1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Considered UNSOLICITED BULK EMAIL, apparently from you

Collapse
X
1 to 9 of 9 Previous template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
1 to 9 of 9 Previous template Next
    #1

    Considered UNSOLICITED BULK EMAIL, apparently from you

    A message from <Platypus> to:
    -> Platypus

    was considered unsolicited bulk e-mail (UBE).

    Our internal reference code for your message is (blah blah)

    The message carried your return address, so it was either a genuine mail from you, or a sender address was faked and your e-mail address abused by third party, in which case we apologize for undesired notification.

    We do try to minimize backscatter for more prominent cases of UBE and for infected mail, but for less obvious cases of UBE some balance between losing genuine mail and sending undesired backscatter is sought, and there can be some collateral damage on both sides.

    First upstream SMTP client IP address: [217.19.154.21] According to a 'Received:' trace, the message originated at: [217.19.154.21],
    mail.aol.com (unknown [217.19.154.21])

    Return-Path: <Platypus>
    Message-ID: <20091010191338.82EBD57287@netserver>
    Subject: Dear Platypus 89% 0FF on Pfizer !

    Non-encoded 8-bit data (char A9 hex): From: \251 VIAGRA \256 Offic...
    I received this notification today.
    Is there anything I can do about this? i.e. stop people abusing my email address?

    I suspect not.
    Tags: None
    #2
    Is this just email provide by your ISP or do you have mailers on a website? If latter, I could suggest some secure scripts that appear to work.
    bloggoth

    If everything isn't black and white, I say, 'Why the hell not?'
    John Wayne (My guru, not to be confused with my beloved prophet Jeremy Clarkson)

    Comment

      #3
      Originally posted by xoggoth View Post
      Is this just email provide by your ISP or do you have mailers on a website? If latter, I could suggest some secure scripts that appear to work.
      My website includes a "response form" which uses FormMail.pl, which I thought is secure.

      How can I tell if the email originated from my website via FormMail or is simply a bogus "reply address" in the header?

      Thanks!

      Comment

        #4
        Originally posted by Platypus View Post
        I received this notification today.
        Is there anything I can do about this? i.e. stop people abusing my email address?
        Configuring an SPF record against my domain did the trick for me - pretty much solved my backscatter issues overnight.
        Where are we going? And what’s with this hand basket?

        Comment

          #5
          Originally posted by voodooflux View Post
          Configuring an SPF record against my domain did the trick for me - pretty much solved my backscatter issues overnight.
          I don't have an issue with backscatter - I get one of these "bounce" messages every month or so, not hundreds per day.

          And if my FormMail.pl has been compromised (???) then as far as I can tell, an SPF record isn't going to help, as email will originate from my domain.

          Sorry if this sounds ungrateful - certainly not - I'm just trying to understand the issue!

          TIA.

          Comment

            #6
            Originally posted by Platypus View Post
            I don't have an issue with backscatter - I get one of these "bounce" messages every month or so, not hundreds per day.

            And if my FormMail.pl has been compromised (???) then as far as I can tell, an SPF record isn't going to help, as email will originate from my domain.

            Sorry if this sounds ungrateful - certainly not - I'm just trying to understand the issue!

            TIA.
            No worries, you're correct in that SPF won't help if FormMail.pl is the culprit as the SMTP relay will be valid according to the SPF record.

            Does the form mail do any logging?
            Where are we going? And what’s with this hand basket?

            Comment

              #7
              Originally posted by Platypus View Post
              My website includes a "response form" which uses FormMail.pl, which I thought is secure.

              How can I tell if the email originated from my website via FormMail or is simply a bogus "reply address" in the header?

              Thanks!
              Assuming your FormMail.pl is only used to send stuff to you, you can hard-code your email address in the script rather than taking it from query parameters, and then it can't be used to email anyone else.

              The headers of the bounced spam should allow you to see where it originated. The message you quote seems to think it came from AOL, so unless that's the SMTP server used by your script, that won't be it.

              Comment

                #8
                Originally posted by NickFitz View Post
                Assuming your FormMail.pl is only used to send stuff to you, you can hard-code your email address in the script rather than taking it from query parameters, and then it can't be used to email anyone else.

                The headers of the bounced spam should allow you to see where it originated. The message you quote seems to think it came from AOL, so unless that's the SMTP server used by your script, that won't be it.
                Thanks, Nick.

                The addresses are hard-coded into FormMail.pl (there are several options, contact person A, contact person B, etc).

                AOL isn't the SMTP server used by my script.

                So, it seems that it was just a faked header, in which case, SPF should help (??) because the SPF record indicates that the mail is of fake origin. True?

                Comment

                  #9
                  Originally posted by Platypus View Post
                  So, it seems that it was just a faked header, in which case, SPF should help (??) because the SPF record indicates that the mail is of fake origin. True?
                  Probably. TBH I just ignore that stuff - it usually subsides after a day or so.

                  Comment

                  Reply to Thread
                  1 to 9 of 9 Previous template Next

                  Advertisers

                  1. Contracting
                    1. General
                      1. Brexit
                    2. Business / Contracts
                      1. Coronavirus Assistance
                    3. Accounting / Legal
                      1. Umbrella Companies
                      2. HMRC Scheme Enquiries
                      3. The Future of Contracting
                      4. IR35 Reform
                    4. Technical
                    5. Welcome / FAQs
                  2. Social
                    1. Light Relief
                    2. Social / Events
                  Working...
                  X