I've seen a couple of these come through with 1000s of messages bounced back to my server, some of them with 100s of addresses per message, all at the same ISP.
What amazed me about these was how few people actually believed that the spam came from that address - you basically don't get complaints. I've had more trouble from spammers who put urls in their spam which point to my site because some page said something agreeing with the point of view they're pushing. Andrew McNaughton On Wed, 18 Jun 2003, Brian Robson wrote: > Date: Wed, 18 Jun 2003 16:28:06 +1000 > From: Brian Robson <[EMAIL PROTECTED]> > To: SLUG <[EMAIL PROTECTED]> > Subject: Re: [SLUG] email attack? > > The same thing happened to me a couple of years ago, I got about 60 > undelivered emails returned to me. > > Some spammer has picked up a real email address on your domain, or has just > guessed an address like [EMAIL PROTECTED] > > All you get are the bounces, so the actual number of emails sent with you as > the origin is far higher. > > Keep a record, just in case some fraud or crime is being committed in your > name. > > Brian > > PS: My home page is not currently being used for any actual email addresses, > but it still gets 250 to 350 SPAMs per week. Where are you Senator Alston > when we need you, the man who was going to make SPAM illegal. > > > > > > > > > > > > > > At 03:25 PM 18/06/03 +1000, you wrote: > > > >I'm concerned that I'm being attacked in some way that I don't understand. > >I've checked my logs and found over 400 "unknown user" messages for > ><[EMAIL PROTECTED]>. Then I got the following MAILER-DAEMON email > >telling me the address is undeliverable. > > > >I can't figure out why I should suddenly get this one apparently > >inappropriate MAILER-DAEMON email. > > > >I am a legitimate relay for mydomain.com.au but user "rjnr" doesn't exist > >and never did. > > > >Their are also 2000 other "unknown user" messages for this particular > >domain in this week's log, so it looks like some spammer has targetted > >this domain. > > > >Am I worrying about nothing? > > > >[Woody/Postfix, btw] > >************************************************************************ > >Date: Tue, 10 Jun 2003 08:50:56 +1000 (EST) > >From: Mail Delivery System <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: Undelivered Mail Returned to Sender > >Parts/Attachments: > > 1 Shown 13 lines Text, "Notification" > > 2 Shown 226 bytes Message, "Delivery error report" > > 3 Shown 1.3 KB Message, "Undelivered Message" > > 3.1 Shown 22 lines Text > >---------------------------------------- > > > >This is the Postfix program at host fast.kenpro.com.au. > > > >I'm sorry to have to inform you that the message returned > >below could not be delivered to one or more destinations. > > > >For further assistance, please send mail to <postmaster> > > > >If you do so, please include this problem report. You can > >delete your own text from the message returned below. > > > > The Postfix program > > > ><[EMAIL PROTECTED]>: unknown user: "rjnr" > > > > [ Part 2: "Delivery error report" ] > > > >Reporting-MTA: dns; fast.kenpro.com.au > >Arrival-Date: Tue, 10 Jun 2003 08:50:55 +1000 (EST) > > > >Final-Recipient: rfc822; [EMAIL PROTECTED] > >Action: failed > >Status: 5.0.0 > >Diagnostic-Code: X-Postfix; unknown user: "rjnr" > > > > [ Part 2: "Delivery error report" ] > > > >Reporting-MTA: dns; fast.kenpro.com.au > >Arrival-Date: Tue, 10 Jun 2003 08:50:55 +1000 (EST) > > > >Final-Recipient: rfc822; [EMAIL PROTECTED] > >Action: failed > >Status: 5.0.0 > >Diagnostic-Code: X-Postfix; unknown user: "rjnr" > > > > > > [ Part 3: "Undelivered Message" ] > > > >Date: Mon, 9 Jun 2003 15:55:28 -0700 > >From: Mail Delivery Subsystem <[EMAIL PROTECTED]> > >To: [EMAIL PROTECTED] > >Subject: MAILER-DAEMON Returned mail: User unknown > > > >The original message was received at 6/9/2003 3:55:27 PM -0100 > >[218.79.218.34] > >----- The following addresses had permanent fatal errors ----- > ><[EMAIL PROTECTED]> > >(expanded from: <[EMAIL PROTECTED]>) > > > >----- Transcript of session follows ----- > >mail.local: unknown Name: rjnr > >550 <[EMAIL PROTECTED]>... User unknown > > > > > >Reporting-MTA: dns; mx1.mydomain.com.au > >Received-From-MTA: DNS; [218.79.218.34] > >Arrival-Date: Thu, 30 May 2002 01:14:32 -0600 > > > >Final-Recipient: RFC822; <[EMAIL PROTECTED]> > >X-Actual-Recipient: RFC822; [EMAIL PROTECTED] > >Action: failed > >Status: 5.1.1 > >Last-Attempt-Date: 6/9/2003 3:55:27 PM -0100 > > > > > > > > > > > > > > > > > > > >-- > >SLUG - Sydney Linux User's Group - http://slug.org.au/ > >More Info: http://lists.slug.org.au/listinfo/slug > > > > > > -- No added Sugar. Not tested on animals. If irritation occurs, discontinue use. ------------------------------------------------------------------- Andrew McNaughton In Sydney Working on a Product Recommender System [EMAIL PROTECTED] Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
