Re: Unwanted email

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance



"Fran" <spamsucks@xxxxxxxxxxxx> wrote in message news:enp2$hkyHHA.3772@xxxxxxxxxxxxxxxxxxxxxxx
Help please! Using OE6. For the past 2 days I have received scores of emails that are all bounce-backs (Mailer-Daemon, Mailer Delivery System, Undeliverable, etc.) from a sender in Germany (I live in the US) who apparently sends lots of bulk emails. I have talked to my ISP (Bellsouth) "support" and could not get any advise from them. I use anti-spam from my ISP and anti-virus software and have not had any previous problems. How this sender got my email address is unknown to me!

Can someone much smarter at these matters than I help me to stop these unwanted emails? Is there an newsgroup specifically focused on issues like mine? All help is appreciated.


There are 2 types of bounces:

- New mails sent by the spammer (or his trojan mailer running on an infected host). These aren't bounces but the spammer adds text to make them look like bounces. Typically with these you will see the spam included in the fake bounce as though the receiving mail server were being considerate to show you what got bounced. These are spam and a decent anti-spam solution should detect them.

- Someone used your e-mail address and forged the From header. If a mail is undeliverable, a *good* mail server will reject undeliverable e-mails DURING the mail session it has with the sending mail server. The result is that the receiving mail server rejects the e-mail, the sending mail server aborts, and the sending mail server sends its own NDR (non-delivery report) to whomever actually used that sending mail server. However, many mail servers first accept the e-mail, end the mail session with the sending mail server, and then find out the e-mail is undeliverable. They generate a *new* e-mail for the NDR but all they have to go on is who the sender claimed - and that was forged to be your e-mail address. This is called backscatter and itself can be reported as spam, like at SpamCop, which can get that receiving mail server blacklisted because of the stupid mechanism they use to generate bounces.

In the first case, get a better anti-spam product since this is really spam in disguise as a bounce. In the second case, you'll have to wait until the spammer decides to no longer pretend to be you in the spew of spam which targets e-mail addresses that are not defined and hitting poorly configured receiving mail servers. However, in the meantime, you could define a rule that handles (deletes or moves) the bounces by looking in the header for the string "report-type=delivery-status". Well, you could do that in Outlook which lets you search in the message headers. Outlook Express doesn't let you search in the headers (other than Subject). So go look in your anti-spam product to see if it lets you define rules, filters, or expressions that can search the headers and, if the string is found, tag those bounces (by inserting a tag string in the Subject) that a rule in Outlook Express can handle.

Personally I don't care about bounces. If my e-mail bounces as undeliverable then there is nothing I can do to get the e-mail delivered, anyway (and correction will take a phone call, visit, or other avenue of communication to get their correct e-mail address). In Outlook, my "Junk - Non-deliverable Report" rule moves these bounces into the Junk folder which has auto-archiving enabled to permanently delete items over 3 days old. If your unnamed anti-spam product lets you define a filter to tag the bounce mails then a rule in Outlook Express could move it into the Junk or Deleted Items folders or even delete from server.

Depends on what anti-spam product you use that you never mentioned. The security software from ISPs often isn't very good, sometimes it is. I don't know what Bellsouth gives you as a freebie. Doesn't sound very effective. Try looking at SpamPal. You can use regular expressions to tag e-mails and it can look in the headers, too, and then you define a rule in OE to handle the tagged e-mails. SpamPal is free and beats many commercialware products.

--
____________________________________________________________
For e-mail: The passcode "#VNGRD" must be added to Subject.
* Keep the discussion in the newsgroup - Share with others *


.

Relevant Pages

  • Re: Bouncing E-Mails?
    ... I already know and mentioned that the From header is highly likely to be bogus and may point at an innocent who ends up getting the boobs bogus bounces which are themselves spam. ... If the destination domain is valid but there is no such account at that domain, you waste the resources of the receiving SMTP server to accept the mail session with your sending mail server and then send back an NDR to your mail server which then sends it to you to tell you there is no such user at that destination. ... If the account exists and it was created by the spammer to send from there, ...
    (alt.computer.security)
  • Re: SPAM sudden increase
    ... >> while sending HELO - wtf? ... > Have you read that bounces create more traffic for the mail server? ... > In any case, once I get caught up, I might ask you about mailwatch, ...
    (alt.2600)
  • Re: SuSe 10.2 and PostFix setup
    ... And what do the bounces say exactly? ... Each of the following recipients was rejected by a remote mail server. ... each recipient was rejected. ... That's NTL refusing to send it, not someone refusing to accept it. ...
    (alt.os.linux.suse)
  • Re: Multiple Domains 1 Exchange 2003 server
    ... Now an outside person sends Joe an email @abc.com. ... bounces back with the error: ... 550 5.7.1 Unable to relay for joe@xxxxxxx ... Could it be compatibility with their mail server? ...
    (microsoft.public.exchange.admin)
  • Re: Headers and stuff
    ... >> Why do I get all the extra following junk from some emails people send ... There is bunch of mail headers, ... Do you mean the mail server at my ISP? ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)