cissp Posted October 19, 2013 Share Posted October 19, 2013 Over the past week, I've noticed a handful of emails, purporting to be message delivery notice failures, with my Spamcop email address, but another display name. Some appear to be from Yahoo. The rejecting entity on the latest one is from, "MAILER-DAEMON[at]mail1002.opentransfer.com. Is this just another scam of some sort, or is it possible my Spamcop account has been hijacked? Thanks. Link to comment Share on other sites More sharing options...
cissp Posted October 19, 2013 Author Share Posted October 19, 2013 Over the past week, I've noticed a handful of emails, purporting to be message delivery notice failures, with my Spamcop email address, but another display name. Some appear to be from Yahoo. The rejecting entity on the latest one is from, "MAILER-DAEMON[at]mail1002.opentransfer.com. Is this just another scam of some sort, or is it possible my Spamcop account has been hijacked? Thanks. FOLLOW-UP: I did a query on the return email address (MAILER-DAEMON[at]mail1002.opentransfer.com} and it doesn't exist. The opentransfer.com domain name exists, of course, so it just looks like a forged address. At this point I'm trying to figure out the payload or benefit for the spammer/phisher, using a fake failed message note. Link to comment Share on other sites More sharing options...
petzl Posted October 20, 2013 Share Posted October 20, 2013 Over the past week, I've noticed a handful of emails, purporting to be message delivery notice failures, with my Spamcop email address, but another display name. Some appear to be from Yahoo. The rejecting entity on the latest one is from, "MAILER-DAEMON[at]mail1002.opentransfer.com. Is this just another scam of some sort, or is it possible my Spamcop account has been hijacked? Thanks. Change your password for statrers (get a password saver is best for really secure passwords) Not seeing the headers and not knowing what filters you have set? Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted October 20, 2013 Share Posted October 20, 2013 Probably a spammer is simply forging your email address as the "From" address on his spam. The bounces are being sent "delayed." Instead of refusing mail during the SMTP conversation like it's supposed to, the receiving server is accepting mail with forged headers and then later sending a bounce to what it thinks is the sender, but is in reality a forged return address. Delivery failure notices should be sent by the sending server that failed to deliver the message, not by the receiving server that rejected it. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net - Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.