Our company has been getting a lot of spam in the form of spoofed delivery failure notices.
The reason I say they are spoofed is they look as if they actually originated from our server, from one of our users. They have not.
Has anyone else been running into this? What have you done to help block them?
Attached is some of the header from one such message. We are the forcomm.net, and carlj is a valid mail address. The 66.187.175.107 address is our mail server.
Date: Tue, 2 Nov 2004 12:06:46 -0500
From: Mail Delivery Subsystem <[email protected]>
To: <[email protected]>
Subject: Returned mail: User unknown
Auto-Submitted: auto-generated (failure)
The original message was received at Tue, 2 Nov 2004 12:06:46 -0500
from mail.forcomm.net [66.187.175.107]
----- The following addresses had permanent fatal errors -----
<[email protected]>
(expanded from: <[email protected]>)
----- Transcript of session follows -----
mail.local: unknown name: attila
550 <[email protected]>... User unknown
Reporting-MTA: dns; mx1.comcast.net
Received-From-MTA: DNS; mail.forcomm.net
Arrival-Date: Tue, 2 Nov 2004 12:06:46 -0500
Final-Recipient: RFC822; <[email protected]>
X-Actual-Recipient: RFC822; [email protected]
Action: failed
Status: 5.1.1
Last-Attempt-Date: Tue, 2 Nov 2004 12:06:46 -0500
Received: from 201-13-178-76.dial-up.telesp.net.br
([201.13.178.76](misconfigured sender))
by sccrmxc15.comcast.net (sccrmxc15) with SMTP
id <20041102163145s1500m8htse>; Tue, 2 Nov 2004 16:31:52 +0000
X-Originating-IP: [201.13.178.76]
Received: from forcomm.net (mail.forcomm.net [66.187.175.107])
by 201-13-178-76.dial-up.telesp.net.br (Postfix) with ESMTP id
B2D46FB616
for <[email protected]>; Tue, 02 Nov 2004 10:31:10 -0600
Message-ID: <[email protected]>
From: "Guffaws O. Dossiers" <[email protected]>
To: Attila <[email protected]>
The reason I say they are spoofed is they look as if they actually originated from our server, from one of our users. They have not.
Has anyone else been running into this? What have you done to help block them?
Attached is some of the header from one such message. We are the forcomm.net, and carlj is a valid mail address. The 66.187.175.107 address is our mail server.
Date: Tue, 2 Nov 2004 12:06:46 -0500
From: Mail Delivery Subsystem <[email protected]>
To: <[email protected]>
Subject: Returned mail: User unknown
Auto-Submitted: auto-generated (failure)
The original message was received at Tue, 2 Nov 2004 12:06:46 -0500
from mail.forcomm.net [66.187.175.107]
----- The following addresses had permanent fatal errors -----
<[email protected]>
(expanded from: <[email protected]>)
----- Transcript of session follows -----
mail.local: unknown name: attila
550 <[email protected]>... User unknown
Reporting-MTA: dns; mx1.comcast.net
Received-From-MTA: DNS; mail.forcomm.net
Arrival-Date: Tue, 2 Nov 2004 12:06:46 -0500
Final-Recipient: RFC822; <[email protected]>
X-Actual-Recipient: RFC822; [email protected]
Action: failed
Status: 5.1.1
Last-Attempt-Date: Tue, 2 Nov 2004 12:06:46 -0500
Received: from 201-13-178-76.dial-up.telesp.net.br
([201.13.178.76](misconfigured sender))
by sccrmxc15.comcast.net (sccrmxc15) with SMTP
id <20041102163145s1500m8htse>; Tue, 2 Nov 2004 16:31:52 +0000
X-Originating-IP: [201.13.178.76]
Received: from forcomm.net (mail.forcomm.net [66.187.175.107])
by 201-13-178-76.dial-up.telesp.net.br (Postfix) with ESMTP id
B2D46FB616
for <[email protected]>; Tue, 02 Nov 2004 10:31:10 -0600
Message-ID: <[email protected]>
From: "Guffaws O. Dossiers" <[email protected]>
To: Attila <[email protected]>