Lunarpages Web Hosting Forum

Author Topic: Spam source?  (Read 755 times)

Offline Marcus9

  • Trekkie
  • **
  • Posts: 13
    • http://www.darksphere.com
Spam source?
« on: March 29, 2005, 04:52:03 PM »
Hi.  I have a serious problem.  Any help is appreciated.

I receieved an email from Lunarforums titled "WARNING - SPAM SUSPENSION - WARNING" that was the result of AOL complaining about a spam message originating from my domain, darksphere.com.  I only have a few users with email accounts, and I'm sure that none of them sent out a spam message.  I am having great difficulty trying to figure out what happened, and am really concerned because Lunarpages says if it happens again my account may be suspended.

Has anyone else had this problem before, and what is the likely cause?  Is it possible that one of my email accounts has been hacked?  Would it absolutely have had to originated from my site to be reported as spam?

Here is the message, I replaced the recipients name to protect the accuser:

Return-path:  
Received: from ms-mta-02 (ms-mta-02-smtp [10.10.4.6])
by ms-mss-02.tampabay.rr.com
(iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003))
with ESMTP id for
xxx@tampabay.rr.com; Wed, 23 Mar 2005 13:36:53 -0500 (EST)
Received: from lamx02.mgw.rr.com (lamx02.mgw.rr.com [66.75.160.13])
by ms-mta-02.tampabay.rr.com
(iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003))
with ESMTP id for
xxx@tampabay.rr.com (ORCPT xxx@tampabay.rr.com); Wed,
23 Mar 2005 13:36:52 -0500 (EST)
Received: from kbl-zrz3509.zeelandnet.nl
(kbl-zrz3509.zeelandnet.nl [62.238.237.207])
by lamx02.mgw.rr.com (8.12.10/8.12.8) with ESMTP id j2NIaLxm012950 for
; Wed, 23 Mar 2005 13:36:48 -0500 (EST)
Received: from darksphere.com (darksphere.com [64.235.234.13])
by kbl-zrz3509.zeelandnet.nl with esmtp id BEEECC7844 for
; Wed, 23 Mar 2005 10:36:48 -0800
Date: Wed, 23 Mar 2005 10:36:48 -0800
From: "Anabaptist O. Dina"  
Subject: Fw: Great eobok on g-spot
To: xxx  
Message-id:  
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
X-Mailer: Microsoft Outlook Express 6.00.2800.1437
Content-type: multipart/alternative;
boundary="----=_NextPart_000_0010_16FE98AC.4D17658C"
X-Priority: 3
X-MSMail-priority: Normal
X-AntiVirus: skaner antywirusowy poczty Wirtualnej Polski S. A.
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Original-recipient: rfc822;xxx@tampabay.rr.com
 
----- Original Message -----  
From: Anabaptist O. Dina  
To: XXX
Sent: Wednesday, March 23, 2005 1:36 PM
Subject: Fw: Great eobok on g-spot
 
Allow me :-) Please :-)
 
Aloha 'oe

Lupine1647

  • Guest
Spam source?
« Reply #1 on: March 29, 2005, 05:47:23 PM »
You gotta hate AOL, it would apear that it's been through a Roadrunner server, however the originating IP address is not listed. I'm surprised AOL even sent the headers since they usually don't even send the headers.

Do any of your users use roadrunner and are in the tampa area?

Offline Marcus9

  • Trekkie
  • **
  • Posts: 13
    • http://www.darksphere.com
Spam source?
« Reply #2 on: March 29, 2005, 06:21:19 PM »
There are only 3 email accounts on my domain, including mine.  This couldn't be happening through a forwarder, right?  To me it seems as though the server in .NL, wherever that is, is reporting that the message came from my IP address to avoid seeming like the source?  This is possible isn't it?  It's just data.

I don't have any user's in Tampa and the two user's I have know nothing about this.

FYI: The Lunarpages support person told me over the phone that AOL was the one who complained, but nothing in the information she sent me identified AOL as the source of the complaint, so I can't confirm this.

Lupine1647

  • Guest
Spam source?
« Reply #3 on: March 29, 2005, 08:05:18 PM »
Well, if AOl reported it, then someone on the AOL service clicked the Spam Button. It is possible to forge the header information but unlikly to happen (You can edit the headers of any e-mail on AOL so the report can be falsified). Again, AOL doesn't include all or any of the headers in their report. Which makes me wonder if the headers in this message are from a replied message instead of a single message (which is why you don't see youself or LP's servers in the header report).