RobertWilliams Posted May 24, 2005 Share Posted May 24, 2005 Here is a problem I'm hoping we can get resolved. I get roughly 500 bounce-backs each day from other companies that have received spam e-mail from people forging my domain in either the "From:" or "Return-Path:" header fields. I don't want to report the companies that are bouncing them back to me, because they are just as much a victim as I am here. But, I do want to report the original spammers, because it is obvious that the receiving system(s) are not reporting them. The bounce-backs (95% of the time) include all of the original header information from the spammers. However, when I copy just that information, I get an error from SpamCop stating: Supposed receiving system not associated with any of your mailhosts Your system will also report: No unique hostname found for source: 82.122.203.44 But when I look it up in the RIPE whois, I find a hostname. I guess the main problem here is that I cannot report it because the receiving system is not associated with any of my mailhosts. Is there a way that this can be resolved? I really should be able to report any spam associated with my domain regardless of whether I'm receiving it, or it is being sent in my name. Thanks RW Link to comment Share on other sites More sharing options...
Wazoo Posted May 24, 2005 Share Posted May 24, 2005 Your calling those other ISPs "victims" might have been somewhat acceptable even a year ago. Today, not true. If you want to handle it, try contacting thes folks and point them to the various FAQs here and elsewhere on the net about the problems today with (pick your word here, check the Glossary) blowback, misaddressed bounces, etc., etc., etc. The specific issue is whether it's cluelessness, ancient software, or just bad configuration ... take a look at some Topics opened up just today in the Blocking List Forum from "one of those ISPS" .... Yes, you will run into problems reporting someone else's spam (which is the way the parser sees it after your MailHost configuration) the no-host issue is offered with no context .. Tracking URL is needed if you want to talk to this issue .. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted May 24, 2005 Share Posted May 24, 2005 I really should be able to report any spam associated with my domain regardless of whether I'm receiving it, or it is being sent in my name. 28481[/snapback] Actually, per the rules you agreed to obey for usingthe reporting site, you are NOT allowed to report the spams within other messages: spam within other messages If you receive a message (perhaps a bounce) which contains spam, you should not report the spam contained within the message, even if it includes what appear to be the full original headers. This is someone else's spam, not yours. It is expected that you can verify that the headers of reported mail are accurate, something you can't do for mail received on a network you are not familiar with. The bounce messages, as long as you did not send the original, are reportable, as most admins should know by now that sending any message to the possible forged From in a message is not a good thing. Perhaps you should brush up on the current rules for reporting in the FAQ (a link can also be found in the Forum FAQ at the top of this page): http://www.spamcop.net/fom-serve/cache/14.html Link to comment Share on other sites More sharing options...
RobertWilliams Posted May 24, 2005 Author Share Posted May 24, 2005 Ok then, I guess I'll spend the time and track down the admins of the systems that are bouncing the mails back to me. I can understand not reporting SPAMS inside of SPAMS, but when someone is forging my domain, I should be able to do something about that. I understand though, not your problem. As for this: as most admins should know by now that sending any message to the possible forged From in a message is not a good thing. Auto-reponders have no clue what a forged "From" field looks like, all they know is that this is the person that sent the message. The person that can write a program that will tell a computer what a forged "From" field looks like, should win the Nobel Peace Prize. I have turned my auto-responders off completely, because all it ever does is clogs my queue up. But there have got to be thousands, if not 10s of thousands, of IT managers, administrators, whatever you want to call them, that don't. Sure, they should be a little more knowledgeable about their system, but that doesn't mean they should be reported as spammers. On the other hand, if I were to just report them, then they would almost be forced to fix their system. That is, IF they care. Anyways, Thanks for the help RW Link to comment Share on other sites More sharing options...
Wazoo Posted May 24, 2005 Share Posted May 24, 2005 You're getting to the arguement of SMTP rejection at the time of processing vice the "accept then eventually get around to bouncing" problem. This is the subject of much debate in many venues, folks pointing to the RFCs, others pointing out the 'vintage' of the RFCs being pointed at, the efforts on-going in developing 'new' RFCs to cover "today's" internet / spammer infestation ... and of course, not to forget that the spammers are still coming up with new ways to screw over the 'developed in a world of trust' Internet .... Link to comment Share on other sites More sharing options...
StevenUnderwood Posted May 24, 2005 Share Posted May 24, 2005 Auto-reponders have no clue what a forged "From" field looks like, all they know is that this is the person that sent the message. The person that can write a program that will tell a computer what a forged "From" field looks like, should win the Nobel Peace Prize. I have turned my auto-responders off completely, because all it ever does is clogs my queue up. But there have got to be thousands, if not 10s of thousands, of IT managers, administrators, whatever you want to call them, that don't. Sure, they should be a little more knowledgeable about their system, but that doesn't mean they should be reported as spammers. 28495[/snapback] But the admins that allow the auto-responders to run know (or should know) that the majority of email messages now (since spam is making up better than 80% of the messages out there by some accounts, including my own numbers) have forged headers. Some people learn this the way you did with the queues filling up with dead messages. Other because of all the bounces they receive. I believe it is currently a much smaller percentage of sites that allow these types of messages to leave their servers than you seem to indicate. I get very few auto-responders any longer and my users report probably less than 1 per week now (though that is partially educating them what is happening). Link to comment Share on other sites More sharing options...
RobertWilliams Posted May 25, 2005 Author Share Posted May 25, 2005 Wazoo, Steven, thank you both for your help. Steven, I guess there is only one thing left to do then.....EDUCATE....If I had known about SBLs and RBLs a long time ago, I could have done something about it then. I stumbled upon it one day in my quest to stop the spam from hitting my office. Imagine all the people out there that still have no idea. Can I (legally) send a SpamCop link to the people I'm getting bounced messages back from, or would that too be considered spam? Thanks again, RW Link to comment Share on other sites More sharing options...
Jeff G. Posted May 25, 2005 Share Posted May 25, 2005 Can I (legally) send a SpamCop link to the people I'm getting bounced messages back from, or would that too be considered spam?28509[/snapback] You probably can, but you should ask your ISP just to be safe. Link to comment Share on other sites More sharing options...
Miss Betsy Posted May 25, 2005 Share Posted May 25, 2005 Wazoo, Steven, thank you both for your help. Steven, I guess there is only one thing left to do then.....EDUCATE....If I had known about SBLs and RBLs a long time ago, I could have done something about it then. I stumbled upon it one day in my quest to stop the spam from hitting my office. Imagine all the people out there that still have no idea. Can I (legally) send a SpamCop link to the people I'm getting bounced messages back from, or would that too be considered spam? 28509[/snapback] If you 'manually' make a report to them, you certainly could phrase your report to include 'education' and include spamcop as where you learned your knowledge or as a reference. Miss Betsy Link to comment Share on other sites More sharing options...
RobertWilliams Posted May 25, 2005 Author Share Posted May 25, 2005 Why thank you Miss Betsy, I will definitely take that into consideration. RW Link to comment Share on other sites More sharing options...
knol Posted September 1, 2005 Share Posted September 1, 2005 Hi all, never tought I would need something like spamcop. Well, about my problem. Someone is using my website adres as the sender. Not fisicly, but as if they are coming form my site/server. Over the last few days I got about 2000 bouncing mails in my inbox. I use googlemail for the autoredirect, so most mails are directly put in the spambox. I am from holland, never had anything like this before. (lucky me?) Anyway, now I do get them and going nuts. I hope someone is able to help me out here. I'm a nOOb about these things. Reported the abuse at my server provider, they said nothing... Below I'll put the source of the email, I hope sombody can tell me what I should do! I am not understanding all the techtalk and had no idear what to search for, so please forgive me if I am posting in the wrong forums... Please remember, this is a bouncemail which I received from an other server's mail. X-Gmail-Received: 397877d0102011bbc19958a09d593415041e8f6b Delivered-To: knolsurft[at]gmail.com Received: by 10.70.19.14 with SMTP id 14cs42623wxs;     Thu, 1 Sep 2005 09:14:41 -0700 (PDT) Received: by 10.54.56.56 with SMTP id e56mr1735945wra;     Thu, 01 Sep 2005 09:14:40 -0700 (PDT) Return-Path: <> Received: from mail.pcextreme.nl (mail.pcextreme.nl [85.92.129.33])     by mx.gmail.com with ESMTP id 35si805966wra.2005.09.01.09.14.40;     Thu, 01 Sep 2005 09:14:40 -0700 (PDT) Received-SPF: pass (gmail.com: domain of  designates 85.92.129.33 as permitted sender) Received: (qmail 12019 invoked by uid 89); 1 Sep 2005 17:47:59 +0200 Message-ID: <20050901154759.12018.qmail[at]mail.pcextreme.nl> Delivered-To: xuanu[at]knol-surft.nl Received: (qmail 12008 invoked from network); 1 Sep 2005 17:47:59 +0200 Received: from mailer1.kmc-usa.com (12.9.192.45)  by mail.pcextreme.nl with SMTP; 1 Sep 2005 17:47:59 +0200 Received: From: <> To: <xuanu[at]knol-surft.nl> Date: Thu, 01 Sep 2005 09:00:59 -0800 Subject: b8 Nobody knows X-Mailer: SurfControl E-mail Filter MIME-Version: 1.0 Content-Type: multipart/report;  report-type=delivery-status;boundary="--=_NextPart_ST_09_00_59_Thursday_September_01_2005_19991" ----=_NextPart_ST_09_00_59_Thursday_September_01_2005_19991 Content-Type: text/plain; Your message could not be sent. A transcript of the attempts to send the message follows. The number of attempts made: 1 Addressed To: duvall[at]kmc-usa.com Thu, 01 Sep 2005 09:00:59 -0700 Failed to send to identified host, duvall[at]kmc-usa.com: [12.9.192.46], 550 duvall[at]kmc-usa.com... No such user --- Message non-deliverable. ----=_NextPart_ST_09_00_59_Thursday_September_01_2005_19991 Content-Type: message/delivery-status; Action: failed Final-Recipient: rfc822;duvall[at]kmc-usa.com Diagnostic-Code: smtp; 550 duvall[at]kmc-usa.com... No such user Status: 5.0.0 ----=_NextPart_ST_09_00_59_Thursday_September_01_2005_19991 Content-Type: message/rfc822; Received: from Unknown [24.173.140.106] by mailer1.kmc-usa.com - SurfControl E-mail Filter (5.0); Thu, 01 Sep 2005 09:00:59 -0700 Received: from [192.168.2.53] (helo=chaste) by knol-surft.nl with smtp (Resentful ra 4.55 (Woeful)) id YfHtLY-rvkEOv-Ny for duvall[at]kmc-usa.com; Thu, 1 Sep 2005 10:47:18 -0500 Message-ID: <005301c5af0c$6cd08380$3502a8c0[at]chaste> Reply-To: "Xuan Woolsey" <xuanu[at]knol-surft.nl> From: "Xuan Woolsey" <xuanu[at]knol-surft.nl> To: "Ajith Lentini" <duvall[at]kmc-usa.com> Subject: b8 Nobody knows Date: Thu, 1 Sep 2005 10:47:15 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--=_NextPart_ST_09_00_59_Thursday_September_01_2005_12035" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 This is a multi-part message in MIME format. ----=_NextPart_ST_09_00_59_Thursday_September_01_2005_12035 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable He has been watching yous=3F struggle these last seven years. Understa= nd thi=0D=0A ----=_NextPart_ST_09_00_59_Thursday_September_01_2005_12035 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">=0D=0A<HTML><= HEAD>=0D=0A<META http-equiv=3DContent-Type content=3D"text/html; charset=3D= us-ascii">=0D=0A<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>=0D= =0A<STYLE></STYLE>=0D=0A</HEAD>=0D=0A<BODY bgColor=3D#ffffff>=0D=0A<DIV>&nb= sp;</DIV>=0D=0A<DIV><FONT face=3DArial>=0D=0A<TABLE cellSpacing=3D0 cellPad= ding=3D0 border=3D0>=0D=0A  <TR vAlign=3Dbottom>=0D=0A   <TD rowSpan=3D2>H= e has been watching you</TD>=0D=0A   <TD></TD>=0D=0A   <TD rowSpan=3D2>s=3F= </TD>=0D=0A   <TD></TD>=0D=0A  </TR>=0D=0A  <TR>=0D=0A   <TD> strugg= le these last seven years. Understand thi</TD></TR></TABLE></FONT></DIV></F= ONT></DIV><DIV> </DIV>=0D=0A<DIV><FONT face=3DArial><A href=3D"http://= long-sword.com/redirect.php=3Faction=3Durl&goto=3Dlong-sword.com/redirect.p= hp%3faction=3Durl%26goto=3Dnextermest%252ecom">see  it.</A></FONT></DIV>=0D= =0A<DIV><FONT face=3DArial></FONT> </DIV></BODY></HTML>=0D=0A ----=_NextPart_ST_09_00_59_Thursday_September_01_2005_12035-- ----=_NextPart_ST_09_00_59_Thursday_September_01_2005_19991-- Link to comment Share on other sites More sharing options...
Wazoo Posted September 1, 2005 Share Posted September 1, 2005 knol's post mover/merged into this Topic/Discussion ... PM sent to advise. Future recommendation - please use a more descriptive Subject line. It is assumed that there is a "Problem" that drove one to start a new Topic in one of the Help Forums. And of course, there is much talk about the use of a Tracking URL instead of cluttering up these Forum posts with generally unusable (and almost always unwanted complete) spam postings. See the Glossary, linked to from the SpamCop FAQ, linked to at the top of every page, a Pinned entry in each forum section for data on the use of and obtaining a Tracking URL. Link to comment Share on other sites More sharing options...
knol Posted September 1, 2005 Share Posted September 1, 2005 Again, I'm sorry for any inconvenience. English is not my natural language and I find this forums and website very difficult. I understand there is actually nothing anyone can do to stop this? The ip addresses are forged and there is no way to obtain the offender, is that what I can aspect? I do understand the copied mail was to long for the forum. If I ever need to ask somteting again, I will try to only post mail headers or something. It's just, I'm getting very anoid by all those emails and was hoping for somekind of resenably easy way to get rid of all this. This evening, in just over 3 hours, almost 300 email bounce messages. Please understand my website provider also charges for email traffic. By the way, thnx for the pm. Link to comment Share on other sites More sharing options...
Wazoo Posted September 1, 2005 Share Posted September 1, 2005 Not 100% I'm following your setup .. so let's start with something 'easy' ... is xuanu actually a user / account? If not, then the general advice is to turn off the catch-all mode (accept all incoming e-mail) at that server. Limit actions to real / actual e-mail accounts on that system, reject the rest. Link to comment Share on other sites More sharing options...
knol Posted September 1, 2005 Share Posted September 1, 2005 This email is not one that exists. It's just fake. I will see if this at least stops al the mails from poring in my mailbox. But the problem still exists after I turn of this option ofcourse. All those people will get these emails from "my" server. I hope there will be some sorth of action against those type of... If the incoming bouncing emails stop I will let you all know... Aleady thanks for this advise! Link to comment Share on other sites More sharing options...
turetzsr Posted September 2, 2005 Share Posted September 2, 2005 <snip> But the problem still exists after I turn of this option ofcourse. All those people will get these emails from "my" server. I hope there will be some sorth of action against those type of... 32303[/snapback] ...You could use SpamCop's spam reporting capability to report them to the appropriate abuse desks. You could also manually send a complaint to legal authorities, such as your local, regional or national authorities as well as the legal authorities in the country of the owner of the source of the spam (if you can find any such authority that might be interested in pursuing the criminal spammers). Link to comment Share on other sites More sharing options...
knol Posted September 7, 2005 Share Posted September 7, 2005 It seems to work! Thnx again! Link to comment Share on other sites More sharing options...
walkupright Posted April 4, 2008 Share Posted April 4, 2008 I'm having the same issue. Over the last few days, I have been receiving 100's of bounce back messages that say my email could not be delivered. When I look at the message, I see that it is spam that was sent with my email address in the header. If I were to go through every header and try to contact the organization that sent the bounce back so that I could notify them and encourage them to change their settings to avoid sending me bounce backs, this task would take more time than I have. What options do I have now? My hosting company told me to get a new email address. Ha. Funny. I've been using this address for almost 10 years. It's on my business cards, web sites, etc. Changing an email address sounds like a ridiculous solution. So, what else can I do? Even deleting the 100's of messages every day is becoming a tedious task. Thanks, Link to comment Share on other sites More sharing options...
Wazoo Posted April 4, 2008 Share Posted April 4, 2008 If I were to go through every header and try to contact the organization that sent the bounce back so that I could notify them and encourage them to change their settings to avoid sending me bounce backs, this task would take more time than I have. What options do I have now? My hosting company told me to get a new email address. Ha. Funny. I've been using this address for almost 10 years. It's on my business cards, web sites, etc. Changing an email address sounds like a ridiculous solution. So, what else can I do? Even deleting the 100's of messages every day is becoming a tedious task. One can only surmize that you do not yet have a SpamCop.net Reporting Account. These are described in various FAQ entries as Misdirected Bounces and as such are reportable via the SpamCop.net Parsing & Reporting System. First and easiest suggestion other than riding out the storm .... sign up for a free Reporting Account at www.spamcop.net. Link to comment Share on other sites More sharing options...
agsteele Posted April 5, 2008 Share Posted April 5, 2008 First and easiest suggestion other than riding out the storm .... sign up for a free Reporting Account at www.spamcop.net. Wazoo's advice is always useful... But bear in mind that reporting misdirected bounces will not, itself, stop the problem you are experiencing. You also need to implement a spam blocking/filtering/rejection mechanism at your mail server or on your local machine. Andrew Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.