Quantumcat Posted January 10, 2008 Share Posted January 10, 2008 Someone used my domain name to send out untold numbers of spam mail. All I am seeing of it is 1200+ bounced back emails for "failure notice, undeliverable, etc. I contacted the ISP for my website since they run the mail servers, etc but all I got was a reply from a "outsourced" tech whose English was a second language. All I got from his email was there was nothing they could do about it and a link to spamcop.net. Many of the bounced back emails contained a copy of the original spam in a .eml format. I am unable to figure out how to get that file into the spamcop system. From what I can tell the original offender IP is 87.8.184.59. I didn't want to submit the spam wrong and get my own domain on a ban list. Here is a sample of the Received: lines from one of the attachments. Received: (qmail 6787 invoked from network); 8 Jan 2008 20:44:50 +0100 Received: from host59-184-dynamic.8-87-r.retail.telecomitalia.it (HELO host22-253-dynamic.8-87-r.retail.telecomitalia.it) (87.8.184.59) by bcl00442.empresas.ya.com with SMTP; 8 Jan 2008 20:44:48 +0100 Received: from sempron3000 ([195.198.41.27]:6032 "EHLO sempron3000" smtp-auth: <none> TLS-CIPHER: <none> TLS-PEER-CN1: <none>) by host22-253-dynamic.8-87-r.retail.telecomitalia.it with ESMTP id S22YSSKCMCJQNWJT (ORCPT <rfc822;antiquingrecreation%granitosdelval.com[at]mail.granitosdelval.com>); Tue, 8 Jan 2008 20:45:26 +0100 And a second: Received: from host22-253-dynamic.8-87-r.retail.telecomitalia.it (localhost [127.0.0.1]) by barracuda2.g-o.be (spam Firewall) with ESMTP id 75D70AE40C0 for <annie.ict[at]rago.be>; Tue, 8 Jan 2008 20:42:44 +0100 (CET) Received: from host22-253-dynamic.8-87-r.retail.telecomitalia.it (host59-184-dynamic.8-87-r.retail.telecomitalia.it [87.8.184.59]) by barracuda2.g-o.be with ESMTP id q8UoHvPbTLXoLKMo for <annie.ict[at]rago.be>; Tue, 08 Jan 2008 20:42:44 +0100 (CET) Received: from sempron3000 ([193.160.150.198] helo=sempron3000) by host22-253-dynamic.8-87-r.retail.telecomitalia.it ( sendmail 8.13.3/8.13.1) with esmtpa id 1BckVW-000GWV-Zi for annie.ict[at]rago.be; Tue, 8 Jan 2008 20:43:27 +0100 Link to comment Share on other sites More sharing options...
Miss Betsy Posted January 10, 2008 Share Posted January 10, 2008 You may not submit the original spam to spamcop. You may submit the 'bounce'. The report goes to the ISP who bounced the spam to you. As you know, bouncing spam is just as annoying as getting spam. You may want to look at Why am I getting All these Bounces? and Misdirected Bounce Miss Betsy Link to comment Share on other sites More sharing options...
btech Posted February 8, 2008 Share Posted February 8, 2008 I get bounces all the time and report them. WHat's aggrivating are the bounces that don't have my email address listed ANYWHERE in the message... how they got back to me is a mystery. Link to comment Share on other sites More sharing options...
Lking Posted February 8, 2008 Share Posted February 8, 2008 ... how they got back to me is a mystery. Yep, me too! The only answer I have come up with is that it is just another way to get the spam past the filters. I got the clue from a bounce addressed to LKing[at]POP.ISPname.com Now that is an address that is never used (by me) but appears to be on some spam list. Link to comment Share on other sites More sharing options...
btech Posted February 8, 2008 Share Posted February 8, 2008 well with me, it was brandonj[at]ISPNAME.com I mean.. that's not even CLOSE to the address it was bounced to. Here's another fine example... my email isn't listed ANYWHERE in this. http://www.spamcop.net/sc?id=z1645505353zb...7ccedf598b689az Link to comment Share on other sites More sharing options...
Miss Betsy Posted February 8, 2008 Share Posted February 8, 2008 I looked at 'View Entire Message' and the To and From had <x> for the name. I don't know if that's where your email address was. I don't think that you can see BCC either - many spammers have all the email addresses in the BCC. Miss Betsy Link to comment Share on other sites More sharing options...
Lking Posted February 9, 2008 Share Posted February 9, 2008 I don't think that you can see BCC either - many spammers have all the email addresses in the BCC. Help me not get confused. There are two headers here 1) the spam header: Subject: February 78% OFF From: <x> and 2) the bounce header: Subject: Undelivered Mail Returned to Sender To: x A poorly managed mail app will bounce email to the forged From: <x> bouncing it To: x All those x's are spamcop effort to hide the reporter's address. Some of the bounces I have seen are different than this example, more like: original spam Subject: February 78% OFF From: <some address ww[at]yy.de> with a bounce header: Subject: Undelivered Mail Returned to Sender To: x Hopefully no one has configured a server to bounce to an addy in the BCC list! (Is that what you meant Miss B?) Link to comment Share on other sites More sharing options...
turetzsr Posted February 9, 2008 Share Posted February 9, 2008 I looked at 'View Entire Message' and the To and From had <x> for the name. I don't know if that's where your email address was....VERY likely, in my experience.I don't think that you can see BCC either - many spammers have all the email addresses in the BCC....That is my understanding of how much of the spam gets to its victims. Link to comment Share on other sites More sharing options...
Lking Posted February 9, 2008 Share Posted February 9, 2008 ...VERY likely, in my experience....That is my understanding of how much of the spam gets to its victims. Yes, but even with a Bcc: the path to the recipient is reflected in the "Received:" I don't see that here. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.