I received a below email this morning. It seems someone trying to send a spam with our domain name (mydomain.com), but then Google STMP rejected it. I'm concerned if our emails server could be listed as blacklist due to the spammers using our domain to send spams out.
I looked at SMTP log of our server, initially thinking the spam was generated by our email server, but couldn't find below email going out from our email server.
Can someone explain what's going on, wheter our emails server sending out the spam or someone sending out the spam using their server, but putting our domain to the spam header manually? Looking at the mail header transfer history, the spam was generated by our email server initially, but it is not.
Microsoft Mail Internet Headers Version 2.0
Received: from inet3.intservers.com ([184.108.40.206]) by mail.mydomain.com with Microsoft SMTPSVC(6.0.3790.4675);
Mon, 5 Oct 2015 08:31:18 -0400
Received: from mailnull by inet3.intservers.com with local (Exim 4.85)
for email@example.com; Mon, 05 Oct 2015 19:31:18 +0700
From: Mail Delivery System <Mailer-Daemon@inet3.in
Subject: Mail delivery failed: returning message to sender
Date: Mon, 05 Oct 2015 19:31:18 +0700
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - inet3.intservers.com
X-AntiAbuse: Original Domain - mydomain.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
X-Get-Message-Sender-Via: inet3.intservers.com: none
X-OriginalArrivalTime: 05 Oct 2015 12:31:18.0891 (UTC) FILETIME=[BC4323B0:01D0FF6
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
(ultimately generated from firstname.lastname@example.org)
SMTP error from remote mail server after end of data:
552-5.7.0 This message was blocked because its content presents a potential
552-5.7.0 security issue. Please visit
to review our message
552 5.7.0 content and attachment content guidelines. x63si12231964ywb.214 - gsmtp
------ This is a copy of the message, including all the headers. ------
Received: from [220.127.116.11] (port=51041 helo=mail.mydomain.com)
by inet3.intservers.com with esmtps (TLSv1:AES128-SHA:128)
for email@example.com; Mon, 05 Oct 2015 19:31:17 +0700
Received: by mydomain.com with SMTP
id byRRduB; Mon, 05 Oct 2015 08:34:09 -0400
Received: from mail.mydomain.com (mail.mydomain.com [207.237.xxx.xxx]) by mail.mydomain.com with ESMTP id Kb4gdMqn5tr8k1OhS7; Mon, 05 Oct 2015 08:30:09 -0400
Date: Mon, 05 Oct 2015 08:32:09 -0400
From: "Lacey Bartell" <firstname.lastname@example.org>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
Subject: Yost and Sons Invoice (798559177)
Content-Type: text/plain; charset=utf-8; format=flowed
To our valued customer:
Your weekly staffing service invoice is attached. We appreciate your prompt payment.
Please do not hesitate to contact our office if you have any questions.
To ensure you continue to recieve important email from Penmac Staffing.
Thank you for your continued business!
Yost and Sons
Kids & Beauty