Nocturno Posted June 14, 2022 Share Posted June 14, 2022 Feel free to call me a noob and point me in the right direction. Going through this for my Uncle's company, it seems like describinary.com or someone using that domain is trying to use his domain to send email. But SpamCop is stopping that from happening. The Message-ID is always different But the Sender Address Domain is the same. I have removed the 'e' from morelite so the email can't easily be lifted. [ SpamCop V5.4.0 ] This message is brief for your comfort. Please use links below for details. Email from 6/14/2022 1:49:59 p.m.https://www.spamcop.net/w3m71cdhufhyrhfty54765thyrrhgsdrtshgfeyfgjse [ Offending message ] Received: from GTP morlite.ca ([01.154.129.68]:52680) by morelite.ca with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (PMTA 4.95) (envelope-from info@morlite.ca id x for x; DATE 6/14/2022 1:49:59 p.m. From: support x info@morlite.ca To: x Subject: E-mail Account Notification For x !!! Date: 6/14/2022 1:49:59 p.m. Message-ID: <xx@grty*********.com> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: quoted-printable X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - morlite.ca X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - describinary.com X-Get-Message-Sender-Via: morlite.ca: authenticated_id: info@morlite.ca X-Authenticated-Sender: info@morlite.ca <html><head> <meta name=3D"GENERATOR" content=3D"MSHTML 11.00.9600.19003"> <meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge"> </head> <body> Quote Link to comment Share on other sites More sharing options...
petzl Posted June 14, 2022 Share Posted June 14, 2022 NEED A working IP address to look-up none provided? Quote Link to comment Share on other sites More sharing options...
Nocturno Posted June 15, 2022 Author Share Posted June 15, 2022 Ok, here is the IP for the domain/mail server. 144.217.180.201 Hope that is the IP you are looking for, since none of the first post posts seem to either work, or mention IP address. Or do you want the ip from the subject line of the email? [SpamCop Abuse Report (172.67.23.149) id: 84748602] spam Also, I just want to know if I was understanding the email. I did not sign up for this service, and was called in out of the blue to look at this email. Thank you in advance for any help understanding what is going on. Quote Link to comment Share on other sites More sharing options...
petzl Posted June 15, 2022 Share Posted June 15, 2022 Neither 172.67.23.149 or 144.217.180.201 have been reported to SpamCop. The bounce seems to be a fraud suggest you report these bounces as fraud? Use SpamCop is the easiest way Quote Link to comment Share on other sites More sharing options...
Nocturno Posted June 15, 2022 Author Share Posted June 15, 2022 Ok, thank you. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted June 17, 2022 Share Posted June 17, 2022 On 6/14/2022 at 10:08 AM, Nocturno said: for my Uncle's company, it seems like You might want to suggest to your Uncle to have the SPF carefully changed from ~all to -all. I say carefully because it should stop most of the abuse but could also block any IPs that you may not have added to the record. The softfail might still allow other IPs to use the domain. The fail will put an end to them using it for any server that is checking for SPF. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.