Christopher Oliver <[EMAIL PROTECTED]> wrote: >I noticed that also shortly after my first post to PDML, I started to >get a lot of spam bounces to my virtual domain but prefixed with a random >recipient. I've no idea if this is a mere coincidence or a virus which >sends mortgage spam.
How is your mail server configured to handle invalid email addresses? If it "bounces" them to the address in the "From" line that's bad. What spammers are doing now is finding mail servers that bounce undeliverables this way. Here's how it works: The spammer forges the intended *recipient* into the "From" line then sends to a random address on the server. The server then "bounces" it to the "From" address (complete with message body - the spam), thereby delivering the spam exactly where the spammer wanted it to go. > Could we have an e-mail harvester as a subscriber? Not likely. Not enough subscribers to make it worth while :) >I'm running a fairly tightly configured mail server under Linux, and >after a check through the system logs, I'm strongly doubting I am the >originator. The originating IP was 204.127.198.39 (comcast.net) -- Mark Roberts Photography and writing www.robertstech.com