Having just received more than a dozen 'delivery delayed' and 'undeliverable' emails, I'm wondering whether my on-site mailform has been abused or whether someone is sending mail with a faked 'from' address which corresponds to a domain of mine.
I've had sporadic instances of this previously - about which I've done nothing as I wasn't sure what to do/was too busy/couldn't be bothered. But this quantity makes me take it more seriously.
Obviously the potential for getting my domain mail-blacklisted bothers me - and as there's little I can do about others sending stuff with a faked 'from' address, the issue here is the possible mailform hijack.
The subjects are jibberish (example: "Hjcevpj Pumjr Uuxszpr"), but I'm wondering if this might be because they're being sent in a non-English charset, and the recipients are varied.
Here's an edited example header of the 'bounce' messages, which shows my glvr.com domain as the sender:
Received: from vourpvqu (183.39.61.226) by mail.clstechnology.com
(19.10.22.50) with Microsoft SMTP Server id 14.1.270.1; Mon, 10 Jan 2011
13:31:07 -0600
From: Zhgagoo <scnrgy@glvr.com>
Subject: Omwcfnnsb Svnztqyg
To: <master@hzshucai.com>
Content-Type: multipart/mixed; charset="GB2312";
boundary="JiE=_fNWTodgtyvTPFqp5UznQksMIzddmt"
MIME-Version: 1.0
Date: Tue, 11 Jan 2011 03:29:42 +0800
Message-ID: <a7f1dcdf-d1df-482e-a4d8-ecb5e11892b7@CLSSERV1.cls.local>
Return-Path: scnrgy@glvr.com
X-MS-Exchange-Organization-OriginalArrivalTime: 10 Jan 2011 19:31:07.4458
(UTC)
X-MS-Exchange-Forest-ArrivalHubServer: CLSSERV1.cls.local
X-MS-Exchange-Organization-OriginalClientIPAddress: 183.39.61.226
X-MS-Exchange-Organization-OriginalServerIPAddress: 19.10.22.50
X-MS-Exchange-Organization-AuthSource: CLSSERV1.cls.local
All have the same mail.clstechnology.com component, despite being sent to different domains.
Originally Posted by gulliver
Bookmarks