spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Trend?

2005-07-16 07:40:04
from [administrator] [Permanent Link] 
For a while now, our Sendmail server has been bombarded by numerous bounces
from a wide variety of mail servers. The common element is that the
supposed sender is common first names from our domain (ie.
helen(_at_)yellowhead(_dot_)com). We long ago advised our clients not to use 
common
first names, so most (if not all) of these go undelivered. I had no idea
what these bounce attempts consisted of until I received the message below
this morning.

I have not included the headers from the Telus server, but the interesting
part is that the virus file (updated-password.zip) was removed by Telus.
This is something new for Telus as many servers do not remove virus's on
bounces and they can end up being delivered to the unsuspecting user. The
other interesting part is that the virus was sent through the Telus
outbound mail server from a Telus IP. This is counter to the regular
pattern of delivering a virus directly from the infected IP.

Could this be considered to be a direct result of more ISP's using SPF?

J.A. Coutts
+++++++++++++++++++++++++++++++++++++++++++++++++
Final-Recipient: RFC822; <helen(_at_)yellowhead(_dot_)com>
Action: failed
Status: 5.1.1
Remote-MTA: dns; postini-mail.alberta1st.com (69.36.102.205)
Diagnostic-Code: smtp; 550 <helen(_at_)yellowhead(_dot_)com>... User unknown
Received: from yellowhead.com ([142.59.183.61])
          by priv-edtnes57.telusplanet.net
          (InterMail vM.6.01.04.04 201-2131-118-104-20050224) with ESMTP
          id
<20050716032435(_dot_)JYDR14940(_dot_)priv-edtnes57(_dot_)telusplanet(_dot_)net(_at_)yellowhead(_dot_)com>
          for <helen(_at_)yellowhead(_dot_)com>; Fri, 15 Jul 2005 21:24:35 -0600
From: administrator(_at_)yellowhead(_dot_)com
To: helen(_at_)yellowhead(_dot_)com
Subject: Your password has been updated
Date: Fri, 15 Jul 2005 21:22:25 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_0008_1B02085D.E2B3B5D3"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id:
<20050716032435(_dot_)JYDR14940(_dot_)priv-edtnes57(_dot_)telusplanet(_dot_)net(_at_)yellowhead(_dot_)com>
  
Dear user helen, 
 
You have successfully updated the password of your Yellowhead account.
 
If you did not authorize this change or if you need assistance with your
account, please contact Yellowhead customer service at:
administrator(_at_)yellowhead(_dot_)com
 
Thank you for using Yellowhead! 
The Yellowhead Support Team 
 
+++ Attachment: No Virus (Clean) 
+++ Yellowhead Antivirus - www.yellowhead.com   
+++++++++++++++++++++++++++++++++++++++++++++++++++
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Trend?, administrator <=
Previous by Date:  Re: slashdot article on DKIM and SenderID, wayne
Next by Date:  checkfree.com SPF records: thank you, Stuart D. Gathman
Previous by Thread:  slashdot article on DKIM and SenderID, wayne
Next by Thread:  checkfree.com SPF records: thank you, Stuart D. Gathman
Indexes:  [Date] [Thread] [Top] [All Lists]