Results 1 to 5 of 5
January 17th, 2004, 11:44 PM #1
Can anyone give me a hand. I have written to AOL and my ISP but I am still getting bombarded by bounce backs. I think someone is using my domain as a reply to field and sending out tons of spam. I am getting a whole boat load of bounce back. Here is the full header, can anyone tell me if this is is coming from an AOL account? I need some serious help as I don't know how to interpret this:
Received: from intergate.uniserve.ca ([unix socket])
by intergate.uniserve.ca (Cyrus v2.1.11-SDF) with LMTP; Sat, 17 Jan 2004 23:31:54 -0800
X-Sieve: CMU Sieve 2.2
Received: from mx3.uniserve.ca ([184.108.40.206])
by intergate.uniserve.ca with esmtp (Exim 4.05)
for email@example.com; Sat, 17 Jan 2004 23:31:53 -0800
Received: from omr-m04.mx.aol.com ([220.127.116.11])
by mx3.uniserve.ca with esmtp (Exim 4.22)
for firstname.lastname@example.org; Sat, 17 Jan 2004 23:31:53 -0800
Received: from rly-st19.mail.aol.com (rly-st19.mail.aol.com [172.20.75.194]) by omr-m04.mx.aol.com (v97.10) with ESMTP id RELAYIN8-9400a36662ab; Sun, 18 Jan 2004 02:31:50 -0500
Received: from localhost (localhost)
by rly-st19.mail.aol.com (8.8.8/8.8.8/AOL-5.0.0)
with internal id CAB04705;
Sun, 18 Jan 2004 02:31:50 -0500 (EST)
Date: Sun, 18 Jan 2004 02:31:50 -0500 (EST)
From: Mail Delivery Subsystem <MAILER-DAEMON@aol.com>
Content-Type: multipart/report; report-type=delivery-status;
Subject: Returned mail: User unknown
Auto-Submitted: auto-generated (failure)
X-Scanner: OK. Scanned.
Ian Lee, M.Sc.
Internet Marketing Strategist
January 18th, 2004, 01:38 AM #2
- Join Date
- January 18th, 2005
This could just be a variant of the klez virus. you aren't infected, but someone who has your email address either in their cache or address book is infected. So they are sending out emails as you, or sometimes they will do it just as a user at your domain.
There really isn't much you or your isp can do as the bounces will come from everywhere and have different subject lines.
Filtering it out is also hard, because often the body of the mail is empty, and there is just an attachment - the virus, and since the bounces do not bounce back the attachment, you can't filter on that.
January 18th, 2004, 01:45 AM #3
If it helps I have been getting these too! They started 2 or 3 days ago and now I had over 150 in my inbox this morning. If you open the message attached you will see it includes a link to a medical site that proposes to enlarge your assets.
I have checked the headers on the received emails, there is nothing that shows it is my server or my computer spewing these mails. So like you my site is being used as a spoof return address.
The website includes the word medalive in its address (it's not a .com) and also includes affiliate type IDs in the link.
I have been unable to determine a pattern as it seems the original emails are being sent via a variety of IP addresses, however AOL servers seem to be at the heart of this.
All the subject headings seem to be random phrases in order to get through spam blockers and content has key words altered (o.rg.as.m.) to further stop junk mail filters.
At the moment it is easier to just create rules to put them straight in the deleted folder.
One other point is the user name for the return is different each time, none have accounts on my server
'I am not young enough to know everything.'
- Oscar Wilde
January 18th, 2004, 06:35 AM #4
- Join Date
- January 18th, 2005
It definitely seems like someone is spoofing your email address as the sender in their spams. If yours also include the medalive reference, there is only the medalive.biz that is a live site and it is a p*n*s enlargement site.
If so, check out http://www.whois.sc/medalive.biz and
You can get the email address of the registrant (***@asia.com), the DNS server names (lifesmile.biz) as well as contact names for the actual website.
Contact each of these explaining the problem and the medalive site should get shut down pretty quickly.
Of course they will pop back up next week with another website and you can have more fun shutting them down.
Don't forget to let your host know of the problem also, and that it isn't you sending these emails.
January 19th, 2004, 09:19 AM #5
By Kate_Oranum in forum SpamReplies: 7Last Post: May 26th, 2012, 10:04 AM
By Ron Bechdolt in forum Midnight Cafe'Replies: 25Last Post: April 27th, 2008, 10:27 AM
By Haiko de Poel, Jr. in forum Midnight Cafe'Replies: 36Last Post: February 21st, 2006, 09:51 AM
By Affiliate Ian in forum Midnight Cafe'Replies: 3Last Post: October 27th, 2004, 05:55 PM