[SC-Help] Re: Loads of spam showing "Delviery Status Notification", "Failure Notice" etc.

[Ant]

"rowan" wrote:

> I've recently started receiving loads of spam messages which purport to
> be delivery failure messages. They are always addressed to a
> non-existent user at my domain, e.g. ojvnyo@, ejrzx@, rrl@ etc.

I, and a lot of customers at my old ISP, am getting the same because
we have unlimited email addresses of the form:
<[anything]@[account name].[ISP name].co.uk>

> They
> can have a variety of failure messages, and purport to tell me that a
> message that I sent to an address that I have never sent to in my life
> could not be delivered.

They are genuine non-delivery messages from mail servers that have
accepted the mail, and then decided to bounce it later. The spammer
has forged your address in the "From:" line. These NDRs are called
backscatter, and this belated bouncing should not be happening
nowadays.

> The message sometimes contains a load of Base64
> code, presumably some kind of malware, or a scanned page of text.
> Sometimes there's no obvious payload.

All mine are pump & dump stock spams in the form of gif images,
so there is no URL to click on.

> Where are these messages coming from? Why have they suddenly started
> (or at least, suddenly started finding me)? Why are they getting
> through my ISP's spam filter (which is normally very good)?

Lots of people are asking the same questions. Mine are being tagged
as spam when a copy of the actual spam is attached, because the body
also contains the usual spammy hash-busting text.

> What can I do to get rid of them?

Don't accept mail for non-existant users.