Mobile app version of vmapp.org
Login or Join
Shanna517

: Getting a lot of postmaster undeliverable notices for non-existent users I've had my domain (straightpathsql.com) for a few years now. I host my e-mail with Google Accounts for business and have

@Shanna517

Posted in: #Email #Spam

I've had my domain (straightpathsql.com) for a few years now. I host my e-mail with Google Accounts for business and have for awhile. ALl of the sudden in the past week I am starting to get a lot of postmaster delivery fail notices from various domains, most of them involving bogus e-mail addresses at my domain (hank787989714@straightpathsql.com, for example)... My assumption here is that someone is trying to relay on some other host (not my hosts which are secure through google apps for business, I presume) and there isn't much I can do to stop it. But I just want to make sure there isn't something else I need to be looking at here.. An example delivery fail notice is below.. I know nothing of those addresses below and they look like garbage...

(Quick edit: the reason I get these messages is I set myself up as a catch all, so it doesn't matter what e-mail you send a note to at my domain, I'll get it if the account isn't setup... All of the failure messages are sent to bogus addresses on my domain)

The following message to <omiivi2922@4speed.co.jp> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 553-'sorry, this recipient is in my badrecipientto list (#5.7.1)'

Final-Recipient: rfc822;omiivi2922@4speed.co.jp
Action: failed
Status: 5.0.0 (permanent failure)
Remote-MTA: dns; [118.82.83.11]
Diagnostic-Code: smtp; 5.1.0 - Unknown address error 553-'sorry, this recipient is in my badrecipientto list (#5.7.1)' (delivery attempts: 0)


---------- Forwarded message ----------
From: Howard Blankenship <SolomonF5E948@straightpathsql.com>
To: omiivi2922 <omiivi2922@4speed.co.jp>
Cc:
Date:
Subject: Hi omiivi2922


Full Header:

Delivered-To: solomonf5e948@straightpathsql.com
Received: by 10.204.120.16 with SMTP id b16csp19402bkr;
Thu, 28 Jun 2012 09:05:27 -0700 (PDT)
Received: by 10.68.190.102 with SMTP id gp6mr9307880pbc.5.1340899526973;
Thu, 28 Jun 2012 09:05:26 -0700 (PDT)
Return-Path: <>
Received: from irmx01.secure.ne.jp (irmx01.secure.ne.jp. [122.200.253.201])
by mx.google.com with ESMTP id vo8si2410809pbc.133.2012.06.28.09.05.26;
Thu, 28 Jun 2012 09:05:26 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of irmx01.secure.ne.jp designates 122.200.253.201 as permitted sender) client-ip=122.200.253.201;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of irmx01.secure.ne.jp designates 122.200.253.201 as permitted sender) smtp.mail=
Message-Id: <afddd6uo8qbc@irmx01.secure.ne.jp>
Received: from localhost by irmx01.secure.ne.jp;
29 Jun 2012 01:05:25 +0900
Date: 29 Jun 2012 01:05:25 +0900
To: SolomonF5E948@straightpathsql.com
From: "Mail Delivery System" <MAILER-DAEMON@irmx01.secure.ne.jp>
Subject: Delivery Status Notification (Failure)
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status; boundary="1zX6bY.4muf/vHVS.1LvkrJ.2ohy5+/"

--1zX6bY.4muf/vHVS.1LvkrJ.2ohy5+/
content-type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable

The following message to <omiivi2922@4speed.co.jp> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 553-'sorry, this recipient is in my badrecipi=
entto list (#5.7.1)'

--1zX6bY.4muf/vHVS.1LvkrJ.2ohy5+/
content-type: message/delivery-status

Reporting-MTA: dns; irmx01.secure.ne.jp

Final-Recipient: rfc822;omiivi2922@4speed.co.jp
Action: failed
Status: 5.0.0 (permanent failure)
Remote-MTA: dns; [118.82.83.11]
Diagnostic-Code: smtp; 5.1.0 - Unknown address error 553-'sorry, this recipient is in my badrecipientto list (#5.7.1)' (delivery attempts: 0)

--1zX6bY.4muf/vHVS.1LvkrJ.2ohy5+/
content-type: message/rfc822

X-SBRS: -4.0
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArX2ALV/7E8CWcTHPGdsb2JhbACGH4Z3qC8EgT8BAQEBNzQdGwOCB34NAhhVGogipWeTSYEgik4LhGiWFIEThGY
X-Spam-Status: Yes
Received: from unknown (HELO dsldevice.lan) ([2.89.196.199])
by irmx01.secure.ne.jp with ESMTP; 29 Jun 2012 01:05:24 +0900
Message-Id: <20120628190518.2A7C7A6962F6869E0B42@WEC-PC>
From: Howard Blankenship <SolomonF5E948@straightpathsql.com>
To: omiivi2922 <omiivi2922@4speed.co.jp>
Reply-To: Maria Luna <Guadalupe5BF0695@quechisme.com>
Subject: Hi omiivi2922
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

--1zX6bY.4muf/vHVS.1LvkrJ.2ohy5+/--

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Shanna517

2 Comments

Sorted by latest first Latest Oldest Best

 

@Ogunnowo487

Instead of setting non-existant users in 'catch-all' mode, there should be in your control panel an option that allows to blackhole emails that are destined to non existant mailboxes.

The catch all mode really should not be used nowadays as most domains get spammed in the same manner you have experienced. It is very annoying indeed, but perfectly normal.

10% popularity Vote Up Vote Down


 

@Twilah146

It's probably just backscatter from spammers using your domain in their bogus sender addresses. Perhaps some spammer just happened to add your domain to a list of bogus sender domains to use.

There's not much that can be done about such messages, except to filter them out. I would recommend adding an SPF record for your domain, but it looks like you already have one.

(It might help if you could provide the full headers for one of these messages; in particular, from your sample it's hard to tell where the bounce actually happened.)

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme