server rejects spam reply

[lesb14tino]

I have a strange phenomena happening need to understand what is happening. About twice per month I get an email from my isp telling me that the email I sent could not be delivered because the email address could not be found. When I look at the email my isp has returned I find it is a reply to a spam email that I reported to spamcop. I dont reply to spam emails. I did not reply to these spam emails. So I am confused as to how spam emails get to reply to themselves from my email program. Is that possible or is something else going on here that i should know about?

[Farelf]

... So I am confused as to how spam emails get to reply to themselves from my email program. Is that possible or is something else going on here that i should know about?

That's a new one on me. Since most spam uses hijacked real addresses as reply addresses I wonder if there are more of these going out than you know of - in other words if you're just seeing the few that are rejected at the SMTP level? Maybe you can parse one (and being sure to CANCEL it) post the Tracking URL here. There could be some sort of malware taking over your PC but I've not heard of any such which replies to the innocent addresses (a pointless exercise). More likely there's some other explanation.

What email client are you using? There's likely to be some "here" who will have thoughts. Give them as much to work with as you can. Unless it is just (coincidentally) more of the same spam but with your address this time spoofed as the sender. When you say it is a reply, how would you tell the difference between a reply and a spam with your address forged on it?

[Farelf]

In the event it is relevant, in a current topic in the NGs user Sofa King Tyred of Lar Ting (ahem) helpfully provides examples of autochallenges he has received from various applications dumbly responding to spam with his address forged as "sender" or in the "reply to" address:

I have lots of examples, as I have over 10,000 misdirected bounces since 2 months.

Here's what's in the headers of SpamArrest challenges:

X-Spamarrest-noauth: 1

X-Spamarrest-speedcode:

Precedence: auto_reply

http://www.spamcop.net/sc?id=z1473550555z5...e9a2aef3572276z

I got a couple BoxTrapper challenges, with no such auto-reply info in the headers, but there's this:

X-Boxtrapper: <munged_code>

http://www.spamcop.net/sc?id=z1473551519za...9b502c50a16df4z

I got a few ChoiceMail challenges; none have any auto-reply headers. But here's some detail to identify ChoiceMail challenges:

X-ChoiceMail-Registration-Request: ChoiceMail registration request

http://www.spamcop.net/sc?id=z1473552621za...b48255997d4b62z

I got one INBOX.COM challenge; no particular auto-reply header info either. But there's this header:

X-Mailer: INBOX.COM

http://www.spamcop.net/sc?id=z1473548149z1...ffe1c7b9a1c965z

Hey! Sender Address Verification challenges have this header (ding! ding! ding!):

Auto-Submitted: auto-replied

http://www.spamcop.net/sc?id=z1473549412z4...a822f0e3986288z

Couldn't identify the brand name of this challenge, but it did have the correct auto-submitted: auto-replied header:

http://www.spamcop.net/sc?id=z1473546750z5...b8020714c2ec1cz

Found one from Boxbe:

It has no obvious headers, but there's a juicy https://www.boxbe.com URL in the body.

http://www.spamcop.net/sc?id=z1473565939z4...940e68e51dee46z

Strange one, from Russia, looks to be home-baked, asking for a code to be put in the subject (I remember using something like this with procmail in the 1990s!):

http://www.spamcop.net/sc?id=z1473585954z0...94fcdc7773707az

[turetzsr]

I have a strange phenomena happening need to understand what is happening. About twice per month I get an email from my isp telling me that the email I sent could not be delivered because the email address could not be found.

<snip>

...This sounds somewhat familiar. I used to get similar notifications -- it appeared to me to be caused by a "delivery receipt request." I believe my "ISP" (my employer's e-mail network, in my case) was not able to stop external receipt requests at the time but have since done so, as I no longer receive such messages.