[turtle]

So my email is now run through Google Apps meaning all the issues related to me making sure I have security and all are taken care of. Basically it's pain free from me, I just have to understand that Google knows all.

Aside from that I've been getting a bunch of returned mail messages from users like "ejkhkjhefwe983" and the like at my domain. Here is a header from one of the messages that was kicked back:

Code:

Received: from smtp05.aspadmin.com (smtp05.aspadmin.com [66.240.201.20]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx2.spamarrest.com (Postfix) with ESMTP id 726DCC84E04 for <stevenconley@spamarrest.com>; Sun, 17 Oct 2010 01:29:46 -0500 (CDT) Received: from dish4028.net.ibizdns.com (dish4028.net.ibizdns.com [209.126.254.72]) by smtp05.aspadmin.com (8.13.8/8.13.4) with ESMTP id o9H6V8SW001840 for <stevenconley@spamarrest.com>; Sat, 16 Oct 2010 23:31:08 -0700 Received: from dish4028.net.ibizdns.com (localhost [127.0.0.1]) by dish4028.net.ibizdns.com (8.13.4/8.13.4) with ESMTP id o9H6TjCx032680 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <stevenconley@spamarrest.com>; Sat, 16 Oct 2010 23:29:45 -0700 Received: (from sconley@wecareworldwide.com@localhost) by dish4028.net.ibizdns.com (8.13.4/8.13.4/Submit) id o9H6TjhS032677 for stevenconley@spamarrest.com; Sat, 16 Oct 2010 23:29:45 -0700 X-Authentication-Warning: dish4028.net.ibizdns.com: sconley@wecareworldwide.com set sender to "Licensed Pfizer Shop" <euzecoly1431@mydomain.com> using -f Received: from [188.48.15.99] ([188.48.15.99]) by dish4028.net.ibizdns.com (8.13.4/8.13.4) with ESMTP id o9H6TYDv032649 for <globalpartners@wecareworldwide.com>; Sat, 16 Oct 2010 23:29:39 -0700 Received: from mail.wecareworldwide.com (localhost [127.0.0.1]) by mail.wecareworldwide.com (8.14.4/8.14.4) with SMTP id 3eE45e3AA2DF64 for <globalpartners@wecareworldwide.com>; Sun, 17 Oct 2010 09:29:37 +0300 (envelope-from euzecoly1431@mydomain.com) Message-Id: <20101017929.adb63FD470df1A@[188.48.15.99]> Subject: Hi globalpartners, 80% OFF! in from of include consumption Date: Sun, 17 Oct 2010 09:29:37 +0300 Mime-Version: 1.0 From: "Licensed Pfizer Shop" <euzecoly1431@mydomain.com> To: globalpartners@wecareworldwide.com Content-Type: text/html; charset=ISO-8859-1 X-MailThrottle-Validated: 1 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on dish4028.net.ibizdns.com X-Spam-Level: X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_00,HTML_80_90, HTML_FONT_FACE_CAPS,HTML_IMAGE_ONLY_24,HTML_MESSAGE,MIME_HTML_ONLY autolearn=no version=3.0.4 Content-Transfer-Encoding: quoted-printable Received-SPF: none(mydomain.com: mydomain.com does not designate permitted sender hosts)

None of the IP addresses in the header are for my server or my home so this leads me to think that I'm being spoofed, but the problem is I'm not getting my domain blacklisted. How can I fix this and where do I turn the spoofing off if that is what it is?

[WrestleEwe]

Quote:

Originally Posted by turtle2472 X-Authentication-Warning: dish4028.net.ibizdns.com: sconley@wecareworldwide.com set sender to "Licensed Pfizer Shop" <euzecoly1431@mydomain.com> using -f Received: from [188.48.15.99] ([188.48.15.99])

This means that some spambot sends messages with a altered sender field. This message was sent from somewhere nowhere near your email server.

Unfortunately, there is nothing you can do about this.
Fortunately, most mailservers are smart enough to see through this trick and not add your domain to their blacklists.

Hope this helps.

[turtle]

Man, I've still got to get my server off a spammers list. It seems that this spoofing is the cause, but spam cannibal says they won't blacklist your server unless *IT* is sending the spam.

[Ebby]

I have my catchall activated and get about 460,000 of those spams a month. Still not blacklisted and I do wish some big companies got together to develop "E-mail 2.0" to take care of these stupid weaknesses.