The last couple of days I have been getting double bounces from spammers
who include a fake Deliver-To line in their header. At first I was
worried about the bounce messages going to innocent persons, but the
double bounces are from the same domains as the embedded URLs in the
messages themselves, which I assume belong to the spammers.
Would it be a good idea to limit delivery attempts for bounce messages
to one only? If so, what would be the proper way to do it?
----- Forwarded message from MAILER-DAEMON@frisco.perea.net -----
Date: 31 Oct 2012 14:11:18 -0000
From: MAILER-DAEMON@frisco.perea.net
To: postmaster@frisco.perea.net
Subject: failure notice
Hi. This is the qmail-send program at frisco.perea.net.
I tried to deliver a bounce message to this address, but the bounce bounced!
<FoodPoisoningInjuryCenter@strapcounty.info>:
209.105.246.195 does not like recipient.
Remote host said: 450 4.1.1 <FoodPoisoningInjuryCenter@strapcounty.info>: Recipient address rejected: unverified address: unknown user: "foodpoisoninginjurycenter@strapcounty.info"
Giving up on 209.105.246.195.
I'm not going to try again; this message has been in the queue too long.
--- Below this line is the original bounce.
Return-Path: <>
Received: (qmail 3869 invoked for bounce); 31 Oct 2012 13:24:36 -0000
Date: 31 Oct 2012 13:24:36 -0000
From: MAILER-DAEMON@frisco.perea.net
To: FoodPoisoningInjuryCenter@strapcounty.info
Subject: failure notice
Hi. This is the qmail-send program at frisco.perea.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<emilio@perea.net>:
This message is looping: it already has my Delivered-To line. (#5.4.6)
--- Below this line is a copy of the message.
Return-Path: <FoodPoisoningInjuryCenter@strapcounty.info>
Received: (qmail 16954 invoked from network); 31 Oct 2012 13:24:36 -0000
Received: from hermes2.perea.net (HELO hermes.walkereng.com) (172.20.20.229)
by frisco.perea.net with SMTP; 31 Oct 2012 13:24:36 -0000
Received: (qmail 14897 invoked from network); 31 Oct 2012 13:24:36 -0000
Received: from strapcounty.info (HELO nordmodemnet.com) (176.223.177.2)
by hermes.walkereng.com with SMTP; 31 Oct 2012 13:24:36 -0000
Delivered-To: emilio@perea.net
Received: by 10.223.118.17 with SMTP id t17cs125410faq;
Wed, 31 Oct 2012 06:24:37 -0700
Received: by 10.216.220.142 with SMTP id o14mr2820421wep.61.1316443187605;
Wed, 31 Oct 2012 06:24:37 -0700
Return-Path: <FoodPoisoningInjuryCenter@strapcounty.info>
From: "FoodPoisoningInjuryCenter" <FoodPoisoningInjuryCenter@strapcounty.info>
Content-Type: multipart/alternative; boundary=Apple-Mail-3-544537804
Subject: Were you exposed to the Peanut Butter Salmonella Outbreak
Date: Wed, 31 Oct 2012 06:24:37 -0700
Message-Id: <62B5E3F4-5A93-E973-3171-AE5DFCF9A47A@strapcounty.info>
To: <emilio@perea.net>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - strapcounty.info
X-AntiAbuse: Original Domain - yahoo.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strapcounty.info
--Apple-Mail-3-544537804
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
...
--Apple-Mail-3-544537804
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
charset=us-ascii
...
--Apple-Mail-3-544537804--
----- End forwarded message -----
who include a fake Deliver-To line in their header. At first I was
worried about the bounce messages going to innocent persons, but the
double bounces are from the same domains as the embedded URLs in the
messages themselves, which I assume belong to the spammers.
Would it be a good idea to limit delivery attempts for bounce messages
to one only? If so, what would be the proper way to do it?
----- Forwarded message from MAILER-DAEMON@frisco.perea.net -----
Date: 31 Oct 2012 14:11:18 -0000
From: MAILER-DAEMON@frisco.perea.net
To: postmaster@frisco.perea.net
Subject: failure notice
Hi. This is the qmail-send program at frisco.perea.net.
I tried to deliver a bounce message to this address, but the bounce bounced!
<FoodPoisoningInjuryCenter@strapcounty.info>:
209.105.246.195 does not like recipient.
Remote host said: 450 4.1.1 <FoodPoisoningInjuryCenter@strapcounty.info>: Recipient address rejected: unverified address: unknown user: "foodpoisoninginjurycenter@strapcounty.info"
Giving up on 209.105.246.195.
I'm not going to try again; this message has been in the queue too long.
--- Below this line is the original bounce.
Return-Path: <>
Received: (qmail 3869 invoked for bounce); 31 Oct 2012 13:24:36 -0000
Date: 31 Oct 2012 13:24:36 -0000
From: MAILER-DAEMON@frisco.perea.net
To: FoodPoisoningInjuryCenter@strapcounty.info
Subject: failure notice
Hi. This is the qmail-send program at frisco.perea.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<emilio@perea.net>:
This message is looping: it already has my Delivered-To line. (#5.4.6)
--- Below this line is a copy of the message.
Return-Path: <FoodPoisoningInjuryCenter@strapcounty.info>
Received: (qmail 16954 invoked from network); 31 Oct 2012 13:24:36 -0000
Received: from hermes2.perea.net (HELO hermes.walkereng.com) (172.20.20.229)
by frisco.perea.net with SMTP; 31 Oct 2012 13:24:36 -0000
Received: (qmail 14897 invoked from network); 31 Oct 2012 13:24:36 -0000
Received: from strapcounty.info (HELO nordmodemnet.com) (176.223.177.2)
by hermes.walkereng.com with SMTP; 31 Oct 2012 13:24:36 -0000
Delivered-To: emilio@perea.net
Received: by 10.223.118.17 with SMTP id t17cs125410faq;
Wed, 31 Oct 2012 06:24:37 -0700
Received: by 10.216.220.142 with SMTP id o14mr2820421wep.61.1316443187605;
Wed, 31 Oct 2012 06:24:37 -0700
Return-Path: <FoodPoisoningInjuryCenter@strapcounty.info>
From: "FoodPoisoningInjuryCenter" <FoodPoisoningInjuryCenter@strapcounty.info>
Content-Type: multipart/alternative; boundary=Apple-Mail-3-544537804
Subject: Were you exposed to the Peanut Butter Salmonella Outbreak
Date: Wed, 31 Oct 2012 06:24:37 -0700
Message-Id: <62B5E3F4-5A93-E973-3171-AE5DFCF9A47A@strapcounty.info>
To: <emilio@perea.net>
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - strapcounty.info
X-AntiAbuse: Original Domain - yahoo.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - strapcounty.info
--Apple-Mail-3-544537804
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
...
--Apple-Mail-3-544537804
Content-Transfer-Encoding: 7bit
Content-Type: text/html;
charset=us-ascii
...
--Apple-Mail-3-544537804--
----- End forwarded message -----