augustd Posted November 19, 2004 Share Posted November 19, 2004 I just got the following spam that is designed to look like a bounce. When I reported it, SpamCop says: "This message looks like a bounce, will not report. Do not report bounces as spam! Message is old Nothing to do." I checked my SMTP server and it has no record of message ID# K135J73I0615D4BC. I have never sent any message to anyone [at]wanadoo.fr. I double checked and my computer is free of viruses and spyware that might have sent the "bounced" message. Is this a spam specifically designed to defeat SpamCop? ---------------------------------- This is the SMTP Server program at host wanadoo.fr. I'm sorry to have to inform you that your message could not be be delivered to one or more recipients. It's attached below. For further assistance, please send mail to <postmaster> If you do so, please include this problem report. You can delete your own text from the attached returned message. The SMTP Server program <psykotek[at]wanadoo.fr>: host 172.22.170.69[172.22.170.69] said: 552 5.2.2 Over quota (in reply to RCPT TO command) Reporting-MTA: dns; wanadoo.fr X-SMTP-Server-Queue-ID: E49D310001DA X-SMTP-Server-Sender: rfc822; me[at]mycompany.com Arrival-Date: Fri, 19 Nov 2004 16:33:40 +0100 (CET) Final-Recipient: rfc822; psykotek[at]wanadoo.fr Action: failed Status: 5.0.0 Diagnostic-Code: X-SMTP-Server; host 172.22.170.69[172.22.170.69] said: 552 5.2.2 Over quota (in reply to RCPT TO command) Subject: Adware Warning Psykotek From: me <me[at]mycompany.com> Date: Thu, 18 Nov 2004 22:42:03 +0000 To: Psykotek <psykotek[at]wanadoo.fr> Received: from me-wanadoo.net (localhost [127.0.0.1]) by mwinf0804.wanadoo.fr (SMTP Server) with SMTP id E49D310001DA for <psykotek[at]wanadoo.fr>; Fri, 19 Nov 2004 16:33:40 +0100 (CET) Received: from compuserve.com (unknown [195.68.95.78]) by mwinf0804.wanadoo.fr (SMTP Server) with SMTP id D974C1000129 for <psykotek[at]wanadoo.fr>; Fri, 19 Nov 2004 16:33:39 +0100 (CET) References: <0AG67383I8HC9502[at]wanadoo.fr> In-Reply-To: <0AG67383I8HC9502[at]wanadoo.fr> Message-ID: <K135J73I0615D4BC[at]mycompany.com> Reply-To: Bangsi <bangsi[at]spray.se> MIME-Version: 1.0 Content-Type: text/html; charset=Windows-1251 Content-Transfer-Encoding: 8bit System scanner WARNING! Your computer could be sending private information about you! Spyware is the number 1 problem on the internet today. Has your computer and privacy been compromised? Scan for FREE to find out HREF: http://www.itlud.freepcspywareware.info/?id=balas IMG: http://www.freepcspywareware.info/m1.gif 95% of personal and business computers are infected Spyware can hijack your computer, change your settings, send passwords and credit card numbers to thieves Don't be a victim, protect yourself with our software... Psykotek Link to comment Share on other sites More sharing options...
turetzsr Posted November 19, 2004 Share Posted November 19, 2004 Hi, augustd! I just got the following spam that is designed to look like a bounce. When I reported it, SpamCop says: "This message looks like a bounce, will not report. Do not report bounces as spam! Message is old Nothing to do." I checked my SMTP server and it has no record of message ID# K135J73I0615D4BC. I have never sent any message to anyone [at]wanadoo.fr. I double checked and my computer is free of viruses and spyware that might have sent the "bounced" message. 20308[/snapback] ...Alas, the SpamCop parser doesn't care. It has determined that this is a bounce message -- the fact that it's not a bounce of a message you actually sent doesn't matter. My guess would be that your e-mail address was forged to be the "From:" or "Reply-to" address and the server that bounced it was unmannerly and bounced it to you, an innocent victim. I believe you would be justified in sending a polite letter to the admin of that host to ask that (s)he cease that practice and issue an SMTP reject, instead. Is this a spam specifically designed to defeat SpamCop? <snip> 20308[/snapback] ...That's a possibility. If no one here can answer that (and they may need a TRACKING URL to analyze the SpamCop parse), you might send off a note to the SpamCop deputies at e-mail address deputies <at> spamcop <dot> net. Link to comment Share on other sites More sharing options...
Wazoo Posted November 19, 2004 Share Posted November 19, 2004 Forging of "your" e-mail address into the From:, Reply-To:. etc. lines is an unfortunate common practice these days. Spammers taking advantage of a system originally written when everyone was trusted. I started messing with what you presented, but the line wrap issues, your munging of data, and various other issues took all the fun out of that. The FAQ her has a bit of an entry on "why am I getting all these Bounces" ... and there are many other Topics already existing on this specific issue alone. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.