Is anyone else suddenly getting spam written in German, which is slipping past their email filters? Both the server-side SpamAssassin and my local Bayesian filter were doing well until these started arriving a couple of days ago.
Aside from that, mapledesign.co.uk is being used as the From/Return-To address by a number of spammers at present. If you’re receiving them my apologies, I can categorically state that (a) we’re not sending them, and (b) I’m not virus infected, so there’s not coming unknown from here.
Now to go and delete another round of bounced emails received…
h3. Update
See “this webpage”:http://www.clearswift.com/support/cs/email.aspx?ID=4404 for details about the origination and subject lines you can filter on to block the spam.
If you’re having problems with the amount of spam you’re getting, you may want to try Cloudmark’s new SafetyBar
5 comments ↓
I have been seeing these as well and i can’t figure out how they are getting in at all. The email headers show they are sent to random user names at my domain. Forget the spam filters, these shouldn’t even make it to the filters because they should bounce with “User does not exist” etc. There is nothing else in the headers that suggest how these are getting through.
Any thoughts?
Are you sure you don’t have catch-all enabled on the mailbox?
I have seen a lot of these lately.
I think the reason they are delivered to your mailbox, but do not appear to be sent to your email address has to do with the way mail servers process messages. Basically, most servers discard the “envelop” your message arrives in, which contains the true “TO” address. There is another “TO” address that usually matches the address on the envelop, but it can be changed. So, a NDR isn’t generated because the original address was correct. It got routed to your mailbox, but the other address used for display purposes is different.
I can’t figure out the reason for doing this, though. I wonder if somehow it makes it easier to slip past client-side spam filters?
A little more investigation into maillog shows that when one of these is received by my postfix server, it contains hundreds of addresses — to the point that postfix starts throwing “out of resources” messages. Invariably, it seems, mixed in these hundreds of “User does no exist” bounces there is one or two that find their way to my email address through some alias like “admin” or “info” etc. Its a classic brute force attack. And extremely irritating. Thanks for your info.
I have been receiving these too, and it seems to also have sent emails from my email address (I keep getting returned mail), although there is nothing in my sent items box???
Leave a Comment