Olof Posted July 2, 2020 Posted July 2, 2020 We are seeing that someone is sending a lots of spam using a mail address (from and reply-to) that belongs to us (we've being spoofed). They are all sent from the same mailserver, and the content is classic spam in a lot of different variants. We are not the recievers of these mails, but we get all the autoreply (as the reply-to is spoofed too). We mainly see autoreplys from 2 targeted domains, that obviously lacking in checking DMARC and SPF, that would have stopped the mails as the origin mail server isn't an approved sender in our spf records. The sender is quite aggressive as we have received about 38.000 mails of this kind the last 7 days. I have blacklisted the mailserver that is sending the spam, so it is solved in that perspective for now, but it is of course not good for us that someone is sending out a lot of spam in our name. I have read the a bit here about how to report, but not sure if I can report this behavior? I don't have the original mails as they aren't targeted to me. It is not the spam itself i wish to report, but the MTA that is hammering out spam. Any suggestions? Thanks Olof Quote
Lking Posted July 2, 2020 Posted July 2, 2020 Did you read https://www.spamcop.net/fom-serve/cache/14.html? Scroll down to Messages which may be reported: I understand your frustration. Every once in a while one of my domains cycle through the spammer's list of forged "FROM:" or "REPLY:" Although the admin of the domain receiving the original spam must not have a clue about the difference between FROM: and the IP address of the real source, reporting their invalid bounce messages my get their attention. If you are nice you could include a note in the spam Report explaining the difference. Quote
petzl Posted July 3, 2020 Posted July 3, 2020 12 hours ago, Olof said: We are seeing that someone is sending a lots of spam using a mail address (from and reply-to) that belongs to us (we've being spoofed). They are all sent from the same mailserver, and the content is classic spam in a lot of different variants. We are not the recievers of these mails, but we get all the autoreply (as the reply-to is spoofed too). We mainly see autoreplys from 2 targeted domains, that obviously lacking in checking DMARC and SPF, that would have stopped the mails as the origin mail server isn't an approved sender in our spf records. The sender is quite aggressive as we have received about 38.000 mails of this kind the last 7 days. I have blacklisted the mailserver that is sending the spam, so it is solved in that perspective for now, but it is of course not good for us that someone is sending out a lot of spam in our name. I have read the a bit here about how to report, but not sure if I can report this behavior? I don't have the original mails as they aren't targeted to me. It is not the spam itself i wish to report, but the MTA that is hammering out spam. Any suggestions? Thanks Olof Report one to see what SpamCop makes of it, and submit Before submitting, at top of report page is a tracking link, copy it and save. spammers also use reply addresses Spoof may well be from spammer Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.