I just received what appears to be spam (actually, I think it's more of a troll, but that's beside the point). It was addressed to:
To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]
the last of which is a spamtrap address. It apparently came through on the Info@ address. I didn't see it in my webmaster account.
Info is one of the addresses I'm currently running through TOLD, which uses the router to redirect email which will be run through TOLD to a specific account. In this case, because I have a number of "info@" accounts for different domains, it takes two steps:
<[EMAIL PROTECTED]> = info_greenbuilder <info_greenbuilder> = (my TOLD account name)
Would that kind of routing cause a spamtrap to be bypassed? Any other ideas as to how this might have gotten in?
The log shows:
14:24:07 1 SMTP-953(elizabethrichson.com) SPAM? address <[EMAIL PROTECTED]> is a SpamTrap address
14:24:07 1 SMTP-953(elizabethrichson.com) SPAM? Mail from '<[EMAIL PROTECTED]>' rejected: SpamTrap
14:24:10 2 SMTP-954(elizabethrichson.com) {S.0006107432} received, 1679 bytes
14:24:10 2 SYSTEM [S.0006107432] <[EMAIL PROTECTED]> 0+1 From:[EMAIL PROTECTED]
14:24:10 2 SYSTEM(POP) [S.0006107432] delivered to (my TOLD account name)
14:24:10 2 SYSTEM [S.0006107432] deleted
14:24:51 2 SYSTEM {F.6107432-1.out} Text File Submitted as {S.0006107460}, 2129 bytes
14:24:51 2 SYSTEM [S.0006107460] <[EMAIL PROTECTED]> 0+1 From:[EMAIL PROTECTED]
14:24:51 2 SYSTEM(POP) [S.0006107460] delivered to (info_greenbuilder)FilteredByTOLD
14:24:51 2 SYSTEM [S.0006107460] deleted
14:29:07 3 SMTP-953(elizabethrichson.com) Time-Out. Read:
(the TOLD account accepts the mail at line 5, TOLD processes it, and drops it back into the Submitted folder at line 7)
There are two separate delivery attempts, which I believe means two separate connections: SMTP-953 & SMTP-954. If they were being delivered at the same time, SIMS would have accepted all the addresses, then rejected the message. (We don't want to tell the spammer _which_ address is bad by rejecting immediately.)
Here's what multiple addresses look like in my logs:
22:46:12 1 SMTP-570([81.172.16.143]) SPAM? address <[EMAIL PROTECTED]> is a SpamTrap address
22:46:14 1 SMTP-570([81.172.16.143]) SPAM? address <[EMAIL PROTECTED]> is a SpamTrap address
22:46:15 1 SMTP-570([81.172.16.143]) SPAM? address <[EMAIL PROTECTED]> is a SpamTrap address
22:46:15 1 SMTP-570([81.172.16.143]) SPAM? Mail from '<[EMAIL PROTECTED]>' rejected: SpamTrap
If they had sent a string of bad addresses, then they may have been dropped. This one is due to a combination of spamtraps & blacklists:
19:40:12 1 SMTP-476([219.95.207.245]) SPAM? Blacklisted host suspected in harvesting - aborting all (1)
Here's repeated spamtrap hits:
14:57:33 3 SMTP-317(DARRIN-S6MC7W6J) Failed to verify. Real address is [65.43.238.25:3350]
14:57:34 1 SMTP-317([65.43.238.25]) SPAM? address <[EMAIL PROTECTED]> is a SpamTrap address
14:57:34 1 SMTP-317([65.43.238.25]) SPAM? address <[EMAIL PROTECTED]> is a SpamTrap address
14:57:34 1 SMTP-317([65.43.238.25]) SPAM? address <[EMAIL PROTECTED]> is a SpamTrap address
14:57:35 1 SMTP-317([65.43.238.25]) SPAM? Mail from '<[EMAIL PROTECTED]>' rejected: SpamTrap
14:57:36 1 SMTP-317([65.43.238.25]) SPAM? address <[EMAIL PROTECTED]> is a SpamTrap address
14:57:36 1 SMTP-317([65.43.238.25]) SPAM? address <[EMAIL PROTECTED]> is a SpamTrap address
14:57:36 1 SMTP-317([65.43.238.25]) SPAM? The host is now on TempBanned list for the next 1200 seconds
14:57:36 1 SMTP-317([65.43.238.25]) SPAM? address <[EMAIL PROTECTED]> is a SpamTrap address
14:57:36 1 SMTP-317([65.43.238.25]) SPAM? The host is now on TempBanned list for the next 1200 seconds
14:57:36 1 SMTP-317([65.43.238.25]) SPAM? address <[EMAIL PROTECTED]> is a SpamTrap address
14:57:36 1 SMTP-317([65.43.238.25]) SPAM? The host is now on TempBanned list for the next 1200 seconds
14:57:37 1 SMTP-317([65.43.238.25]) SPAM? Mail from '<[EMAIL PROTECTED]>' rejected: SpamTrap
14:58:07 3 SMTP-317([65.43.238.25]) Time-Out. Read:
HTH, Tim -- Timothy Binder Director, President-Elect Philadelphia Science Fiction Society <http://www.psfs.org/> Upcoming Guests: Elizabeth Hand, Warren Lapine, James Morrow Vice Chair, Philcon 2004 <http://www.philcon.org/> Principal Guests: Brian W. Aldiss, Joe DeVito, Kevin J. Anderson & Rebecca Moesta, Jolly R. Blackburn & Brian Jelke, Tom Purdom
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
