Hey there, compu-techs... I have a question.

Let's say e-mail domain here at my office is @alottabeer.com. We have 6 e-mail boxes with this domain (basically the addies are the names of the people with @alottabeer.com tacked on the end, i.e. Warlock!@alottabeer.com). Since I'm the resident computer-literate person (ha!), any misspelled names or nonsense e-mail prefix names @alottabeer.com come to my mailbox and I can sort them or trash them accordingly.

Recently I'm getting all kinda mail bounced back to my catch-all mailbox with all kinds of gooney names @alottabeer.com... like over 100/day. This is how they show up:

http://www.mellanzer.com/Mattmisc/virus.jpg
They all seem to contain text similar to this:

"This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed."

As you can see, Norton is scanning these e-mails but not finding any virii. I checked all the other 'puters and their antivirus programs aren't finding anything either.

Am I just under a serious spam attack at the moment, or is one (or more) of our computers infected with a virus that Norton isn't catching?

Thanks for any help.

P.S. I know how to surf for porn so that's not it, thank you.

Someone is using your domain name as their email address, maybe. What do the contents of the bounced email show? Spoofing?

Someone is using your domain name as their email address, maybe. What do the contents of the bounced email show? Spoofing?
Here's the body of one of 'em... I've never seen the "garza" e-mail before, just like most I receive.


Failed to deliver to 'garza@lbsnacks.com'
User unknown.
RMX-ID: 20060918-163545-131195103-8560@malon




Reporting-MTA: dns; quark2.retarus.de

Original-Recipient: rfc822;<garza@lbsnacks.com>
Final-Recipient: system;<garza@lbsnacks.com>
Action: failed
Status: 5.0.0



Received: from [218.239.211.71] (HELO 82.135.18.59)
by quark2.retarus.de (CommuniGate Pro SMTP 4.2.10)
with SMTP id 131195103 for garza@lbsnacks.com; Mon, 18 Sep 2006 16:35:44 +0200
Received: from chicano.adelaidecrows.com.au (unknown [88.120.146.36])
by abus-fenster.de with SMTP id SJQ6VVN7UI
for <garza@lbsnacks.com>; Mon, 18 Sep 2006 09:35:37 -0600
From: "Edgardo Palmer" <portiemarcellus@adelaidecrows.com.au>
To: "Garza" <garza@lbsnacks.com>
Subject: Re: ?
Status: 1 (Normal)
X-Mailer: Mozilla 4.61 [en]C-CCK-MCD C-UDP; (Win98; I)
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable
Date: Mon, 18 Sep 2006 16:35:44 +0200
Message-ID: <auto-000131195103@quark2.retarus.de>

Here's the body of one of 'em... I've never seen the "garza" e-mail before, just like most I receive.

Looks like someone is trying to spoof your domain to send spam.

Looks like someone is trying to spoof your domain to send spam.

Exactly. They prolly grabbed the e-mail addy on a pr0n site. :gomer: ;)

-Kevin

Is there some way to put a stop to this or, if not stop it, at least kill the people who are doing it? Report it to my ISP?

Report it to my ISP?

That's the proper recourse. Your ISP should be able to track down the originating domain and get the spoofer(s) stopped. Assuming you ISP is worth a ****, so YMMV.

-Kevin

Glad to see another Thunderbird user out there!

That's the proper recourse. Your ISP should be able to track down the originating domain and get the spoofer(s) stopped. Assuming you ISP is worth a ****, so YMMV.
Cool. They are directing all the bounced e-mails to the ISP so they can look into it and I don't have to deal with 'em.

I'm trying to imagine what you were surfing for that would bring you to this site (http://www.adelaidecrows.com.au/card/xmas_crows.html)

:eek:

:rofl: :laugh: :rofl:

Exactly. They prolly grabbed the e-mail addy on a pr0n site. :gomer: ;)

-Kevin


Warlock does not visit pornsites.:rofl: :rofl:

I'm trying to imagine what you were surfing for that would bring you to this site (http://www.adelaidecrows.com.au/card/xmas_crows.html)

WTF?!? :eek:

I've always been a big Crow's fan. :D

You may want to also consider not having mail for non-existent mailboxes end up with you. Instead, your mail server would bounce them.

You may want to also consider not having mail for non-existent mailboxes end up with you. Instead, your mail server would bounce them.
Yup... they did that too. :thumbup: