Jump to content

Bounced Mail?


Recommended Posts

I submitted this e-mail, which I will include below, to SpamCop -- it informed me that the message looked like a bounce, so it would not report it. I don't think that the message is a bounce, but rather a spam that is trying to look like a bounce by using specific 'From' and 'Subject' lines.



Message Follows (sanitized):

Received: from mail.domain.com (mail.domain.com [])

        by mail2.domain.com (8.12.10/8.12.8) with ESMTP id


        for <myemail[at]mail2.domain.com>; Tue, 2 Mar 2004 11:50:19 -0700 (MST)

Received: from so229083.bbo229.so-net.com.hk (so229083.bbo229.so-net.com.hk


        by mail.domain.com (8.12.10/8.12.8) with SMTP id


        Tue, 2 Mar 2004 11:50:13 -0700 (MST)

Received: from by; Tue, 02 Mar 2004 22:51:49 +0400

Date: Tue, 02 Mar 2004 23:48:49 +0500

From: MAILER-DAEMON[at]takuyakimura.com (Mail Delivery System)

To: al.colin[at]domain.com

Cc: alaala[at]domain.com, alan.blahblah[at]domain.com, alber.nobody[at]domain.com

Subject: Undelivered Mail Returned to Sender

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status;


Message-ID: <LUWKUUQIEIQTFZLBQXVK[at]takuyakimura.com>

Content-Length: 6133

Generosity is giving more than you can, and pride is taking less than you need.

To see him act is like reading Shakespeare by flashes of lightning.

I have a great mind to believe in Christianity for the mere pleasure of

[snipped for sanity]

Link to comment
Share on other sites

Discussion on-going over in the newsgroups about these ... critical items that are jacking up the parser:

From: MAILER-DAEMON[at]takuyakimura.com (Mail Delivery System)

Content-Type: multipart/report; report-type=delivery-status;


Subject: Undelivered Mail Returned to Sender

All forged to look exactly like a bounce ...

on the other hand, here's an e-mail sent out by a company that was a victim of a spammer, using their system to send this kind of crap out;

We apologize for the two emails you may have received from us this past weekend. They were sent by a virus that bounced the messages through <Company name> email server. Attachments of these messages should not be opened as they contained a copy of the virus. In response to phone calls to our customer service representatives, we were able to stop the emails before all of them were sent, so some of you may not have received the emails. We have taken steps to prevent this situation from recurring.

Following is technical information, for those curious about the details of the problem. <Company name> servers are set to not allow outside messages to go to our customers. The scenario that had been missed was that a Mailer-Daemon rejection notice (bounce) message, responding to a incoming message (from a virus that had been created with a forged internal "from" address), would not appear to be an outside message. This response would be sent to the forged internal "from" address (in this case a list name that caused it to be sent to everyone on the list). This problem has now been corrected

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...