Bounced email, even though i didn't send it.
I found a number of bounced emails today on my personal domain.
I've not sent these, none of the names are valid email accounts.
VALDO_PC is not a recognised computer.
I don't recognise the IP either, which incidentally appears to be from Mexico 5500 miles way.
They are obviously spoofing my domain name and using it as the return and unsubscribe address.
Firstly, is there anything I can do to stop these, even though i'm pretty confident that they haven't originated from my server.
And could these harm the reputation of the domain ?
(HTML content has been removed)
Received: from BY2PR01CA0043.prod.domain.com (10.255.242.33) by
BN1PR01MB246.prod.domain.com (10.242.213.15) with Microsoft SMTP Server
(TLS) id 15.1.59.20; Tue, 20 Jan 2015 01:25:15 +0000
Received: from BN1AFFO11FD022.protection.gbl (2a01:111:f400:7c10::137) by
BY2PR01CA0043.outlook.domain.com (2a01:111:e400:2c76::33) with Microsoft
SMTP Server (TLS) id 15.1.59.20 via Frontend Transport; Tue, 20 Jan 2015
01:25:14 +0000
Received: from VALDO-PC (201.166.200.121) by
BN1AFFO11FD022.mail.protection.outlook.com (10.58.52.82) with Microsoft SMTP
Server id 15.1.75.11 via Frontend Transport; Tue, 20 Jan 2015 01:25:12 +0000
From: Karina <[COLOR="#FF0000">yvette.someuser@mydomain.co.uk>
To:
Subject: Hi, my dear friend!
Date: Mon, 19 Jan 2015 19:25:12 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="MIMEBoundarya3ec53c3028505419fa43e2dde0eace7"
List-Unsubscribe:
Reply-To: <[COLOR="#FF0000">yvette.someuser@mydomain.co.uk>
Message-ID:
Return-Path: [COLOR="#FF0000">yvette.someuser@mydomain.co.uk
X-EOPAttributedMessage: 0
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
[COLOR="#FF0000">mydomain.co.uk discourages use of 201.166.200.121 as permitted sender)
Authentication-Results: spf=softfail (sender IP is 201.166.200.121)
smtp.mailfrom=[COLOR="#FF0000">yvette.schmitterymcx@mydomain.co.uk; domain.com; dkim=none
(message not signed) header.d=none;domain.com; dmarc=permerror action=none
header.from=mydomain.co.uk;
X-Forefront-Antispam-Report: CIP:201.166.200.121;CTRY:MX;IPV:NLI;EFV:NLI;
X-DmarcAction-Test: None
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:(3005004);SRVR:BN1PR01MB246;
--MIMEBoundarya3ec53c3028505419fa43e2dde0eace7
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: binary
-MIMEBoundarya3ec53c3028505419fa43e2dde0eace7---
I've done a little digging, and it appears that these are SPF soft fail rejects. Changing "~all" to "-all" in my spf record will turn these to hard fails which will then be dropped rather than bounced. Is this correct, and are there any implications if i change this ? 0 -
]I've done a little digging, and it appears that these are SPF soft fail rejects. Changing "~all" to "-all" in my spf record will turn these to hard fails which will then be dropped rather than bounced. Is this correct, and are there any implications if i change this ?
Hello :) The consensus is to avoid hard fails on SPF records since it breaks email forwarding unless the forwarding server uses SRS. The "~all" entry is generally preferred since it gets messages from non-standard senders bumped up in spam detection systems, but doesn't outright fail them. Thank you.0 -
I have run it for a few days with "-all" and those bounce messages have stopped. If i enable "~all", can you suggest a way to drop those bounced messages. I don't want the house keeping involved with having to delete them 0 -
You could setup a custom filter rule that discards the bounced messages if you prefer to use soft fails. Thank you. 0
Please sign in to leave a comment.
Comments
4 comments