♥peterpil19 Posted August 26, 2006 Share Posted August 26, 2006 Hi, I've been receiving "Mail Delivery failed" messages caused by targed spoof emails bouncing due to illegal attachments. The email body mentions my domain name, so I assume my domain has ended up on a list used by spoof-software. I want to find out who is sending these emails. There is an IP address in the second header message. Is this the IP address of the offender? Is there any other information in the headers I can use? Thanks for any advice. Header of "Mail Delivery failed" message: Return-path: <> Envelope-to: [email="[email protected]"][email protected][/email] Delivery-date: Sat, 26 Aug 2006 23:51:56 +1000 Received: from mailnull by cleopatra.instanthosting.com.au with local (Exim 4.52) id 1GGyZo-0000HL-5B for [email="[email protected]"][email protected][/email]; Sat, 26 Aug 2006 23:51:56 +1000 X-Failed-Recipients: [email="[email protected]"][email protected][/email] Auto-Submitted: auto-generated From: Mail Delivery System <[url="http://www.greekandromancoins.com:2095/3rdparty/squirrelmail/src/compose.php?send_to=Mailer-Daemon%40cleopatra.instanthosting.com.au"][email protected][/url]> To: [email="[email protected]"][email protected][/email] Subject: Mail delivery failed: returning message to sender Message-Id: <[email protected]> Date: Sat, 26 Aug 2006 23:51:56 +1000 Original Header before bounce (found in message body): Return-path: <[email="[email protected]"][email protected][/email]> Received: from [70.56.210.219] (port=4013 helo=greekandromancoins.com) by cleopatra.instanthosting.com.au with esmtp (Exim 4.52) id 1GGyZh-0000GY-Kc for [email="[email protected]"][email protected][/email]; Sat, 26 Aug 2006 23:51:52 +1000 From: [email="[email protected]"][email protected][/email] To: [email="[email protected]"][email protected][/email] Subject: Your Account is Suspended For Security Reasons Date: Sat, 26 Aug 2006 09:52:01 -0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0003_D83484C7.7E839B8F" X-Priority: 3 X-MSMail-Priority: Normal Thanks for any help, Regards, Peter CE PHOENIX SUPPORTER Support the Project, go PRO and get access to certified add ons Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design. Download the latest version of CE Phoenix from gitHub here Link to comment Share on other sites More sharing options...
♥peterpil19 Posted August 26, 2006 Author Share Posted August 26, 2006 Just realised that the IP address belongs to Google. All my domain email is forwarded onto Google which explains the google IP. Peter CE PHOENIX SUPPORTER Support the Project, go PRO and get access to certified add ons Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design. Download the latest version of CE Phoenix from gitHub here Link to comment Share on other sites More sharing options...
csjwoodward Posted December 9, 2006 Share Posted December 9, 2006 I too have been experiencing this problem - for the past week my `scoop` account has been filling up with `returned mail`, etc. because some one has been using my domain name in spam attack on the world outside. I have checked my bandwidth, and contacted by hosting company, and there is no way the original messages are coming from me. So I am getting bombarded because of some crook out there. I checked with the Spamhaus Project, and it seems that the bouncing of these emails is now considered a form of spam itself, because the mail NEVER goes to the originator but to some innocent party - and Spam could actually be used as a part of a denial of service attach on some innocent site. Does anyone know how we can hit back at these crooks. Link to comment Share on other sites More sharing options...
spelchek Posted December 10, 2006 Share Posted December 10, 2006 Had same problem here (am currently reading up on all anti-bot contact form mods and looking into using image validation on my registration pages.. although ive had no spoof accounts as yet. WHat I have done so far is contact and report this to my hosting service and send them copies (on their request) of the hundreds of email I received. Link to comment Share on other sites More sharing options...
boxtel Posted December 10, 2006 Share Posted December 10, 2006 I too have been experiencing this problem - for the past week my `scoop` account has been filling up with `returned mail`, etc. because some one has been using my domain name in spam attack on the world outside. I have checked my bandwidth, and contacted by hosting company, and there is no way the original messages are coming from me. So I am getting bombarded because of some crook out there. I checked with the Spamhaus Project, and it seems that the bouncing of these emails is now considered a form of spam itself, because the mail NEVER goes to the originator but to some innocent party - and Spam could actually be used as a part of a denial of service attach on some innocent site. Does anyone know how we can hit back at these crooks. there is nothing you can do about this. It is basically spam with a backup plan. So treat it as such. Treasurer MFC Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.