Rob Allison said:
I am getting notices of returned email "unidentified user" for mail that I
have not sent to addresses that I never heard of. The content is either
null
or random characters (very short). I suspect a virus but check clean. I
don't
know how to persue this to a cause. Hope someone can help.
Spam is being sent to invalid e-mail addresses which the receiving domain's
mail server rejects and sends back to the sender. You think spammer's use
their own valid e-mail accounts? Could be you selected a simple username
that uses words that any name generator could create when spewing out spam
to <someuser>@domain.com, or you have a friend that is infected with a
mailer trojan and who has you in their address book. The spammer or trojan
says it is you, tries to spew out their turds, they won't flush through the
receiving toilet so they bounce back to the sender - and that's you because
that is what the spammer or trojan claimed who they were.
The problem is not with your ISP. The problem is with the receiving mail
server that then sent you those NDR (non-delivery report) mails. The
receiving mail server should check if the account exists DURING THE MAIL
SESSION with the sending mail server (or trojan acting as server) and reject
ever accepting the mail if the destination account does not exist. Instead
the receiving mail server is misconfigured so it accepts the mail, the
session is over, and *afterward* the receiving mail server checks if the
mail is deliverable. If the destination account doesn't exist, the sending
mail server is no longer connected so the receiving mail server cannot
reject the mailing attempt. The only place it knows to delivery the
rejection notice is the claimed e-mail address for the sender, but the
sender lied and said they were you. That is why it is very stupid for a
mail server to accept a mail without checking *during* the mail session that
the mail is actually deliverable, and reject it right during the mail
session if the mail is undeliverable. Then the only person that gets the
NDR is the one that was using the sending mail server in an attempt to spew
the spam.
There are times when the receiving mail server cannot reject the mail during
the mail session with the sending mail server. For example, the receiving
domain may be a forwarding service. It cannot forward until it gets all of
the message, disconnects from the sending mail server, and then becomes the
sending mail server to forward a copy of the message to the next [receiving]
mail server. The only cure would be for the first receiving mail server
(for the forwarding service) to NOT disconnect the mail session with the
sending mail server until that receiving mail server connected to the next
receiving mail server to which it is supposed to forward the message. If
that second concurrent mail session gets rejected then the first receiving
mail server also rejects the mail session for the sending mail server and
the spam never gets delivered and the only person notified of the rejection
is the actual original server. However, that would slow down forwarding of
e-mails. Also, the sending mail server may timeout its mail session with
the first receiving mail server while the first receiving mail server is
trying to establish a mail session and deliver the mail to the second
receiving mail server.
Whether a regular mail service or a forwarding mail service, greylisting
would work well for both to eliminate a huge amount of spam. Spammers and
trojans do not attempt to resend their turds after the first attempt.
Greylisting does add a delay to the delivery time of legitimate mails
depending on the waiting interval configured for greylisting. Any mail
server that cannot understand "server too busy" from a receiving mail server
is the problem of that sending mail server and should be corrected because
there will ALWAYS be mail servers that get too busy to immediately accept
any more mails for awhile. See
http://en.wikipedia.org/wiki/Greylisting.
