[SC-Help] Re: Loads of spam showing "Delviery Status Notification", "Failure Notice" etc.

[DougW]

rowan did pass the time by typing:
> I've recently started receiving loads of spam messages which purport to
> be delivery failure messages. They are always addressed to a
> non-existent user at my domain, e.g. ojvnyo@, ejrzx@, rrl@ etc. They
> can have a variety of failure messages, and purport to tell me that a
> message that I sent to an address that I have never sent to in my life
> could not be delivered. The message sometimes contains a load of Base64
> code, presumably some kind of malware, or a scanned page of text.
> Sometimes there's no obvious payload.
>
> Where are these messages coming from? Why have they suddenly started
> (or at least, suddenly started finding me)? Why are they getting
> through my ISP's spam filter (which is normally very good)? What can I
> do to get rid of them?

Well, copy out the bit of base64 stuff and paste it into the form
located here: http://www.toastedspam.com/decode64  That will let you
see what is in there.  Odds are it's a gif pump&dump

They are getting through because most ISPs have made exceptions for
bounce and faiure messages.  And some spam filters also have these
"features" in them.

First thing to do is turn off your catch-all for roll accounts.
If they are coming in on postmaster or abuse then filter/flag.
(There are others here more suited to answer that question than I)


-- 
rbg