About 4-6 months ago (before I got cable modem service), I had TWO of my old AOL accounts used for spamming purposes, even though they had strong passwords on them. I changed my password to another 9-character strong password, and within two weeks, it had happened again. Upon changing my password again, threatening to cancel my AOL accounts and threatening to block EVERYTHING coming into our network from aol.com, as well as sending them full Internet Header documentation as proof, I finally must have gotten through to someone, because it hasn't happened again.
Without seeing the entire Internet Headers I can't tell you for sure what is going on or where it is originating from, but here is my best guess: Someone is forging your postmaster SMTP address in the headers of the e-mail and setting it so that not only is it the sending address, but it's also the reply-to address. Therefore, when the SPAM comes back through the AOL mail server as being undeliverable to the SPAM recipient, it sends the NDR to your postmaster mailbox instead of the AOL account. This serves two purposes. 1) The person that is having their AOL account used for a SPAM relay is completely unaware of what's going on, because they aren't receiving any NDR's in their mailbox, like I was; and 2) because it appears to be coming from YOUR domain, they're hoping that it's your domain or postmaster mailbox that is going to end up on someones blacklist and not the AOL account they are sending SPAM from. -----Original Message----- From: Tom Gilbert [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 28, 2002 1:30 PM To: Exchange Discussions Subject: RE: NDR - Inbound Mail F ailure - huh? Let me see if I understand ... so somebody somewhere else is SPAMMING all these folks and using my Administrator SMTP address as the mail sender. So AOL and MSN servers are just telling my server that the messages did not go through to the recipients. Would it tell me if some are getting through? Can I stop someone from using my administrator SMTP address? FYI: I already verified that my mail server cannot be used as a relay. TIA-TOMG > Because someone is forging your administrator SMTP address, trying to > make it look like it came from you. > > -----Original Message----- > From: Tom Gilbert [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 28, 2002 11:43 AM > To: Exchange Discussions > Subject: NDR - Inbound Mail F ailure - huh? > > > I have my mailbox designated as Administrator in IMS Administrator > Mailbox and I have all NDR sent to me. > > I know it is SPAM ... but I am getting about 2 Inbound Mail Failure > messages per Minute coming into my inbox all saying Unknown recipients > for 100 different addresses at msn.com and aol.com. The SPAM message > is always the same Mortgage Loan Advertisement. > > > Why would the NDR messages be both from and to me? > What is going on? > > TIA-TOMG > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
