Jump to content

Am I reading this right?


Nocturno
 Share

Recommended Posts

Feel free to call me a noob and point me in the right direction.

Going through this for my Uncle's company, it seems like describinary.com or someone using that domain is trying to use his domain to send email.
But SpamCop is stopping that from happening.

The Message-ID is always different
But the Sender Address Domain is the same.

I have removed the 'e' from morelite so the email can't easily be lifted.

[ SpamCop V5.4.0 ]
This message is brief for your comfort. Please use links below for details.

Email from 6/14/2022 1:49:59 p.m.
https://www.spamcop.net/w3m71cdhufhyrhfty54765thyrrhgsdrtshgfeyfgjse

[ Offending message ]
Received: from GTP morlite.ca ([01.154.129.68]:52680)
by morelite.ca with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(PMTA 4.95)
(envelope-from info@morlite.ca
id x
for x;
DATE 6/14/2022 1:49:59 p.m.
From: support x info@morlite.ca
To: x
Subject: E-mail Account Notification For x !!!
Date: 6/14/2022 1:49:59 p.m.
Message-ID: <xx@grty*********.com>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - morlite.ca
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - describinary.com
X-Get-Message-Sender-Via: morlite.ca: authenticated_id: info@morlite.ca
X-Authenticated-Sender: info@morlite.ca

<html><head>
<meta name=3D"GENERATOR" content=3D"MSHTML 11.00.9600.19003">
<meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge">
</head>
<body>

 

 

 

Link to comment
Share on other sites

Ok, here is the IP for the domain/mail server. 144.217.180.201

Hope that is the IP you are looking for, since none of the first post posts seem to either work, or mention IP address.

Or do you want the ip from the subject line of the email? [SpamCop Abuse Report (172.67.23.149) id: 84748602] spam

Also, I just want to know if I was understanding the email.  I did not sign up for this service, and was called in out of the blue to look at this email.

Thank you in advance for any help understanding what is going on.

Link to comment
Share on other sites

Neither 172.67.23.149 or 144.217.180.201 have been reported to SpamCop.
The bounce  seems to be a fraud suggest you report these bounces as fraud?

Use SpamCop is the easiest way

Link to comment
Share on other sites

On 6/14/2022 at 10:08 AM, Nocturno said:

for my Uncle's company, it seems like

You might want to suggest to your Uncle to have the SPF carefully changed from ~all to -all.  I say carefully because it should stop most of the abuse but could also block any IPs that you may not have added to the record.  The softfail might still allow other IPs to use the domain.  The fail will put an end to them using it for any server that is checking for SPF.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...