GoFuckYourself.com - Adult Webmaster Forum - Help requested: getting a lot of reply emails to messages ....

- Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)

- - Help requested: getting a lot of reply emails to messages .... (https://gfy.com/showthread.php?t=1219396)

Help requested: getting a lot of reply emails to messages ....

... that we never sent.

Hello everyone,

The server admin is on his honeymoon, so I turn to you, to understand where my problem exactly is.

My inbox is being flooded with various emails that "appear" to be replies to messages being sent from our @nalem.com email account, which is hosted on the same server as the domain "abc.com" (which I renamed here) is located.

Received: from nalem.com ([68.119.555.222]:42136 helo=abc.com)

Your insight is greatly appreciated.

# # #

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
(generated from [email protected])
SMTP error from remote mail server after end of data:
host mailin-01.mx.aol.com [64.12.88.132]: 521 5.2.1 :
AOL will not accept delivery of this message.

------ This is a copy of the message, including all the headers. ------

Return-path:
Received: from nalem.com ([68.119.555.222]:42136 helo=abc.com)
by svcemlmxl02.netnames.net with esmtp (NBT 4.72 1)
id 1bpZH4-0000up-Oi
for [email protected]; Thu, 29 Sep 2016 12:13:10 +0100
Received: from Ningbo Kangtuo Daily Products CO.,LTD (unknown [47.88.77.240])
by drm32.com (Postfix) with ESMTPSA id 56B146741084
for ; Thu, 29 Sep 2016 04:04:28 -0700 (PDT)
Date: Thu, 29 Sep 2016 19:04:26 +0800
To: [email protected]
From: John Knight
Reply-To: John Knight
Subject: Open vacancy
Message-ID:
X-Mailer: PHPMailer 5.2.14 (https://github.com/PHPMailer/PHPMailer)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_cff896060fae4d493e3cf8877521ef40"
Content-Transfer-Encoding: 7bit

This is a multi-part message in MIME format.

--b1_cff896060fae4d493e3cf8877521ef40
Content-Type: text/plain; charset=us-ascii

Hey,

I am always searching for new, proven ways to make fast and easy money online.

Here's one that works

--b1_cff896060fae4d493e3cf8877521ef40
Content-Type: text/html; charset=us-ascii

Hey,

I am always searching for new, proven ways to make fast and easy money online.

Here's one that works<br>
</body>
</html>

--b1_cff896060fae4d493e3cf8877521ef40--

really no good way to know 100% without seeing the full real headers, but if they have the actual IP that your domain reverses too, you need to dig into your mail logs and make sure your not sending out spam!!!

1st of all make sure your email server is not open relay. Email Server Test - Online SMTP diagnostics tool - MxToolbox you can plug in your mail servers IP or name and it will check to see if it is open for relay.

2nd if it's not, then dig into your mail server logs and do a search for [email protected] which appears to be the email address that the error was generated for. If it's in your mail log files you have an issue somewhere, could be a script or an open port that is allowing people to funnel mail thru your server.

If it's not in your mail logs, chances are they are just spoofing your email address and there is really nothing that you can do about that :mad:

If you do find that that email address was sent mail by your server, my recommendation would be to stop mail services until you can get it fixed! Yes you will loose mail, but the flip side of that coin is, every piece of mail that they send out of your box makes you that much more likely to be blacklisted, then your looking at months of spotty mail service till you can get all the majors to un-blacklist you.

:2 cents: hope this helps!

Code:

barry@paragon-DS-7:~$ curl 'https://ipinfo.io/68.119.555.222'

Please provide a valid IP address

barry@paragon-DS-7:~$ host 68.119.555.222

Host 68.119.555.222 not found: 3(NXDOMAIN)

Forged headers ...
I get these all the time and mark them junk

Welcome to the spam box :upsidedow

Yep, mark them as spam and move on

Someone is likely spoofing your email address. Simply put they are using your email as the reply to. And if your email address is setup as a catch-all for the whole domain then they can spoof any@you and you will do just that, catch all..

Thanks TFCash, Barry, Ray, and OnWebCam for your insight.

For the 8 years +/- that I had this account, very little spam came in. Several days ago I was overwhelmed and was thinking WTF. They mostly shared the same characteristic of appearing to be a "reply" to a message supposedly sent from us. I have been blocking them as they come in, and it has slowed down by about 80%.

A few more days, and this problem will get solved.

Again thanks for the comments. :thumbsup

Quote:

Originally Posted by NALEM (Post 21193927)

Problem isn't really solved - you're blocking the bounces at your end (those "replies" are mail servers saying they're rejecting the mail), but tons of people are still being sent spam using your email address as the source. You can't really do much about that, except hope that your email was just a random selection and they'll eventually move on to using something else.

https://en.wikipedia.org/wiki/Joe_job

We were getting those too. At first just spoofs but then the server had been hacked and we were being used as a spam server for real. Amerinoc played wack a mole until we left them.