Mail delivery failure messages for email I've never sent.
May 12, 2004 4:37 PM
I keep getting "Mail Delivery (failure myemail@address)" messages in my webmail inbox/junk mail box for email I've never sent. What's going on? [details inside]
The form the email takes is this:
With the link actually pointing to:
I get several of these a week, I've never clicked. It seems to be pointing back at yahoo rather than some scummy spam site. I've certainly never sent any email to the addresses these things are from, and my system is virus clean. I just don't understand what the game is.
The form the email takes is this:
From: xxx@xxx.com.xx
To: me@yahoo.com
Subject: Mail Delivery (failure me@yahoo.com)
Date: Wed, 12 May 2004 12:30:55 +0700
If the message will not displayed automatically,
follow the link to read the delivered message.
Received message is available at:
www.yahoo.com/inbox/me/read.php?sessionid-14764With the link actually pointing to:
http://mail.yahoo.com/config/login?/cid:xxxxxxxxx:/ym/us/ShowLetter?box=%40B%40Bulk&MsgId=numbers_here&bodyPart=2&YY=90974&order=down&sort=date&pos=0
I get several of these a week, I've never clicked. It seems to be pointing back at yahoo rather than some scummy spam site. I've certainly never sent any email to the addresses these things are from, and my system is virus clean. I just don't understand what the game is.
Most likely, it's people sending spam, and spoofing the 'From:' header so that it looks like it's coming from your email address. If they send the spam to an address that doesn't exist, it bounces back to whoever it came 'From:', which in this case looks like you.
posted by chrismear at 4:50 PM on May 12, 2004
posted by chrismear at 4:50 PM on May 12, 2004
I get the same thing (tons of them) and it seems to me that either the spammers use the "Mail Delivery error" to sneak through the spam filter or that they just use some random return address that happens to be yours, but I sure would like to hear an expert analysis of these and whether it's possible to stop them.
A large portion of my spam currently looks like this:
From: MAILER-DAEMON@aol.com - Subject: Returned mail: User unknown
From: postmaster@colpipe.com - Subject: Delivery Status Notification (Failure)
posted by milovoo at 4:51 PM on May 12, 2004
A large portion of my spam currently looks like this:
From: MAILER-DAEMON@aol.com - Subject: Returned mail: User unknown
From: postmaster@colpipe.com - Subject: Delivery Status Notification (Failure)
posted by milovoo at 4:51 PM on May 12, 2004
There are various viruses that function by infecting someone's computer, going into the person's address book, and sending out copies to various people in the address book. The sneaky bit is that they use other names from the address book for the Sender field to make the mail look more "natural" or something. Hence innocent parties like yourself getting dragged into the melee of bounces and returned mail. So that's another possibility.
posted by bcwinters at 4:52 PM on May 12, 2004
posted by bcwinters at 4:52 PM on May 12, 2004
You're screwed. Google for "joe job", and you'll see why.
I must have pissed off a spammer at one point, because I get about 600 of these bounces every day, with various repugnant subjects, and a good number of them still get through my multiple levels of filters. I'm ready for some violence.
posted by majcher at 5:19 PM on May 12, 2004
I must have pissed off a spammer at one point, because I get about 600 of these bounces every day, with various repugnant subjects, and a good number of them still get through my multiple levels of filters. I'm ready for some violence.
posted by majcher at 5:19 PM on May 12, 2004
There are various viruses that function by infecting someone's computer, going into the person's address book, and sending out copies to various people in the address book.
Trojan / Zombie?
posted by Shane at 5:24 PM on May 12, 2004
Trojan / Zombie?
posted by Shane at 5:24 PM on May 12, 2004
FWIW, the bayes filter in thunderbird quickly learned to spot these.
posted by signal at 6:01 PM on May 12, 2004
posted by signal at 6:01 PM on May 12, 2004
something to be aware of - someone might send you a nasty email because they think you're the source of the spam. happens less these days, because people are used to span, but if it happens don't think someone suddenly hates you, it's just mistaken identity...
posted by andrew cooke at 6:06 PM on May 12, 2004
posted by andrew cooke at 6:06 PM on May 12, 2004
Spammers send so many emails faked from my work's domain that AOL has now blocked us. And there seems to be little we can do about it. Grr!
posted by bonaldi at 6:35 PM on May 12, 2004
posted by bonaldi at 6:35 PM on May 12, 2004
bonaldi: Have you looked at http://postmaster.aol.com/?
No ISP should block email simply on the basis that it comes from a 'known' spam email address. The 'From:' header is just far too easy to forge, with the result that innocent bystanders get their emails blocked, as we have seen here.
What does make sense is for ISPs to block servers that are acting as open relays that spammers are sending email through. This is a misconfiguration and bad security on the part of the company that is running the open relay. If this is what's happening with you, bonaldi, then the IT bods where you work really should check out their email servers and make sure they're not relaying a load of spam.
posted by chrismear at 6:51 PM on May 12, 2004
No ISP should block email simply on the basis that it comes from a 'known' spam email address. The 'From:' header is just far too easy to forge, with the result that innocent bystanders get their emails blocked, as we have seen here.
What does make sense is for ISPs to block servers that are acting as open relays that spammers are sending email through. This is a misconfiguration and bad security on the part of the company that is running the open relay. If this is what's happening with you, bonaldi, then the IT bods where you work really should check out their email servers and make sure they're not relaying a load of spam.
posted by chrismear at 6:51 PM on May 12, 2004
I'm also getting emails from "me" bounced back to me.
But lately I've started getting spam from MYSELF which really freaks me out.
posted by CunningLinguist at 8:41 PM on May 12, 2004
But lately I've started getting spam from MYSELF which really freaks me out.
posted by CunningLinguist at 8:41 PM on May 12, 2004
I get about 80 of these messages a day and just delete them. Most of them are, I assume, bounce-backs from when someone has used my e-mail address (or another from our domain) as the reply-to address in a spam, but some of them carry virus payloads as attachements, so be careful.
What scares me is that, even knowing that someone is sending spam out with my e-mail address as the sender now just makes me go "whatever" and delete the bounces. Even as little as six months ago, I would have been breathing fire and brimstone over it. How quickly we adjust to bad things is somehow frightening.
I also get spam from myself sometimes, which makes me wonder whether I am actually living a double life as a spammer in my sleep, which could explain why I am so tired all the time.
posted by dg at 11:48 PM on May 12, 2004
What scares me is that, even knowing that someone is sending spam out with my e-mail address as the sender now just makes me go "whatever" and delete the bounces. Even as little as six months ago, I would have been breathing fire and brimstone over it. How quickly we adjust to bad things is somehow frightening.
I also get spam from myself sometimes, which makes me wonder whether I am actually living a double life as a spammer in my sleep, which could explain why I am so tired all the time.
posted by dg at 11:48 PM on May 12, 2004
Same here. At first I was worried that my own box was sending these out, but you can tell from the message that it's not. Look, here's one now: it says the returned message was originally
The part in brackets is so not my domain. I would have thought there would be some check at the receiving end of this low-tech spoofing; seem like there's not. For what it's worth, my popfile filter catches 99% of these messages now. I just hope that no legitimate mail ever comes back to me.
posted by thijsk at 4:11 AM on May 13, 2004
Received: from [my domain] (ppp-219.65.104.189.chn.vsnl.net.in )The part in brackets is so not my domain. I would have thought there would be some check at the receiving end of this low-tech spoofing; seem like there's not. For what it's worth, my popfile filter catches 99% of these messages now. I just hope that no legitimate mail ever comes back to me.
posted by thijsk at 4:11 AM on May 13, 2004
The problem is naive mail servers that believe the "From: " header and, as others have said, bounce it back to you.
I got a good one the other day, with a malevolent zip file attached:
-----
Dear user of Fardelsbear.com e-mail server gateway,
Our main mailing [blah blah blah]
Best wishes,
The Fardelsbear.com team http://www.fardelsbear.com
---------
Which is funny because fardelsbear is my personal domain (that sounds much more grandiose than my intended meaning) and I am The Fardelsbear.com team.
posted by Capn at 10:20 AM on May 13, 2004
I got a good one the other day, with a malevolent zip file attached:
-----
Dear user of Fardelsbear.com e-mail server gateway,
Our main mailing [blah blah blah]
Best wishes,
The Fardelsbear.com team http://www.fardelsbear.com
---------
Which is funny because fardelsbear is my personal domain (that sounds much more grandiose than my intended meaning) and I am The Fardelsbear.com team.
posted by Capn at 10:20 AM on May 13, 2004
If spammers are using fake return addy's, how do they expect (naive) people to give them their credit card numbers?
posted by haqspan at 1:16 PM on May 13, 2004
posted by haqspan at 1:16 PM on May 13, 2004
This thread is closed to new comments.
posted by badstone at 4:41 PM on May 12, 2004