Jump to content

Fake/Forged Failed Mail Notices?


cissp
 Share

Recommended Posts

Over the past week, I've noticed a handful of emails, purporting to be message delivery notice failures, with my Spamcop email address, but another display name. Some appear to be from Yahoo. The rejecting entity on the latest one is from, "MAILER-DAEMON[at]mail1002.opentransfer.com. Is this just another scam of some sort, or is it possible my Spamcop account has been hijacked? Thanks.

Link to comment
Share on other sites

Over the past week, I've noticed a handful of emails, purporting to be message delivery notice failures, with my Spamcop email address, but another display name. Some appear to be from Yahoo. The rejecting entity on the latest one is from, "MAILER-DAEMON[at]mail1002.opentransfer.com. Is this just another scam of some sort, or is it possible my Spamcop account has been hijacked? Thanks.

FOLLOW-UP: I did a query on the return email address (MAILER-DAEMON[at]mail1002.opentransfer.com} and it doesn't exist. The opentransfer.com domain name exists, of course, so it just looks like a forged address. At this point I'm trying to figure out the payload or benefit for the spammer/phisher, using a fake failed message note.

Link to comment
Share on other sites

Over the past week, I've noticed a handful of emails, purporting to be message delivery notice failures, with my Spamcop email address, but another display name. Some appear to be from Yahoo. The rejecting entity on the latest one is from, "MAILER-DAEMON[at]mail1002.opentransfer.com. Is this just another scam of some sort, or is it possible my Spamcop account has been hijacked? Thanks.

Change your password for statrers (get a password saver is best for really secure passwords)

Not seeing the headers and not knowing what filters you have set?

Link to comment
Share on other sites

Probably a spammer is simply forging your email address as the "From" address on his spam.

The bounces are being sent "delayed." Instead of refusing mail during the SMTP conversation like it's supposed to, the receiving server is accepting mail with forged headers and then later sending a bounce to what it thinks is the sender, but is in reality a forged return address.

Delivery failure notices should be sent by the sending server that failed to deliver the message, not by the receiving server that rejected it.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...