![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List]
Re: Spam non-boune reported as a bounce, and other related problems.
Mike Easter
MikeE at ster.invalid
Thu Oct 28 08:34:37 EDT 2004
Dan French wrote:
> If you look at:
www.spamcop.net/sc?id=z686399873z19d43b95a2d37c0228063af970ee6a87z
That is a mail with an empty returnpath which sez in the body "Please
take saveena at medtechtrans.com and any others with email addresses at
medtechtrans.com off x mailing lists. [...] " and with that addy in the
From.
Mail for medtechtrans.com is handled by mail3.opentransfer.com
mail3.opentransfer.com DNS 69.49.238.4
That IP is the source of the mail and the source sez HELO
mail.opentransfer.com
SC is configured to call anything with an empty returnpath
Return-Path: <>
a bounce and to also say something foolish like "Message is old" meaning
nothing.
I can't successfully test the address above, because the server agrees to
take mail for saveena and also agrees to take mail from a bogus addy.
> #1 The message is tracked back to 69.49.238.4 -- and it is forged.
> The IP address that medtechtrans.com uses is NOT 69.49.238.4 (and is
> nothing like that)
medtechtrans resolves differently than its mx mail3.opentransfer.com
I think the thing is some kind of stupid autoack based on a configuration
which accepts mails to that domainname and then 'soft bounces' or
belatedly bounces the item by creating a newmail like the above to the
originating mail's From.
Dumb system. Abusive to bogus Froms.
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-List
mailing list