Tuesday 9 December 2008

Camouflage spam mail using my mail address

I had been receiving camouflage spam mails more than a month, and it was increasing number of this spam recently. I could not set to reject these spam due to my Received From is my mail address.

I asked this matter to my web hosting service and the response was quite easy that it shall set refusal of receiving spam and virus mail. Right after the setting, such spam mail was not delivered. But the mechanism of the setting is still unknown.

Followings are some examples that I received.

Title:
Delivery Status Notification
Delivery Status Notification (Failure)
Re: Order status
Your order
RE: Message
, etc.

Sender IP and Link Address
221.209.47.150/  theybegan.com/
213.238.127.99/ safeoccur.com/
88.11.223.113/ noonfar.com/
202.164.62.36/ floorfruit.com
220.225.110.187/ possibleexample.com/
89.138.75.208/ yessecond.com/
210.213.199.30/ movesugar.com/
201.254.248.226/ movesugar.com/
65.110.155.151/ truckstill.com/
221.132.118.3/ onceburn.com/
71.244.150.8/ containgrand.com/
217.162.106.216/ heardsail.com/

Header Information
[Return-Path is not my mail address]
Return-Path: <jverchp@airliteplastics.com>
Delivered-To: ***@*****.***
Received: (qmail 7891 invoked by uid 89); 8 Dec 2008 21:26:54 +0900
Received: from unknown (HELO mail5.heteml.jp) (127.0.0.1)
by mail5.heteml.jp with SMTP; 8 Dec 2008 21:26:54 +0900
Received: from 221.209.47.150 (221.209.47.150)
by mail5.heteml.jp (HETEML-Fsecure);
Mon, 8 Dec 2008 21:26:47 +0900 (JST)
X-Spam-Status: Yes(HETEML-Fsecure) with VIRUSGW/SPAM_RBL/221.209.47.150[bl.spamcop.net:127.0.0.2]
To: <***@*****.***>
Subject: Delivery Status Notification
From: <***@*****.***>
MIME-Version: 1.0
Importance: High
Content-Type: text/html

[Return-Path is my mail address]
Return-Path: <***@*****.***>
Delivered-To: ***@*****.***
Received: (qmail 15980 invoked by uid 89); 8 Dec 2008 16:57:40 +0900
Received: from unknown (HELO mail5.heteml.jp) (127.0.0.1)
by mail5.heteml.jp with SMTP; 8 Dec 2008 16:57:40 +0900
Received: from 202.164.62.36 (202.164.62.36)
by mail5.heteml.jp (HETEML-Fsecure);
Mon, 8 Dec 2008 16:57:17 +0900 (JST)
X-Spam-Status: Yes(HETEML-Fsecure) with VIRUSGW/SPAM_RBL/202.164.62.36[bl.spamcop.net:127.0.0.2]
To: <***@*****.***>
Subject: Re: Order status
From: <***@*****.***>
MIME-Version: 1.0
Importance: High
Content-Type: text/html

No comments: