Since 11:30PM last night and this morning, I’ve gotten over 420 540 620 “Undelivered Mail Returned To Sender” (and the like) messages in my inbox. Apparently some automated spamming robot decided to spam a crapload of people faking the reply-to address to bounce back to me, basically using my server as their trash can. Usually these things just get sent to /dev/null, as they’ll use invalid reply-to addresses, but this time they used the one I actually use. Looking at the headers of the messages that were bounced back…
Return-Path: <jake@mydomain.com>
Received: from green.shirasaki.co.jp (green.shirasaki.co.jp [202.238.50.147])
by green.shirasaki.co.jp (Switch-3.1.6/Switch-3.1.2) with SMTP id 03MF0M61F00001658
for <[email protected]>; Wed, 23 Apr 2008 00:22:47 +0900
Received: from 59.12.13.99 ([59.12.13.99])
by green.shirasaki.co.jp (SMSSMTP 4.1.0.19) with SMTP id M2008042300224602851
for <[email protected]>; Wed, 23 Apr 2008 00:22:47 +0900
Message-ID: <000801c8a48c$0321b897$914eb19a@nubfw>
From: “Leivtra Cylais” <jake@mydomain.com>
To: <[email protected]>
Subject: Free Viagar Pilsl. takahashi’s discount Coupon #GYJTN.
Date: Tue, 22 Apr 2008 13:35:18 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=”—-=_NextPart_000_0005_01C8A48C.031BAD84″
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
…it’s fairly obvious these didn’t come from my server (this particular one came from some ISP in Korea). I need to go through some of the other messages and start digging through the IP addresses to see if there is a few that are the bulk of it so I can report them IPs to the appropriate abuse folks.
Anybody know a bulk way to search through these in Outlook 2003?
Comments
You should see what I get on my Exchange server with 300+ Users, I’m hitting in the 3K-4K per day of NDRs from SPAM right now. Someone is having fun on behalf of our domain.
And now matter how many times I try to explain to our users what is happening, I still get paniced calles and e-mails, “I’m getting bounced messages from someone I don’t now, and I didn’t send them, is someone hacing my Outlook?”
Spammers should be drawn and quartered.
The thing is, these NDR’s shouldn’t be sent out in the first place. Barracuda especially, are guilty of having their anti-spam devices send NDR’s out by default.
Good point, we have NDR disabled on our Exchange server.
On cPanel servers, however (which is what I use), there are very good valid reasons for sending NDRs versus just sending everything to /dev/null. Just something to think about. 🙂
Fair enough for cpanel but I have areal issue with anti-spam devices being set up to send NDR’s by default. Our Barracuda was receiving around 1.2 million spams a day. Can you imagine the amount of unnecessary traffic (and hassle to the innocent domain holders) if an NDR was sent out in each case? A lot of anti-spam devices see the NDR’s as spam and send out another NDR. Before you know it, they’re multiplying like bunny rabbits!