please let me know.

The delivery failure notices from Yahoo have more details, as they include part of the "original" message. I'm not an expert, but looking at them I would bet that an spammer have spoofed (or get a foot into) the SpamCop mail server.

Regards,

Javier.-

[SpamCopAdmin]

Please send the information to support [at] cesmail.net as they requested.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -