1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Mail delivery failed: returning message to sender

Discussion in 'Security' started by Ozzy, Aug 15, 2007.

  1. #1
    I have been inundated with email returns. I think someone has been using one of my email address to send out spam or phishing emails and these are the returns coming back to my email address. I looked every where to help solve this problem. I was told to disable my catch-all for my domain email, I did this but I do not know if this is going to work. I also put in a ticket to my host and they came back with the following link:-

    http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/

    It took me to a wizard that writes an attachment, an spf record, which is then sent to the host support and they add it to your domain records. I hope this helps some of you.

    Ozzy.
    SEMrush
     
    Ozzy, Aug 15, 2007 IP
    SEMrush
  2. Roido

    Roido Active Member

    Messages:
    273
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    60
    #2
    Sorry to hijack your thread but I was just about to post this as well. I am getting the exact same issue and I am from scotland too. Weird.

    Anyway, in my case its hundreds of mail which is being returned to my inbox saying that the mesasge is spam and it is. From checking the message its advertising pills etc.

    It is not coming from one address, its being sent from multiple addresses.
    i.e.




    etc.

    At first glance I would immediately think an insecure script on mydomain.com is being exploited to send spam.

    However, checking the headers on each returned mail shows that my servers IP address is not being used to send it. It is being sent from elsewhere. I believe they are just using as the return address.

    You should check the headers to see if your servers IP is in there. If it is then you have been comprimised.

    Can anybody tell me if it is normal practice to send lots of spam from different IPs and use someones unpopular domain as a return address?

    EDIT: That link looks exactly like the thing I need. Now when someone receives email supposedly from my domain it won't get through because the outgoing IPs don't match those on record. Cheers :)
     
    Roido, Aug 16, 2007 IP