"Ross Tsolakidis" <ross.tsolaki...@day3.com.au> wrote: Hello Ross,
> However, my question (finally) is :) > > Received: from 217.21.80.109 > (SquirrelMail authenticated user > redac...@fearmail.com.au > by webmail.fearmail.com.au with HTTP; > > I have no user called 'redacted' in our email user auth database, I've > checked and rechecked, and the bulk of these messages all have the > same headers; Some abuse reporting systems (for example the AOL Abuse Feedback Loop) replace everything that looks like an email address with redacted@<something>, probably to protect the identity of their user. This is not an issue on your side. However, if your webmail is getting abused frequently you should deploy some mechanism to monitor mail volume per account and (temporarily?) block them or have a closer look if they send too much. That can be archived with logfile analysis or by using a simple policy server. Bernhard
