- Joined
- 3 May 2004
- Posts
- 17,718
- Location
- Kapitalist Republik of Surrey
I company I do work for is recieving thousands of spam emails per day over their website catch-all. Basically it looks like something is generating random names @ their domain.com and sending the spam emails out to other companies. The spam filters are all replying to that random name and they are getting bombarded with 'undeliverable mail' type emails, thousands per day.
Now, temporarily I have set up a filter to delete those type of emails as they come in but it's hogging bandwidth and now they are coming in from abroad too, so next week I'll turn off the catch-all and only legit emails to the correct people will be recieved.
The problem: the spam is probably still being generated somewhere and some poor buggers are getting hit with a lot of junkmail which will look like it's coming from a legit company. Is there a way of tracing the source of the emails so that it can be blocked? Or alternatively if any of you have tracing software would you be able to look where it came from if I were to forward one to you?
This is one of the emails:
-----Original Message-----
From: MAILER-DAEMON [mailto:MAILER-DAEMON]
Sent: 24 August 2006 16:02
To: Hagancapistrano@*********.co.uk (I masked the name out - Jonny)
Subject: **Message you sent blocked by our bulk email filter**
Your message to: [email protected], [email protected],
[email protected]
was blocked by our Spam Firewall. The email you sent with the following
subject has NOT BEEN DELIVERED:
Subject: Its possible because I always use Extrra-Time!
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.11.5/426 - Release Date: 23/08/2006
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.11.5/426 - Release Date: 23/08/2006
Reporting-MTA: dns; barracuda.academicbookservices.com
Received-From-MTA: smtp; barracuda.academicbookservices.com ([127.0.0.1])
Arrival-Date: Thu, 24 Aug 2006 11:02:17 -0400 (EDT)
Final-Recipient: rfc822; [email protected]
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE, id=19378-01-153
Last-Attempt-Date: Thu, 24 Aug 2006 11:02:17 -0400 (EDT)
Final-Recipient: rfc822; [email protected]
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE, id=19378-01-153
Last-Attempt-Date: Thu, 24 Aug 2006 11:02:17 -0400 (EDT)
Final-Recipient: rfc822; [email protected]
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE, id=19378-01-153
Last-Attempt-Date: Thu, 24 Aug 2006 11:02:17 -0400 (EDT)
Undelivered-message headers.txt (0.7 KB)
Received: from 6osjekka.touiji9.cox.net (unknown [66.172.143.10]) by barracuda.academicbookservices.com (Spam Firewall) with SMTP id B257136E03; Thu, 24 Aug 2006 11:02:16 -0400 (EDT) Message-ID: <54997628462034.BCC4588E89@Z59K3PA> From: "Hagan" To: Subject: It’s possible because I always use Extrra-Time! Date: Thu, 24 Aug 2006 11:06:06 -0400 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: M0dtMtfIQVaaz0nVvNpIlGaFynSdDmqgDoks Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit
Now, temporarily I have set up a filter to delete those type of emails as they come in but it's hogging bandwidth and now they are coming in from abroad too, so next week I'll turn off the catch-all and only legit emails to the correct people will be recieved.
The problem: the spam is probably still being generated somewhere and some poor buggers are getting hit with a lot of junkmail which will look like it's coming from a legit company. Is there a way of tracing the source of the emails so that it can be blocked? Or alternatively if any of you have tracing software would you be able to look where it came from if I were to forward one to you?
This is one of the emails:
-----Original Message-----
From: MAILER-DAEMON [mailto:MAILER-DAEMON]
Sent: 24 August 2006 16:02
To: Hagancapistrano@*********.co.uk (I masked the name out - Jonny)
Subject: **Message you sent blocked by our bulk email filter**
Your message to: [email protected], [email protected],
[email protected]
was blocked by our Spam Firewall. The email you sent with the following
subject has NOT BEEN DELIVERED:
Subject: Its possible because I always use Extrra-Time!
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.11.5/426 - Release Date: 23/08/2006
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.405 / Virus Database: 268.11.5/426 - Release Date: 23/08/2006
Reporting-MTA: dns; barracuda.academicbookservices.com
Received-From-MTA: smtp; barracuda.academicbookservices.com ([127.0.0.1])
Arrival-Date: Thu, 24 Aug 2006 11:02:17 -0400 (EDT)
Final-Recipient: rfc822; [email protected]
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE, id=19378-01-153
Last-Attempt-Date: Thu, 24 Aug 2006 11:02:17 -0400 (EDT)
Final-Recipient: rfc822; [email protected]
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE, id=19378-01-153
Last-Attempt-Date: Thu, 24 Aug 2006 11:02:17 -0400 (EDT)
Final-Recipient: rfc822; [email protected]
Action: failed
Status: 5.7.1
Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, UBE, id=19378-01-153
Last-Attempt-Date: Thu, 24 Aug 2006 11:02:17 -0400 (EDT)
Undelivered-message headers.txt (0.7 KB)
Received: from 6osjekka.touiji9.cox.net (unknown [66.172.143.10]) by barracuda.academicbookservices.com (Spam Firewall) with SMTP id B257136E03; Thu, 24 Aug 2006 11:02:16 -0400 (EDT) Message-ID: <54997628462034.BCC4588E89@Z59K3PA> From: "Hagan" To: Subject: It’s possible because I always use Extrra-Time! Date: Thu, 24 Aug 2006 11:06:06 -0400 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Thread-Index: M0dtMtfIQVaaz0nVvNpIlGaFynSdDmqgDoks Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit
