Thread: Weird spam message
View Single Post
  #28  
Old April 8, 2014, 11:31:48 AM
Cat333Pokémon's Avatar
Cat333Pokémon Cat333Pokémon is offline
Administrator

  
Join Date: Nov 2006
Location: Nevada
Posts: 10,303
Default
I don't get it. My contacts list is completely empty now, and I changed my password since then. Judging by this part of the header in the PM you sent me...
Code:
Received: from mail-1.cc.uic.edu (mail-1-456.cc.uic.edu. [128.248.156.182])
        by mx.google.com with ESMTPS id a7si4397701iga.43.2014.04.08.10.28.20
        for <multiple recipients>
        (version=TLSv1 cipher=RC4-SHA bits=128/128);
        Tue, 08 Apr 2014 10:28:20 -0700 (PDT)
Received-SPF: neutral (google.com: 128.248.156.182 is neither permitted nor denied by domain of cat333pokemon@aol.com) client-ip=128.248.156.182;
Authentication-Results: mx.google.com;
       spf=neutral (google.com: 128.248.156.182 is neither permitted nor denied by domain of cat333pokemon@aol.com) smtp.mail=cat333pokemon@aol.com
Received: from uic.edu (dsl-189-241-239-129-dyn.prod-infinitum.com.mx [189.241.239.129] (may be forged))
	(authenticated bits=0)
The spammer most likely had to be using a cached copy of the contacts, and this time it was delivered by his own e-mail server (likely a bot located at the University of Illinois at Chicago and routed through a Mexican ISP) attempting to spoof my e-mail address but failing at many of the attempts due to a fake Sender Permitted Form (SPF), which is attached to the domain name as a list of e-mail servers that are allowed to send mail as them. My e-mail address has not been hacked again. It is just the same moron trying to use his own e-mail server. If it hasn't been already, his e-mail server will be blocked by all the major ISPs for not having an SPF at AOL (or Yahoo!, or Google, or Microsoft, or anyone else for whom he's attempting to spoof an e-mail address).

In a completely unrelated incident, I personally had trouble with the Sender Permitted Form right after the server move, as I forgot to tell the domain name server that "floatzel.net" is a permitted sender for VR's e-mail. Hotmail quickly blocked it because one of its spam filter providers didn't like me sending e-mails with the wrong SPF and wrong hostname on the machine.

In addition to the above, I received a large number of bounce messages from Orange France (that's an ISP):

Quote:
Nous sommes desoles de vous informer que votre message n a pas
pu etre remis a un ou plusieurs de ses destinataires.
Ceci est un message automatique genere par le serveur mwinf5d27.orange.fr.
Merci de ne pas y repondre.
This is the mail system at host mwinf5d27.orange.fr.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients.
The mail system
<*removed*>: host yahoo.com[66.196.118.37] said: 554
Message not allowed - [PH01] Email not accepted for policy reasons. Please visit http://postmaster.yahoo.com/errors/postmaster-27.html [120]
Last edited by Cat333Pokémon; April 8, 2014 at 11:48:42 AM.