Jump to content

Own Domain being show as spam originator


lansbury

Recommended Posts

I reported spam automatically forwarded to my spamcop email address, which had come via an address on my domain uk-air.net. My hosting service HostDime then received notification from you that I was the originator of the spam, with the normal requirement for them to follow this up.

They trace the email back to an IP address in China, and are quite clear the email did not originate from me. However they are very concerned that their servers appear to Spamcop to be the originators of spam.

The message they received is copied below. Have I done something wrong when I quick reported the spam or is there another reason why I seem to be reporting myself.

----- Original Message -----

From: "Lansbury" <1386202426[at]reports.spamcop.net>

To: <abuse[at]hostdime.com>

Sent: Monday, March 21, 2005 12:00 PM

Subject: [spamCop (72.29.73.139) id:1386202426]Make Your Bed a "Bed-er" SEX

Place to Sleep

| [ SpamCop V1.417 ]

| This message is brief for your comfort. Please use links below for

details.

|

| Email from 72.29.73.139 / 21 Mar 2005 17:00:16 -0000

| http://www.spamcop.net/w3m?i=z1386202426zc...c955d081bb7d78z

|

| [ Offending message ]

| Return-Path: <TimothyE[at]menareidiots.com>

| Delivered-To: x

| Received: (qmail 27095 invoked from network); 21 Mar 2005 17:00:16 -0000

| Received: from unknown (192.168.1.103)

| by blade2.cesmail.net with QMQP; 21 Mar 2005 17:00:16 -0000

| Received: from dime66.dizinc.com (72.29.73.139)

| by mailgate2.cesmail.net with SMTP; 21 Mar 2005 17:00:16 -0000

| Received: from [218.39.208.183] (helo=66.195.18.225)

| by dime66.dizinc.com with smtp (Exim 4.43)

| id 1DDQGG-0003mb-2P

| for x; Mon, 21 Mar 2005 12:00:17 -0500

| Received: from smtp-vet.hoagie.TimothyE[at]menareidiots.com

([218.39.208.183]) by e56-bl98.TimothyE[at]menareidiots.com with Microsoft

SMTPSVC(5.0.8228.9633);

| Mon, 21 Mar 2005 22:52:13 +0600Message-ID:

<KXKKRFZLLIQXJNMDFDLBSBZM[at]city-of-westminster.net>

| From: "Milagros Byrd" <MilagrosM_Byrd[at]city-of-westminster.net>

| Reply-To: "Milagros Byrd" <MilagrosM_Byrd[at]city-of-westminster.net>

| To: x

| Subject: Make Your Bed a "Bed-er" SEX Place to Sleep

| Date: Mon, 21 Mar 2005 12:00:13 -0500

| Organization: mistressmanageable ltd.

| X-Mailer: X-Mailer: Produced by Milagros m. 6.6 from Delbert Norman M9

| MIME-Version: 1.0

| Content-Type: multipart/alternative;

| boundary="--8incarcerate)77afghan\2clinton(81antique;"

| X-Priority: 3

| X-MSMail-Priority: Normal

| X-AntiAbuse: This header was added to track abuse, please include it with

any abuse report

| X-AntiAbuse: Primary Hostname - dime66.dizinc.com

| X-AntiAbuse: Original Domain - uk-air.net

| X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]

| X-AntiAbuse: Sender Address Domain - menareidiots.com

| X-Source:

| X-Source-Args:

| X-Source-Dir:

| X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on

blade2.cesmail.net

| X-spam-Level: *********

| X-spam-Status: hits=9.1 tests=INFO_TLD,MISSING_MIMEOLE,RATWARE_RCVD_AT,

| RCVD_HELO_IP_MISMATCH,RCVD_NUMERIC_HELO,SUBJ_ILLEGAL_CHARS,

| URIBL_OB_SURBL,URIBL_SBL version=3.0.0

| X-SpamCop-Checked: 192.168.1.103 72.29.73.139 218.39.208.183

| X-SpamCop-Disposition: Blocked bl.spamcop.net

|

| ----8incarcerate)77afghan\2clinton(81antique;

| Content-Type: text/plain;

| Content-Transfer-Encoding: quoted-printable

|

| Have you ever been stuck with outrageous prescription prices, or long

line=

| s at the pharmacy?

|

| What if I told you that you could get your prescription mailed to your

doo=

| r hassle free?

|

| This site:

| http://appointee.owndoctor24.info/?bchkajxwvrsyfimzctdegl

|

|

| r+emove!

|

| http://mannequin.owndoctor24.info/?aeimcghkxydjzbfl

|

| ----8incarcerate)77afghan\2clinton(81antique;--

|

|

|

Link to comment
Share on other sites

I reported spam automatically forwarded to my spamcop email address, which had come via an address on my domain uk-air.net. My hosting service HostDime then received notification from you that I was the originator of the spam, with the normal requirement for them to follow this up.

They trace the email back to an IP address in China, and are quite clear the email did not originate from me. However they are very concerned that their servers appear to Spamcop to be the originators of spam.

The message they received is copied below. Have I done something wrong when I quick reported the spam or is there another reason why I seem to be reporting myself.

I have 2 questions to start with.

1) Did you check where the reports were going before you sent them?

2) Do you have mailhosts configured for all paths you receive email through, but specifically this uk-air.net account?

Link to comment
Share on other sites

There are multiple issues here:

  • You are not using Mailhosts. You can fix this yourself by running Mailhosts.
  • Exim 4.43 running on your ISP's mailserver dime66.dizinc.com is not recording the source of the message in a way consistent enough with what the Parser's programming is used to. This appears to require an email to the Deputies via deputies<at>spamcop.net.
  • You are Quick Reporting without making sure that doing so will not get you into trouble (for all email addresses whose spam you Quick Report). You should be more careful.
  • You should apologize to your ISP and to the Deputies for reporting your own ISP.

Link to comment
Share on other sites

...Suggestion, guys (which you should feel perfectly free to ignore, if you wish): a lot of time and effort has gone into the FAQ. Rather than rehash the same information in different form, you might consider pointing folks like the OP to the FAQ. ty! :) <g>

Link to comment
Share on other sites

...Suggestion, guys (which you should feel perfectly free to ignore, if you wish): a lot of time and effort has gone into the FAQ.  Rather than rehash the same information in different form, you might consider pointing folks like the OP to the FAQ.  ty!  :) <g>

It al depends on what kind of time I have to search the FAQ for the answer and post those directions. When I have the time, I do, but sometimes it is quicker just to go by memory.

Link to comment
Share on other sites

I have 2 questions to start with.

1) Did you check where the reports were going before you sent them?

2) Do you have mailhosts configured for all paths you receive email through, but specifically this uk-air.net account?

1) Yes I did and didn't see any problem, but I may well have missed it.

2) No becasue when I tried I got error reports about the path and not having other address reported as mailhost. These address where in the list and as far as I could tell only the confirm message sent by spamcop was going through them. The spam was getting stopped as Spamcop.

Link to comment
Share on other sites

2) Do you have mailhosts configured for all paths you receive email through, but specifically this uk-air.net account?

Thanks that made me look again and I realised one of the mailhosts had been mistyped. When corrected in enabled me to configure the others.

Link to comment
Share on other sites

I am glad that you got this fixed. Once you have configured your mailhosts properly, it becomes much harder to falsely report yourself accidentally.

However, I recommend that you always check carefully where reports are being sent. Some spammers recently included URLs formed from the recipient's email address in their messages, e.g., joe[at]example.com gets an email containing a link to http://www.example.com. SpamCop wants to report these as spamvertized websites (unless you do quick reporting). You should make sure that you uncheck these (and any other innocent bystanders) before you send the report.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...