PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Opfer eines Joejobs mit > 300 Mails pro Tag



idontlikespam
08.07.2011, 11:52
Hallo Community!

Ich bin durch ein wenig Recherche nach dieser Art Spam auf diesen Thread http://www.antispam-ev.de/forum/showthread.php?10516-Undelivered-Mail-Returned-to-Sender/ aufmerksam geworden.

Ich betreibe eine gewerbliche Blogsite und habe natürlich zu meinem Ärgernis die Pflichtangabe einer Email Adresse mit info (at) im Impressum stehen. Die Robots scheinen aber mittlerweile diesen alten Hut bestens abzufangen und so bin ich seit dieser Woche unter Beschuss eines extremen JoeJobs.

Gestern verzeichnete ich ganze 300 Mail delivery bounces in meinem Spamordner. Tendenz steigend. Da hat es jemand aber richtig auf mich abgesehen :( Alle Emails haben den eigentlichen Inhalt als Werbung inne.

Mittlerweile habe ich mehrere Filter angelegt um die ganzen verschiendenen bounces sofort löschen zu lassen.

Eine andere ist heute wieder durch und hatte auch einen Anhang mit Word Dokument. Irgendwie reicht es mir, da ich natürlich im Notfall schon gerne über eine richtige unzustellbare Nachricht benachrichtigt werden mag.

Mein Mail Client ist Gmail via https. Einen lokalen nutze ich nicht.

Wie kann ich dieser Mafia das Leben schwerer machen?

Andere weitere Arten dieser Mails kann ich gerne posten, wenn ich die Filter wieder temporär ausschalte.

Vielen Dank


Delivered-To: poor [at] spamvictim.tld
Received: by 10.14.119.9 with SMTP ID: [ID filtered]
Thu, 7 Jul 2011 xx:xx:xx -0700 (PDT)
Received: by 10.213.102.20 with SMTP ID: [ID filtered]
Thu, 07 Jul 2011 xx:xx:xx -0700 (PDT)
Received-SPF: softfail (google.com: best guess record for domain of transitioning unknown does not designate 149.101.1.168 as permitted sender) client-ip=149.101.1.168;
Received: by 10.241.103.21 with POP3 ID: [ID filtered]
Thu, 07 Jul 2011 xx:xx:xx -0700 (PDT)
X-Gmail-Fetch-Info: info [at] webadresse.com 6 pop3.webadresse.com 110 m0xxxxxx
Return-Path: <>
X-Original-To: info [at] webadresse.com
Delivered-To: xxxxxxx.kasserver.com
X-Greylist: delayed 5778 seconds by postgrey-1.32 at xxxxxxxxxx; Fri, 08 Jul 2011 xx:xx:xx CEST
Received: from mailsc32.usdoj.gov (mailsc32.usdoj.gov [149.101.1.168])
by xxxxxxx.kasserver.com (Postfix) with ESMTPS ID: [ID filtered]
for <poor [at] spamvictim.tld>; Fri, 8 Jul 2011 xx:xx:xx +0200 (CEST)
Received: from mqueue.dsn (mailsc32 [127.0.0.1])
by mailsc32.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from localhost (localhost)
by mailsc32.usdoj.gov (8.14.4/8.14.4) ID: [ID filtered]
Thu, 7 Jul 2011 xx:xx:xx -0400
Date: Thu, 7 Jul 2011 xx:xx:xx -0400
From: Mail Delivery Subsystem <MAILER-DAEMON [at] mailsc32.usdoj.gov>
Message-ID: [ID filtered]
To: <poor [at] spamvictim.tld>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="p67NP7IQ013001.1310081107/mailsc32.usdoj.gov"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_10:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 ndrscore=0 ipscore=0 suspectscore=12
phishscore=0 bulkscore=0 spamscore=0 adjustscore=0 adultscore=0
classifier=spam adjust=0 reason=mlx scancount=1 engine=6.0.2-1012030000
definitions=main-1107070221
X-KasLoop: xxxxxxxxx


This is a MIME-encapsulated message

--p67NP7IQ013001.1310081107/mailsc32.usdoj.gov

The original message was received at Thu, 7 Jul 2011 xx:xx:xx -0400
from [10.222.4.21]

----- The following addresses had permanent fatal errors -----
<eineadresse [at] unicor.gov>
(reason: 554 5.4.6 Too many hops)

----- Transcript of session follows -----
554 5.4.6 Too many hops 26 (25 max): from <info [at] webadresse.com> via localhost, to <eineadresse [at] unicor.gov>

--p67NP7IQ013001.1310081107/mailsc32.usdoj.gov
Content-Type: message/delivery-status

Reporting-MTA: dns; mailsc32.usdoj.gov
Arrival-Date: Thu, 7 Jul 2011 xx:xx:xx -0400

Original-Recipient: rfc822;eineadresse [at] unicor.gov
Final-Recipient: RFC822; eineadresse [at] unicor.gov
Action: failed
Status: 5.4.6
Diagnostic-Code: SMTP; 554 5.4.6 Too many hops
Last-Attempt-Date: Thu, 7 Jul 2011 xx:xx:xx -0400

--p67NP7IQ013001.1310081107/mailsc32.usdoj.gov
Content-Type: message/rfc822

Return-Path: <info [at] adresse.com>
Received: from emsagent1.doj.gov ([10.222.4.21])
by mailsc32.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from mailsc32.usdoj.gov (mailsc32.usdoj.gov [149.101.10.168])
by emsagent1.doj.gov (8.14.1/8.14.1) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from emsagent1.doj.gov ([10.222.4.48])
by mailsc32.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from mailsc32.usdoj.gov (mailsc32.usdoj.gov [149.101.10.168])
by emsagent1.doj.gov (8.14.1/8.14.1) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from emsagent1.doj.gov ([10.222.4.21])
by mailsc32.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from mailsc32.usdoj.gov (mailsc32.usdoj.gov [149.101.10.168])
by emsagent1.doj.gov (8.14.1/8.14.1) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from emsagent1.doj.gov ([10.222.4.19])
by mailsc32.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from mailsc32.usdoj.gov (mailsc32.usdoj.gov [149.101.10.168])
by emsagent1.doj.gov (8.14.1/8.14.1) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from emsagent1.doj.gov ([10.222.4.38])
by mailsc32.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from mailsc32.usdoj.gov (mailsc32.usdoj.gov [149.101.10.168])
by emsagent1.doj.gov (8.14.1/8.14.1) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from emsagent1.doj.gov ([10.222.4.19])
by mailsc32.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from mailsc32.usdoj.gov (mailsc32.usdoj.gov [149.101.10.168])
by emsagent1.doj.gov (8.14.1/8.14.1) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from emsagent1.doj.gov ([10.222.4.48])
by mailsc32.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from mailsc32.usdoj.gov (mailsc32.usdoj.gov [149.101.10.168])
by emsagent1.doj.gov (8.14.1/8.14.1) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from emsagent1.doj.gov ([10.222.4.21])
by mailsc32.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from mailsc32.usdoj.gov (mailsc32.usdoj.gov [149.101.10.168])
by emsagent1.doj.gov (8.14.1/8.14.1) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from emsagent1.doj.gov ([10.222.4.19])
by mailsc32.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from mailsc32.usdoj.gov (mailsc32.usdoj.gov [149.101.10.168])
by emsagent1.doj.gov (8.14.1/8.14.1) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from emsagent1.doj.gov ([10.222.4.38])
by mailsc32.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from mailsc29.usdoj.gov (mailsc29.usdoj.gov [149.101.10.171])
by emsagent1.doj.gov (8.14.1/8.14.1) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from emsagent1.doj.gov ([10.222.4.38])
by mailsc29.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from mailsc32.usdoj.gov (mailsc32.usdoj.gov [149.101.10.168])
by emsagent1.doj.gov (8.14.1/8.14.1) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from emsagent1.doj.gov ([10.222.4.48])
by mailsc32.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from mailsc30.usdoj.gov (mailsc30.usdoj.gov [149.101.10.163])
by emsagent1.doj.gov (8.14.1/8.14.1) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from xxxxxxx.kasserver.com (xxxxxxx.kasserver.com [xx.xx.xx.xxxx])
by mailsc30.usdoj.gov (8.14.4/8.14.4) with ESMTP ID: [ID filtered]
for <poor [at] spamvictim.tld>; Thu, 7 Jul 2011 xx:xx:xx -0400
Received: from systems-cb169f5 (unknown [94.97.9.67])
by xxxxxxx.kasserver.com (Postfix) with ESMTPA ID: [ID filtered]
for <poor [at] spamvictim.tld>; Fri, 8 Jul 2011 xx:xx:xx +0200 (CEST)
MIME-Version: 1.0
Date: Fri, 08 Jul 2011 xx:xx:xx +0300
X-Priority: 3 (Normal)
Subject: The IRS Summer 2011
From: info [at] adresse.com
Reply-To: SummerForum2011 [at] irs.gov
To: "Federal Prison Industries Inc" <poor [at] spamvictim.tld>
Content-Type: multipart/mixed;
boundary="-----_chilkat_15d_0f2e_25ade296.b700cb9b_.MIX"
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
Message-ID: [ID filtered]
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000
definitions=2011-07-07_09:2011-07-07,2011-07-07,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=25
phishscore=6 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx
scancount=1 engine=6.0.2-1012030000 definitions=main-1107070207

This is a multi-part message in MIME format.

kjz1
08.07.2011, 12:55
Nun ja, ein direkter Joe Job ist das nicht, eher Backscatter. Und da sind 300 Mails am Tag eher wenig....

http://de.wikipedia.org/wiki/Backscatter_%28E-Mail%29

Da kann man wenig machen, ausser Filtern und Aussitzen. Meine Erfahrung: nach einigen Tagem hört das immer wieder von selbst auf.

Evtl. kann man auch noch hiermit filtern:

http://www.backscatterer.org/?target=usage

- kjz

idontlikespam
08.07.2011, 13:56
Wow. Der Erfindungsreichtum kennt keine Grenzen. Ich schau mir das mal näher an.

Goofy
09.07.2011, 11:38
Eventuell wäre auch noch ein Hinweis auf der eigenen HP angebracht, weil man damit zumindest teilweise verhindern kann, mit der Spamlawine in Verbindung gebracht zu werden.

idontlikespam
09.07.2011, 13:57
Am besten im Impressum ?

hoppala
09.07.2011, 15:09
Besser auf der Seite, wo jemand als erstes hinschaut. Impressum ist natürlich auch ok, wenn das bei der Websuche mit dem Namen oder der Mail-Adresse als erstes erschient, aber normalerweise sollte es eher die Einstiegsseite sein.
Allerdings sollte man sich da keine Illusionen machen: Auf die Webseite schauen die allerwenigsten, und wer sie sich anschaut, ist oft technisch genügend versiert, um den Backscatter schon vorher zu erkennen. Der Effekt dürfte also minimal sein, aber wenn's ein gutes Gefühl gibt, warum nicht?

Hoppala

alariel
10.07.2011, 11:24
Von Zeit zu Zeit erhalte ich auch jede Menge Backscatter. Bei mir hat sich aber noch nie jemand deswegen gemeldet.