Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Targeted Spoof Email Bouncing:


peterpil19

Recommended Posts

Hi,

 

I've been receiving "Mail Delivery failed" messages caused by targed spoof emails bouncing due to illegal attachments.

 

The email body mentions my domain name, so I assume my domain has ended up on a list used by spoof-software.

 

I want to find out who is sending these emails. There is an IP address in the second header message. Is this the IP address of the offender?

 

Is there any other information in the headers I can use?

 

Thanks for any advice.

 

Header of "Mail Delivery failed" message:

 
Return-path: <>
Envelope-to: [email="[email protected]"][email protected][/email]
Delivery-date: Sat, 26 Aug 2006 23:51:56 +1000
Received: from mailnull by cleopatra.instanthosting.com.au with local (Exim 4.52)
 id 1GGyZo-0000HL-5B
 for [email="[email protected]"][email protected][/email]; Sat, 26 Aug 2006 23:51:56 +1000
X-Failed-Recipients: [email="[email protected]"][email protected][/email]
Auto-Submitted: auto-generated
From: Mail Delivery System <[url="http://www.greekandromancoins.com:2095/3rdparty/squirrelmail/src/compose.php?send_to=Mailer-Daemon%40cleopatra.instanthosting.com.au"][email protected][/url]>
To: [email="[email protected]"][email protected][/email]
Subject: Mail delivery failed: returning message to sender
Message-Id: <[email protected]>
Date: Sat, 26 Aug 2006 23:51:56 +1000

 

Original Header before bounce (found in message body):

Return-path: <[email="[email protected]"][email protected][/email]>
Received: from [70.56.210.219] (port=4013 helo=greekandromancoins.com)
	by cleopatra.instanthosting.com.au with esmtp (Exim 4.52)
	id 1GGyZh-0000GY-Kc
	for [email="[email protected]"][email protected][/email]; Sat, 26 Aug 2006 23:51:52 +1000
From: [email="[email protected]"][email protected][/email]
To: [email="[email protected]"][email protected][/email]
Subject: Your Account is Suspended For Security Reasons
Date: Sat, 26 Aug 2006 09:52:01 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
	boundary="----=_NextPart_000_0003_D83484C7.7E839B8F"
X-Priority: 3
X-MSMail-Priority: Normal

 

Thanks for any help,

 

Regards,

 

Peter

CE PHOENIX SUPPORTER

Support the Project, go PRO and get access to certified add ons

Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design.

Download the latest version of CE Phoenix from gitHub here

Link to comment
Share on other sites

Just realised that the IP address belongs to Google. All my domain email is forwarded onto Google which explains the google IP.

 

Peter

CE PHOENIX SUPPORTER

Support the Project, go PRO and get access to certified add ons

Full-time I am a C-suite executive of a large retail company in Australia. In my spare time, I enjoying learning about web-design.

Download the latest version of CE Phoenix from gitHub here

Link to comment
Share on other sites

  • 3 months later...

I too have been experiencing this problem - for the past week my `scoop` account has been filling up with `returned mail`, etc. because some one has been using my domain name in spam attack on the world outside.

 

I have checked my bandwidth, and contacted by hosting company, and there is no way the original messages are coming from me. So I am getting bombarded because of some crook out there.

 

I checked with the Spamhaus Project, and it seems that the bouncing of these emails is now considered a form of spam itself, because the mail NEVER goes to the originator but to some innocent party - and Spam could actually be used as a part of a denial of service attach on some innocent site.

 

Does anyone know how we can hit back at these crooks.

Link to comment
Share on other sites

Had same problem here (am currently reading up on all anti-bot contact form mods and looking into using image validation on my registration pages.. although ive had no spoof accounts as yet.

 

WHat I have done so far is contact and report this to my hosting service and send them copies (on their request) of the hundreds of email I received.

Link to comment
Share on other sites

I too have been experiencing this problem - for the past week my `scoop` account has been filling up with `returned mail`, etc. because some one has been using my domain name in spam attack on the world outside.

 

I have checked my bandwidth, and contacted by hosting company, and there is no way the original messages are coming from me. So I am getting bombarded because of some crook out there.

 

I checked with the Spamhaus Project, and it seems that the bouncing of these emails is now considered a form of spam itself, because the mail NEVER goes to the originator but to some innocent party - and Spam could actually be used as a part of a denial of service attach on some innocent site.

 

Does anyone know how we can hit back at these crooks.

 

there is nothing you can do about this. It is basically spam with a backup plan.

So treat it as such.

Treasurer MFC

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...