chris said:
I have a user who is getting dozens of emails similar to...............
From: System Administrator
Sent: 09 April 2008 14:01
To: Martin Moore
Subject: Undeliverable: Undelivered Mail Returned to Sender
Your message did not reach some or all of the intended recipients.
Subject: [*****SPAM*****] ÃáÛãÓØ ßÞ ßÕàÕÒÞ×ÚÕ ÜÕÑÕÛØ ÚÒÐàâØà, ÞäØáÞÒ,
ÔÐç ßÞ ¼ÞáÚÒÕ Ø ¼¾
Sent: 09/04/2008 12:12
The following recipient(s) could not be reached:
(e-mail address removed) on 09/04/2008 14:00
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
< kair.permregion.ru #5.7.1 X-Postfix; Your email has spam-like
header content. (postmaster)>
...............and yes, his name is Martin Moore!!
What could be causing these to appear in his INBOX and not his JUNK-EMAIL
folder?
Is there an attachment to this NDR (non-delivery report) email? If so,
it could be a bogus NDR to deliver spam. The spammer sends you their
crap disguised as an NDR but includes an attachment that contains their
spam. The recipient gets the NDR, doesn't recognize anything regarding
it (i.e., they don't remember sending anything to the claimed original
recipient), and then opens the attachment figuring on looking at was the
original e-mail that they sent only to then see the spammer's crap.
If there is no attachment, or it is not spam, then someone is spewing
out their spam while using your e-mail address as theirs. Anyone can
claim any e-mail address they want. Try it. In an e-mail client, put
whatever e-mail address you want as your own in the Email or Reply-To
fields in the e-mail account defined in that e-mail client. In a
company that uses Exchange, they can have Exchange override any From or
Reply-To headers that the employee added and force those fields to have
values assigned to that employee's mailbox (i.e., the employee cannot
lie about through which account they sent their e-mail). That is only
available in Exchange, not when using SMTP where the client states what
is their e-mail address.
You cannot stop someone sending out spam while claiming to have your
e-mail address. Then when the spammer hits an invalid username at a
valid domain or the spam source is blacklisted, the recipient is sending
back the NDR but the only e-mail address they have is what was specified
in the headers - and those values were specified by the sender! A
properly configured mail server will reject an undeliverable e-mail
DURING a mail session with the sending mail host. That means only the
sending mail host gets the rejection and will have to send back the NDR
to whomever used that host to send the spam. If the receiving mail
server is misconfigured and accepts all e-mails and then checks later if
they are deliverable, there is no longer a mail session between the
sending and receiving mail hosts for the receiving mail host to know
where to send back the NDR, so it uses the headers in the e-mail but
those were added by the sender! Only if the rejection is made DURING
the mail session between sending and receiving mail hosts can the
receiving mail host guarantee that it delivers the NDR to the proper
sender. It is then up to the sender to figure out to whom the NDR gets
delivered. It that host was a redirector (i.e., forwarding e-mails)
then it is too late to send back the NDR because there is no longer a
mail session between the prior sending mail host and the receiving host
to which it later connected.
Someone is claiming your e-mail address as theirs. Nothing you can do
about it. You will have to wait until the spammer decides to use
another bogus e-mail address.
)