>I got a "Returned mail: User unknown" message in my "postmaster" account: > >> ----- The following addresses had permanent fatal errors ----- >><[EMAIL PROTECTED]> >> >> ----- Transcript of session follows ----- >>... while talking to air-yb01.mail.aol.com.: >... >>From: <[EMAIL PROTECTED]> >>Subject: Detecytive Sofqtware
Perhaps this is known as a "Joe Job"?? "Spoofing"?? ... 1) Spammer sends Email to a gazillion users at AOL. 2) Spammer forges headers (Reply-to, From) and SMTP commands (HELO, MAIL FROM). 3) Lots of recipients get mad at "apparent" sender (i.e., forged name). 4) All the bounces are sent to the "apparent" sender, not the spammer. I've been getting a lot of these -- same conditions: AOL, various spellings of "Detective Software", etc. -- and the number is increasing over time. So far, all the ones I've looked at have headers (AOL is kind enough to send you a complete copy of the Email, complete with spoofed headers) that indicate the Email to have arrived at AOL from China (CHINANET-SH) (IP starting with 218.80, see www.apnic.net). Naturally, I'm concerned that people are getting mad at me (my domain, that is). So much I know. Questions: 1) Are more people seeing this? If many, it would lessen the impact of "mad at my domain" ... 2) Can SIMS help me out here? Sure, I can null-route or error-route the bounce messages (they all come from [EMAIL PROTECTED]), but it seems that will merely hide the problem. Not to mention hiding real, useful bounce messages generated by *my* mail! Anything else? 3) I've tried contacting AOL (webmaster@, abuse@, postmaster@, tosreport@, all no response) and various 800- numbers (no useful answers). Any suggestions? 4) What's the chances that AOL will filter this attack (it's easily recognizable)? How to convince them? -ted crane ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
