[thelist] Returned mail that did not originate at our organization

Liam Delahunty ldelahunty at britstream.com
Wed Nov 20 07:28:01 CST 2002


There are several explanations:

1. Open relay -
	http://www.spews.org/ - test your IP.
	http://relays.osirusoft.com/
	http://www.ordb.org/

2. Internal virus/Trojan

3. External virus such as Klez
>From
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.gen@mm.html
Email spoofing
Some variants of this worm use a technique known as "spoofing." If so, the
worm randomly selects an address that it finds on an infected computer. It
uses this address as the "From" address that it uses when it performs its
mass-mailing routine. Numerous cases have been reported in which users of
uninfected computers received complaints that they sent an infected message
to someone else.

4. Spammer faking email headers
This is an attempt to look like a genuine email, and also to try and prevent
the spammers server or email account getting bogged down with rejects. If
you are receiving multiple rejects this is the most likely reason.

5. Spammer faking email headers so reply is read by intended recipient.
Send an email to <reject at somewhere_probably_aol.com> and fake the reply
address to yours and the reject gets sent to you, and you are likely to open
it as you want to know which email bounced.

You should probably look through the mail logs and check if an email did go
out to the recipient, but recently I'd say the most likely reason is 4, and
there is _nothing_ you can do. You may want to put a disclaimer or something
on your web site if you're getting loads of rejects as it's not doing your
business any favours.

Luckily most Spam blockers are apparently clever enough not to block mail
from innocent victim domains so your own genuine email shouldn't be
affected.

Kind regards,
Liam Delahunty
Mega Products Limited, 10-11 Moor Street, Soho, London W1D 5NF
t: 020 7434 4201 f: 0870 135 8412
http://www.liamdelahunty.com/ web/ design/ database/ programming
http://www.britstream.com/ Hosting/ Domain Names From UKP 7.50 p.a.





More information about the thelist mailing list