alan_f Posted March 3, 2004 Share Posted March 3, 2004 I submitted this e-mail, which I will include below, to SpamCop -- it informed me that the message looked like a bounce, so it would not report it. I don't think that the message is a bounce, but rather a spam that is trying to look like a bounce by using specific 'From' and 'Subject' lines. Thoughts? -Alan Message Follows (sanitized): Received: from mail.domain.com (mail.domain.com [10.0.240.123]) by mail2.domain.com (8.12.10/8.12.8) with ESMTP id i22IoHOH011008 for <myemail[at]mail2.domain.com>; Tue, 2 Mar 2004 11:50:19 -0700 (MST) Received: from so229083.bbo229.so-net.com.hk (so229083.bbo229.so-net.com.hk [203.176.229.83]) by mail.domain.com (8.12.10/8.12.8) with SMTP id i22IoCjJ021231; Tue, 2 Mar 2004 11:50:13 -0700 (MST) Received: from 225.56.97.160 by 203.176.229.83; Tue, 02 Mar 2004 22:51:49 +0400 Date: Tue, 02 Mar 2004 23:48:49 +0500 From: MAILER-DAEMON[at]takuyakimura.com (Mail Delivery System) To: al.colin[at]domain.com Cc: alaala[at]domain.com, alan.blahblah[at]domain.com, alber.nobody[at]domain.com Subject: Undelivered Mail Returned to Sender MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="--89780753386835606463" Message-ID: <LUWKUUQIEIQTFZLBQXVK[at]takuyakimura.com> Content-Length: 6133 Generosity is giving more than you can, and pride is taking less than you need. To see him act is like reading Shakespeare by flashes of lightning. I have a great mind to believe in Christianity for the mere pleasure of [snipped for sanity] Link to comment Share on other sites More sharing options...
turetzsr Posted March 3, 2004 Share Posted March 3, 2004 ...ATTENTION DEPUTY! Looks like he has a case, here. Can anything be done? Link to comment Share on other sites More sharing options...
alan_f Posted March 3, 2004 Author Share Posted March 3, 2004 FYI: I've forwarded the full message with un-sanitized headers to the deputies. -Alan Link to comment Share on other sites More sharing options...
Wazoo Posted March 3, 2004 Share Posted March 3, 2004 Discussion on-going over in the newsgroups about these ... critical items that are jacking up the parser: From: MAILER-DAEMON[at]takuyakimura.com (Mail Delivery System) Content-Type: multipart/report; report-type=delivery-status; boundary="--89780753386835606463" Subject: Undelivered Mail Returned to Sender All forged to look exactly like a bounce ... on the other hand, here's an e-mail sent out by a company that was a victim of a spammer, using their system to send this kind of crap out; We apologize for the two emails you may have received from us this past weekend. They were sent by a virus that bounced the messages through <Company name> email server. Attachments of these messages should not be opened as they contained a copy of the virus. In response to phone calls to our customer service representatives, we were able to stop the emails before all of them were sent, so some of you may not have received the emails. We have taken steps to prevent this situation from recurring. Following is technical information, for those curious about the details of the problem. <Company name> servers are set to not allow outside messages to go to our customers. The scenario that had been missed was that a Mailer-Daemon rejection notice (bounce) message, responding to a incoming message (from a virus that had been created with a forged internal "from" address), would not appear to be an outside message. This response would be sent to the forged internal "from" address (in this case a list name that caused it to be sent to everyone on the list). This problem has now been corrected Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.