Strange respond email - spam ?

sky

sky

Verified User
Joined
Nov 12, 2004
Messages
318
Hello

A client is getting emails from people that are clicking "reply" to a emailing that whas not sent from them.

The from is : De : "T*iery Kr*ll" <***@wanadoo.fr>
To : <[email protected]>
Then there is a sort of hidden "envelloped to" : con*[email protected]


con*[email protected] never sent that email.
Is this just some people sending emailings with a hidden enveloppe email ? (sort of bad luck ?)


I checked the server, and around the time the email whas received, i found no trace of that email (3 days range). ("T*iery Kr*ll" <***@wanadoo.fr>)


The client sent me a couple email's to show me and seams that they come from a mailing list. This is the email signature :
Prospect mailing list
[email protected]
http://lists.les-petits-annonces.com/mailman/listinfo/prospect
Click to expand...


After checking out the log, i found lots of these :
2010-06-01 21:13:35 1OJWu7-0003VH-TI <= [email protected] H=ns306827.ovh.net [94.23.225.131] P=esmtps X=TLSv1:AES256-SHA:256 S=5286 id=4C04C518.000003.02460@YOUR-91EF2A9EA5 T="[Prospect] Désinscription " from <[email protected]> for con*[email protected]
2010-06-01 21:13:35 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1OJWu7-0003VH-TI
2010-06-01 21:13:35 1OJWu7-0003VH-TI => contact <con*[email protected]> F=<[email protected]> R=virtual_user T=virtual_localdelivery S=5424
2010-06-01 21:13:35 cwd=/ 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1OJWu7-0003VH-TI
2010-06-01 21:13:35 1OJWu7-0003VO-UG <= <> R=1OJWu7-0003VH-TI U=mail P=local S=748 T="Autoreply: \"[Prospect] Désinscription \"" from <> for [email protected]
2010-06-01 21:13:35 1OJWu7-0003VH-TI => contact <con*[email protected]> F=<[email protected]> R=userautoreply T=userautoreply S=5424
2010-06-01 21:13:35 1OJWu7-0003VH-TI Completed
Click to expand...
or
2010-06-01 18:59:15 1OJUo7-00010p-36 <= [email protected] H=ns306827.ovh.net [94.23.225.131] P=esmtps X=TLSv1:AES256-SHA:256 S=3904 id=32A62C5F4AFB4692AF184FCE128F225A@PCdeKingsada T="[Prospect] (no subject)" from <[email protected]> for con*[email protected]
2010-06-01 18:59:15 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1OJUo7-00010p-36
2010-06-01 18:59:15 1OJUo7-00010p-36 => contact <con*[email protected]> F=<[email protected]> R=virtual_user T=virtual_localdelivery S=4042
2010-06-01 18:59:15 cwd=/ 7 args: /usr/sbin/exim -t -oem -oi -f <> -E1OJUo7-00010p-36
2010-06-01 18:59:15 1OJUo7-00011W-44 <= <> R=1OJUo7-00010p-36 U=mail P=local S=761 T="Autoreply: \"[Prospect] (no subject)\"" from <> for [email protected]
2010-06-01 18:59:15 1OJUo7-00010p-36 => contact <con*[email protected]> F=<[email protected]> R=userautoreply T=userautoreply S=4042
2010-06-01 18:59:15 1OJUo7-00010p-36 Completed
Click to expand...


edit : i did a whois, got the phone number of les-petits-annonces.com and sent them a email. No reply for the moment.

edit 2 : wen i send a email via the form contact of there website, con*[email protected] received the email .... can this be a problem with the hosting company ?
 
Last edited:
How can this happen ?
Is there a why to find out ?

I can block the emails coming in, but its not the rght solution at long terms.

Thx
Sky
 
sky said:
How can this happen ?
Click to expand...
It can happen when a malicious spammer puts your email address into an email they send. It's a more sophisticated joe job (wikipedia.org) than one normally seen, but a joe job nevertheless.
Is there a why to find out ?
Click to expand...
When your client complains.
I can block the emails coming in, but its not the rght solution at long terms.
Click to expand...
Since you can't control what the spammer sends, and you can't control what people reply to, there's nothing you can do but block the email, if you can identify it well enough.

Jeff
 
You must log in or register to reply here.
Back
Top