Contact your ISP, I assume this is your on-line mail account provided by
your ISP. Someone has hijacked your account and is using it to spray spam.
Not necessarily. More likely somebody has forged his email address as
the sender in a spam run. I had a yahoo.com email address forged as the
sender in a spam run, once. I received several hundred delivery failure
notices to that forged account before the spammer moved on to a
different forged sender email address.
| X-Apparently-To: %User_ID%@yahoo.com via 66.218.79.27; 11 Jun 2003 22:31:25 -0700 (PDT)
| X-YahooFilteredBulk: 216.77.233.62
| Return-Path: <>
| Received: from 216.77.233.62 (HELO bellsouth.net) (216.77.233.62)
| by mta124.mail.scd.yahoo.com with SMTP; 11 Jun 2003 22:31:24 -0700 (PDT)
| Date: Thu, 12 Jun 2003 01:34:10 -0500
| From: Mail Delivery Subsystem <
[email protected]>
| Message-Id: <
[email protected]>
| To: <%User_ID%@yahoo.com>
| MIME-Version: 1.0
| Content-Type: multipart/report; report-type=delivery-status;
| boundary="LUK8157.1055376000/mx1.bellsouth.net"
| Subject: Returned mail: User unknown
| Auto-Submitted: auto-generated (failure)
|
| This is a MIME-encapsulated message
|
| --LUK8157.1055376000/mx1.bellsouth.net
|
| The original message was received at Thu, 12 Jun 2003 01:34:10 -0500
| from ilovejesus.com
|
| ----- The following addresses had permanent fatal errors -----
| <%Some_MW_idiote%@bellsouth.net>
| (expanded from: <%Some_MW_idiote%@bellsouth.net>)
|
| ----- Transcript of session follows -----
| mail.local: unknown name: %Some_MW_idiote%
| 550 <%Some_MW_idiote%@bellsouth.net>... User unknown
|
| --LUK8157.1055376000/mx1.bellsouth.net
| Content-Type: message/delivery-status
|
| Reporting-MTA: dns; mx1.bellsouth.net
| Received-From-MTA: DNS; ilovejesus.com
| Arrival-Date: Thu, 12 Jun 2003 01:34:10 -0500
|
| Final-Recipient: RFC822; <%Some_MW_idiote%@bellsouth.net>
| X-Actual-Recipient: RFC822; %Some_MW_idiote%@bellsouth.net
| Action: failed
| Status: 5.1.1
| Last-Attempt-Date: Thu, 12 Jun 2003 01:34:10 -0500
|
| --LUK8157.1055376000/mx1.bellsouth.net
| Content-Type: message/rfc822
|
|| Return-Path: <%User_ID%@yahoo.com>
|| Received: from ilovejesus.com ([140.239.119.97]) by imf35bis.bellsouth.net
|| (InterMail vM.5.01.04.25 201-253-122-122-125-20020815) with ESMTP
|| id <
[email protected]>
|| for <%Some_MW_idiote%@bellsouth.net>; Wed, 11 Jun 2003 20:02:32 -0400
|| Received: from yahoo.com (na-200-38-238-114.na.avantel.net.mx [200.38.238.114] (may be forged))
|| by ilovejesus.com (8.12.8/8.12.8) with SMTP id h5BNxUJT014641;
|| Wed, 11 Jun 2003 19:59:31 -0400 (EDT)
|| Message-ID: <
[email protected]>
|| From: <%User_ID%@yahoo.com>
|| To: (e-mail address removed)
|| Subject: Hello!!
|| Date: Wed, 11 Jun 2003 18:46:48 +0800
|| MIME-Version: 1.0
|| Content-Type: multipart/alternative;
|| boundary="----=_NextPart_116_FF5F_90036E50.97E94994"
|| X-Priority: 3
|| User-Agent: Microsoft Outlook Express 5.50.4133.2400
|| ------=_NextPart_116_FF5F_90036E50.97E94994
|| Content-Type: text/plain;
|| charset="iso-8859-1"
|| Content-Transfer-Encoding: quoted-printable
||
||
|| ------=_NextPart_116_FF5F_90036E50.97E94994
|| Content-Type: text/html;
|| charset="iso-8859-1"
|| Content-Transfer-Encoding: quoted-printable
||
|| {Spam payload redacted.}
||
|| ------=_NextPart_116_FF5F_90036E50.97E94994--
|| --LUK8157.1055376000/mx1.bellsouth.net--
The upper part, with the single leading bar ("|"), is the part where the
MailWasher user is identified as the bouncer. The lower part, with the
double leading bar ("|"), is the actual spam. You will note that the
originating IP address of the spam ("140.239.119.97") is XO
Communications. I have _never_ used XO Communications for anything. I
don't even use my own AT&T Yahoo! HSI connection for end-to-end email.
All of my outbound email goes through one of about six SMTP servers;
usually my ISP's SMTP AUTH server. Therefore, a recipient of email
should only see a mail provider, or ISP SMTP relay client IP address as
the source.
I have hundreds of examples of mail service provider Delivery Failure
Notices, as well. I picked on the MailWasher bounce because there are
some people who _think_ that a MailWasher bounce can't be detected as
such.
Back to the point; forgery is the most common cause of DFNs, when the
recipient did not send the message. It probably isn't as bad as it was
when I got my bounces; most mail services no longer accept email, then
bounce it after the fact. That is abusive behavior.
--
Norman
~Shine, bright morning light,
~now in the air the spring is coming.
~Sweet, blowing wind,
~singing down the hills and valleys.
