Possible Mailer or Maybe new tactics from Spammers HELP!!
Posted on 2007-03-27
I've been using IMF for a couple months now...I check the filter archive regularly to make sure legit emails aren't being blocked...it's worked well for me blocking over 6 thousand emails since I turned it on back in November. Starting yesterday, I am noticing an unusual amount of undeliverable messages that are being blocked. I know that people here don't email the people we are getting the undeliverables from as I've asked around, and we have a pretty small office. Less than 20 people. Some of these domains people have never heard of. This is actually a bit scary as I have no way to tell where these messages are generating from. Here are a couple of the senders that are getting blocked by the filter.
Mail Delivery System <Mailer-Daemon@lin7.mojsite.com>
Mail Delivery System <Mailer-Daemon@uniserve.com>
Mail Delivery System <Mailer-Daemon@drive30.station030.com>
there are MANY more.
BTW, all of the undeliverable messages are the same. "Sorry, no mailbox here by that name. vpopmail (#5.1.1)" - "Bad Address" - etc.
They all seem to be returning messages from different flavors of this address "qdrivenkauz@MyCompaniesDomain.com" By 'different flavors' I mean the name mixed up a bit, like qldrivekauz@MyCompaniesDomain.com
Is a spammer just sending mail from a mail address with our companies domain in it? Because I've seen before where messages were blocked and they were a bogus version of an address with our domain in it.
If the spammer is sending spam out with our domain, would undeliverables be returned to my domain? Or would it go back to where it was sent from? This is weird, because even though I've seen spam with our domain in, for example a spam message from asdfag@MyCompaniesDomain.com sent a message to firstname.lastname@example.org and was blocked and placed in the IMF archive. But I've never seen this many undeliverables before. I mean, they're one after the other.