mfluter Posted December 1, 2004 Share Posted December 1, 2004 Good morning, I'm new to this, although I have been receiving spam mail ever since the beginning of times. I purchased a webaddress, and now it seems someone is 'stealing' my e-mail to send viruses. This morning alone I received 40 'undeliverable' returns in my mailbox. So my questions are: 1. can I do something to avoid this? 2. at first I thought it was welcomepartners.it spamming people, but it seems that they are actually the ones that have been spammed, is this correct? (all 40 went to addresses finishing in welcomepartners.it). 3. Where in the header (bellow) can I find out who to report? I am info[at]mwillis.net that gets forwarded to mfluter[at]email.it and mfluter[at]hotmail.com. Thanks in advance, Michelle ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Return-Path: <> X-Original-To: mfluter[at]email.it Delivered-To: mfluter[at]email.it Received: from smtp01-02.prod.mesa1.secureserver.net (smtp01-02.prod.mesa1.secureserver.net [64.202.189.4]) by smtp-in3.email.it (Email.it) with ESMTP id B44875BA51 for <mfluter[at]email.it>; Tue, 30 Nov 2004 20:17:52 +0100 (CET) Received: (qmail 26853 invoked by uid 1000); 30 Nov 2004 19:17:51 -0000 Delivered-To: info[at]mwillis.net Precedence: bulk Received: (qmail 26849 invoked from network); 30 Nov 2004 19:17:51 -0000 Received: from pre-smtp02-02.prod.mesa1.secureserver.net ([64.202.166.26]) (envelope-sender <>) by smtp01-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP for <info[at]mwillis.net>; 30 Nov 2004 19:17:51 -0000 Received: (qmail 1475 invoked from network); 30 Nov 2004 19:17:51 -0000 Received: from host195-94.pool21757.interbusiness.it (HELO x3302.srvfarm.wtg) ([217.57.94.195]) (envelope-sender <>) by pre-smtp02-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP for <info[at]mwillis.net>; 30 Nov 2004 19:17:51 -0000 From: Postmaster[at]welcomepartners.it To: info[at]mwillis.net Date: Tue, 30 Nov 2004 18:43:03 GMT Importance: Normal X-Priority: 3 (Normal) X-MSMail-Priority: Normal Message-ID: <8dda4dc9d5ada50fbe03[at]welcomepartners.it> MIME-Version: 1.0 X-MIMETrack: Itemize by SMTP Server on Domino2/Fabretto(Release 6.0.3|September 26, 2003) at 30/11/2004 20.21.46, Serialize by Router on Domino2/Fabretto(Release 6.0.3|September 26, 2003) at 30/11/2004 20.21.58, Serialize complete at 30/11/2004 20.21.58 X-TM-AS-Product-Ver: <SMD>-<3.0.0.1280>-<1.25.1015>-<13057> X-TM-AS-Result: <No>-<0.400>-<7.0>-<99000> Subject: DELIVERY FAILURE: User bassguitarrock (bassguitarrock[at]welcomepartners.it) not listed in Domino Directory Content-Type: multipart/report; report-type=delivery-status; boundary="==IFJRGLKFGIR51737UHRUHIHD" Link to comment Share on other sites More sharing options...
Derek T Posted December 1, 2004 Share Posted December 1, 2004 Good morning, I'm new to this, although I have been receiving spam mail ever since the beginning of times. Good Morning, Which part of 'Please read this before posting' did you not understand? http://forum.spamcop.net/forums/index.php?showtopic=203 Link to comment Share on other sites More sharing options...
Guest art101 Posted December 1, 2004 Share Posted December 1, 2004 Hi mfluter... Yeah, you probably join the millions of domain owners who were 'spoofed' by a handful of nasty spam thugs who highjack the net to splatter their crap all over the world. See this related thread for more info: http://forum.spamcop.net/forums/index.php?showtopic=2987 I'm pretty busy these days, but feel free to drop me a line if I can help you sort it all out. If you have the free QuickTime player, you can watch a related video at: http://www.art101.com/video/nospam.html Best wishes and good luck. Link to comment Share on other sites More sharing options...
Jeff G. Posted December 2, 2004 Share Posted December 2, 2004 Did the welcomepartners.it mailserver (mail.welcomepartners.it at IP Address 217.57.94.195 calling itself x3302.srvfarm.wtg with reverse dns host195-94.pool21757.interbusiness.it) return details on the emails that bounced, like full headers and body? If so, you can use the SpamCop Parser to help you compose your Manual Reports. On a separate note, IMHO crisp pictures are better received that blurry pictures. Link to comment Share on other sites More sharing options...
mfluter Posted December 3, 2004 Author Share Posted December 3, 2004 Good Morning, Which part of 'Please read this before posting' did you not understand? 20765[/snapback] Dear Derek T, Well, excuse me for existing. Yes, I did look at the FAQs; no, I didn't find the words 'spoof' of 'spoofed' in a search. Yes, I did a forum search; no, nothing came up that was useful. And no, I didn't have time to read the thousands of posts of this web-forum before posting. Especially a post from February 2004. Please forgive my ignorant self, and please ignore my stupid person for the rest of our days. Thank you and have a nice life, Michelle. P.S. that was the first flame post I have ever received in my life, so I guess I'll remember you forever. M Link to comment Share on other sites More sharing options...
mfluter Posted December 3, 2004 Author Share Posted December 3, 2004 Best wishes and good luck. 20766[/snapback] Art101, Thank you so much for your kind response. I also want to ask forgiveness for my last post. I guess I wasn't ready for a flame at this time of the morning. My day is about to start in five minutes, so I'll have to read the links (and hear the video) that you posted later on, but in the meantime, THANK YOU! Michelle JeffG, I looked at the 40 e-mails I got, and none of them actually contain the original spam (sent to them and bounced back to me). Apparently it was a virus, detected by their ScanMail. It didn't show full headers, just this: ~~~ Reporting-MTA: dns;x3302.srvfarm.wtg Final-Recipient: rfc822;elenast[at]welcomepartners.it Action: failed Status: 5.1.1 Diagnostic-Code: X-Notes; User elenast (elenast[at]welcomepartners.it) not listed in Domino Directory ~~~ I'll have to read better the thread that Art101 sent me, and learn how to deal with these. Thank you again, and have a nice day, Michelle Link to comment Share on other sites More sharing options...
Wazoo Posted December 3, 2004 Share Posted December 3, 2004 Yes, I did look at the FAQs; no, I didn't find the words 'spoof' of 'spoofed' in a search. Yes, I did a forum search; no, nothing came up that was useful. Partially due to the fact that most everyone else drops in complaining about the "Bounces" .... that word and "forged" would have brought up results, even some FAQ stuff. And no, I didn't have time to read the thousands of posts of this web-forum before posting. Usually the Topic titles make things a bit self-evident, so I'm not sure why you are responding so .... The reverse of your comment points to the thousands of posts ruled out of needing to be read as the Topic has nothing to do with spoofing, forgery, or bounces ...??? Moved to the Lounge area as this has nothing to do with Reporting, high-lighted even more by defining the e-mails not containing the contents of the origianl e-mails that caused the bounces. Link to comment Share on other sites More sharing options...
Guest art101 Posted December 3, 2004 Share Posted December 3, 2004 Art101, Thank you so much for your kind response. I also want to ask forgiveness for my last post. I guess I wasn't ready for a flame at this time of the morning. 20866[/snapback] I wouldn't worry about it too much, Michelle. I have a short fuse and I've been known to be a little testy around here myself from time to time. I'm trying to mend my ways. Anyway, as I said before, feel free to let me know if I can help, and do check out the related thread above for info on digging through the spew to find a sample bounced message that includes the original spam with full headers intact. It's a good way to begin tracking back to the real spammer. The only possible good news here is that the attack is probably tapering off a little on your end. Spammers who play at this game usually move on to fresh pastures fairly quickly. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.