Jump to content

Recommended Posts

Posted

We are seeing that someone is sending a lots of spam using a mail address (from and reply-to) that belongs to us (we've being spoofed). They are all sent from the same mailserver, and the content is classic spam in a lot of different variants. We are not the recievers of these mails, but we get all the autoreply (as the reply-to is spoofed too). We mainly see autoreplys from 2 targeted domains, that obviously lacking in checking DMARC and SPF, that would have stopped the mails as the origin mail server isn't an approved sender in our spf records. The sender is quite aggressive as we have received about 38.000 mails of this kind the last 7 days. I have blacklisted the mailserver that is sending the spam, so it is solved in that perspective for now, but it is of course not good for us that someone is sending out a lot of spam in our name.

I have read the a bit here about how to report, but not sure if I can report this behavior? I don't have the original mails as they aren't targeted to me. It is not the spam itself i wish to report, but the MTA that is hammering out spam.

Any suggestions?

Thanks

Olof 

Posted

Did you read https://www.spamcop.net/fom-serve/cache/14.html? Scroll down to Messages which may be reported:

I understand your frustration. Every once in a while one of my domains cycle through the spammer's list of forged "FROM:" or "REPLY:"  Although the admin of the domain receiving the original spam must not have a clue about the difference between FROM: and the IP address of the real source, reporting their invalid bounce messages my get their attention.  If you are nice you could include a note in the spam Report explaining the difference.

Posted
12 hours ago, Olof said:

We are seeing that someone is sending a lots of spam using a mail address (from and reply-to) that belongs to us (we've being spoofed). They are all sent from the same mailserver, and the content is classic spam in a lot of different variants. We are not the recievers of these mails, but we get all the autoreply (as the reply-to is spoofed too). We mainly see autoreplys from 2 targeted domains, that obviously lacking in checking DMARC and SPF, that would have stopped the mails as the origin mail server isn't an approved sender in our spf records. The sender is quite aggressive as we have received about 38.000 mails of this kind the last 7 days. I have blacklisted the mailserver that is sending the spam, so it is solved in that perspective for now, but it is of course not good for us that someone is sending out a lot of spam in our name.

I have read the a bit here about how to report, but not sure if I can report this behavior? I don't have the original mails as they aren't targeted to me. It is not the spam itself i wish to report, but the MTA that is hammering out spam.

Any suggestions?

Thanks

Olof 

Report one to see what SpamCop makes of it, and submit
Before submitting, at top of report page is a tracking link, copy it and save.
spammers also use reply addresses 
Spoof may well be from spammer

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...