SPAM Mail Many received from numerous origins.

[Dave Thomas]

Hi Guys,

First of all I¹d like to thank Barry for solving my Entourage problem where
I had lost all my messages ­ I finally found the Database in the TRASH would
you believe! I honestly do not know how it ended up there!

I have another question now which I hope is easy to answer:

I keep receiving many eMails such as the example below from various sources
and they appear to have been returned to the original sender which is a
bogus identity on my eMail domain ­ barnfield.org

Anyone have any idea where they might be originating from and why I am
recing the returned message?

Many thanks!

====

Here¹s an example:

The original message was received at Thu, 21 Dec 2006 07:15:16 +0100 (MET)
from 218-172-89-104.dynamic.hinet.net [218.172.89.104]

----- The following addresses had permanent fatal errors -----
<[email protected]>
(reason: 554 <[email protected]>: Recipient address rejected: Access
denied)

----- Transcript of session follows -----
.... while talking to mail.notariato.net.:<<< 554 <[email protected]>: Recipient address rejected: Access denied
554 5.0.0 Service unavailable

Reporting-MTA: dns; pinocchio.cs.interbusiness.it
Received-From-MTA: DNS; 218-172-89-104.dynamic.hinet.net
Arrival-Date: Thu, 21 Dec 2006 07:15:16 +0100 (MET)

Final-Recipient: RFC822; (e-mail address removed)
Action: failed
Status: 5.0.0
Remote-MTA: DNS; mail.notariato.net
Diagnostic-Code: SMTP; 554 <[email protected]>: Recipient address
rejected: Access denied
Last-Attempt-Date: Thu, 21 Dec 2006 07:15:20 +0100 (MET)

Return-Path: <[email protected]>
Received: from 218-172-89-104.dynamic.hinet.net
(218-172-89-104.dynamic.hinet.net [218.172.89.104])
by pinocchio.cs.interbusiness.it (8.13.7/8.13.7) with SMTP id
kBL6FDno026742
for <[email protected]>; Thu, 21 Dec 2006 07:15:16 +0100 (MET)
Date: Thu, 21 Dec 2006 07:15:13 +0100 (MET)
Message-Id: <[email protected]>
Received: from [15.229.116.16] (HELO thirteenth.gostats.com)
by dcrus.com with SMTP id 1M1U5YFWUK
for <[email protected]>; Thu, 21 Dec 2006 00:15:51 -0600
Received: from adolph.aacc4.org (abusive.aacc4.org [46.165.253.185])
by earthlins.com with SMTP id EVFQBDRB9Y
for <[email protected]>; Thu, 21 Dec 2006 09:13:51 +0300
X-USER_IP: 94.80.166.32
From: "Estela Atkins" <[email protected]>
To: "Pmemoli" <[email protected]>
Subject: Re: ..
X-USER_IP: 94.80.166.32
User-Agent: PObox II beta1.0
X-Mailer: PObox II beta1.0
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

 

[Barry Wainwright [MVP]]

Glad you found your mail!

What has happened here is that a spammer has faked your domain as the
originating address on their spam. So, you are getting all the bounce-backs
and returns frfom undeliverable mail. You will probably find they all have a
different email address within your domain ­ most likely, the first part of
the address will be made up of random letters ­ (e-mail address removed) etc.

What can you do about it? Not a lot, unfortunately. In a few weeks the
stream will probably dry up as the spammer switches to another domain to
fake, but until then there is little you can do other than set up a rule to
catch any mail to that domain, but not to a known address within that
domain, and route such mail to the trash.

--
Barry Wainwright
Microsoft MVP (see http://mvp.support.microsoft.com for details)
The Entourage User's WebLog has moved!
For hints, tips and troubleshooting go to <http://www.barryw.net/weblog/>




From: Dave Thomas <[email protected]>
Newsgroups: microsoft.public.mac.office.entourage
Date: Mon, 01 Jan 2007 16:16:29 +0000
Conversation: SPAM Mail Many received from numerous origins.
Subject: SPAM Mail Many received from numerous origins.

Hi Guys,

First of all I¹d like to thank Barry for solving my Entourage problem where
I had lost all my messages ­ I finally found the Database in the TRASH would
you believe! I honestly do not know how it ended up there!

I have another question now which I hope is easy to answer:

I keep receiving many eMails such as the example below from various sources
and they appear to have been returned to the original sender which is a
bogus identity on my eMail domain ­ barnfield.org

Anyone have any idea where they might be originating from and why I am
recing the returned message?

Many thanks!

====

Here¹s an example:

The original message was received at Thu, 21 Dec 2006 07:15:16 +0100 (MET)
from 218-172-89-104.dynamic.hinet.net [218.172.89.104]

----- The following addresses had permanent fatal errors -----
<[email protected]>
(reason: 554 <[email protected]>: Recipient address rejected: Access
denied)

----- Transcript of session follows -----
.... while talking to mail.notariato.net.:<<< 554 <[email protected]>: Recipient address rejected: Access denied
554 5.0.0 Service unavailable

Reporting-MTA: dns; pinocchio.cs.interbusiness.it
Received-From-MTA: DNS; 218-172-89-104.dynamic.hinet.net
Arrival-Date: Thu, 21 Dec 2006 07:15:16 +0100 (MET)

Final-Recipient: RFC822; (e-mail address removed)
Action: failed
Status: 5.0.0
Remote-MTA: DNS; mail.notariato.net
Diagnostic-Code: SMTP; 554 <[email protected]>: Recipient address
rejected: Access denied
Last-Attempt-Date: Thu, 21 Dec 2006 07:15:20 +0100 (MET)

Return-Path: <[email protected]>
Received: from 218-172-89-104.dynamic.hinet.net
(218-172-89-104.dynamic.hinet.net [218.172.89.104])
by pinocchio.cs.interbusiness.it (8.13.7/8.13.7) with SMTP id
kBL6FDno026742
for <[email protected]>; Thu, 21 Dec 2006 07:15:16 +0100 (MET)
Date: Thu, 21 Dec 2006 07:15:13 +0100 (MET)
Message-Id: <[email protected]>
Received: from [15.229.116.16] (HELO thirteenth.gostats.com)
by dcrus.com with SMTP id 1M1U5YFWUK
for <[email protected]>; Thu, 21 Dec 2006 00:15:51 -0600
Received: from adolph.aacc4.org (abusive.aacc4.org [46.165.253.185])
by earthlins.com with SMTP id EVFQBDRB9Y
for <[email protected]>; Thu, 21 Dec 2006 09:13:51 +0300
X-USER_IP: 94.80.166.32
From: "Estela Atkins" <[email protected]>
To: "Pmemoli" <[email protected]>
Subject: Re: ..
X-USER_IP: 94.80.166.32
User-Agent: PObox II beta1.0
X-Mailer: PObox II beta1.0
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

 

[Dave Thomas]

Glad you found your mail!

What has happened here is that a spammer has faked your domain as the
originating address on their spam. So, you are getting all the bounce-backs
and returns frfom undeliverable mail. You will probably find they all have a
different email address within your domain ­ most likely, the first part of
the address will be made up of random letters ­ (e-mail address removed) etc.

What can you do about it? Not a lot, unfortunately. In a few weeks the stream
will probably dry up as the spammer switches to another domain to fake, but
until then there is little you can do other than set up a rule to catch any
mail to that domain, but not to a known address within that domain, and route
such mail to the trash.

Many thanks Barry ­ such is life eh!

I¹ll try to catch them as you suggest/

Cheers.