Jump to content
Sign in to follow this  
cissp

Fake/Forged Failed Mail Notices?

Recommended Posts

Over the past week, I've noticed a handful of emails, purporting to be message delivery notice failures, with my Spamcop email address, but another display name. Some appear to be from Yahoo. The rejecting entity on the latest one is from, "MAILER-DAEMON[at]mail1002.opentransfer.com. Is this just another scam of some sort, or is it possible my Spamcop account has been hijacked? Thanks.

Share this post


Link to post
Share on other sites

Over the past week, I've noticed a handful of emails, purporting to be message delivery notice failures, with my Spamcop email address, but another display name. Some appear to be from Yahoo. The rejecting entity on the latest one is from, "MAILER-DAEMON[at]mail1002.opentransfer.com. Is this just another scam of some sort, or is it possible my Spamcop account has been hijacked? Thanks.

FOLLOW-UP: I did a query on the return email address (MAILER-DAEMON[at]mail1002.opentransfer.com} and it doesn't exist. The opentransfer.com domain name exists, of course, so it just looks like a forged address. At this point I'm trying to figure out the payload or benefit for the spammer/phisher, using a fake failed message note.

Share this post


Link to post
Share on other sites

Over the past week, I've noticed a handful of emails, purporting to be message delivery notice failures, with my Spamcop email address, but another display name. Some appear to be from Yahoo. The rejecting entity on the latest one is from, "MAILER-DAEMON[at]mail1002.opentransfer.com. Is this just another scam of some sort, or is it possible my Spamcop account has been hijacked? Thanks.

Change your password for statrers (get a password saver is best for really secure passwords)

Not seeing the headers and not knowing what filters you have set?

Share this post


Link to post
Share on other sites

Probably a spammer is simply forging your email address as the "From" address on his spam.

The bounces are being sent "delayed." Instead of refusing mail during the SMTP conversation like it's supposed to, the receiving server is accepting mail with forged headers and then later sending a bounce to what it thinks is the sender, but is in reality a forged return address.

Delivery failure notices should be sent by the sending server that failed to deliver the message, not by the receiving server that rejected it.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×