While checking my mailserver logs, I found an e-mail purportedly coming from MAILER-DAEMON at my domain. Pretty cheeky, in my opinion. It obviously didn’t come from my server, so was rejected.

But this is an example of how far the spammers will go to get an e-mail through.

And an example of how clueless they can be…

You see, messages from MAILER-DAEMON are sent in a specific way. They are never sent with that envelope e-mail address… They’re sent with an empty envelope e-mail address, and the mailserver adds the MAILER-DAEMON address, with the sending server after the @.

Shakes head….

Update:

That same IP address later sent a virus to my spamtrap. A Mydoom virus, according to the server.

Remember, this is an e-mail address that’s only a spamtrap, not an active address.

The IP the virus was sent from is listed in the CBL RBL, and the HELO is fake.
So, was this address harvested from someone’s internet cache, or was it harvested directly from the web?

This entry was posted on Thursday, May 18th, 2006 at 9:04 am and is filed under Mail spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.