Spam problem ...

[nokesc]

I have a new problem with spam today ... I'm getting emails that look like this ...

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

currydd@marquezbrothers.com
SMTP error from remote mailer after RCPT TO:<currydd@marquezbrothers.com>:
host mail.marquezbrothers.com [71.6.7.59]: 550 No such recipient

------ This is a copy of the message, including all the headers. ------

Return-path: <sales@intermtnfuse.com>
Received: from [88.235.101.87] (helo=88.235.101.87)
by mxb4eqab.ultradns.net with esmtp (Exim 4.43)
id 1JgQ7h-0008EY-BC
for currydd@marquezbrothers.com; Mon, 31 Mar 2008 19:56:53 +0000
Message-ID: <000501c89369$0227fdb6$f6372dbd@tosauoug>
From: "kent thuy-lan" <sales@intermtnfuse.com>
To: "Margret Hawkins" <currydd@marquezbrothers.com>
Subject: All Popular Watch Makes and Models.
Date: Mon, 31 Mar 2008 18:09:36 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198

Directory Of Watches Providers. Find Watches Quickly.

Competitive prices and safe buying.

ideas? I don't have an open relay, it appears as if someone is just spoofing 'sales@intermtnfuse.com'

[Valerion]

Spoofing an email address is extremely trivial, I can do it from the command line with a telnet client (have done so a lot to test various things in mail servers). If the message didn't originate from you, then there's not much you can do, the remote server will bounce it back after a failed delivery. And they managed to pick a legal address to spoof from.

Just the same, check your sendmail logs to see that you didn't send the original one.

[nokesc]

Thats what I was afraid of. Ok so my second question is will spamassassin catch and flag this sort of thing as spam? Currently on this server I have mailwasher which I don't like, but I haven't bothered to change to spamassassin because I haven't had the time.

[Valerion]

The return message by itself is not spam, it's a legitimate mail bounce response, and flagging such as spam will cause issues further along the line. If your server didn't actually send the email, there's nothing you can do to stop it, it's all up to the receiving machine. If you did send it, then you can scan it for spam, and both SA and MailWasher should work fine.

If the receiving mailserver supports it you can try SPF or DomainKeys to try and combat it. Not all, or even a majority of servers do, though.

http://en.wikipedia.org/wiki/Sender_Policy_Framework
http://en.wikipedia.org/wiki/DomainKeys

[nokesc]

Wow ... we are recieving a high number of these a day, 200 or so and it just started happening. I'll look into SPF & DK ... I would think with this kind of thing and the current amount of spam business have to put up with that there needs to be some kind of new email standard ... like an smtp 2.0 or something ... just thinking out loud