Guys
This mail could be considered off topic because it relates to email rather than FLOSS, but I value the opinions of list members so perhaps you will indulge me.
A friend of mine insists that he sees spam email from .ru domains whenever he gets an email from me. Naturally I find this claim a little odd so I asked him to send me some details. He sent me the mail below.
I think it is fairly clear that what he is seeing is backscatter from undeliverables where a spammer has used his email address as the (spoofed) sender. So far so predictable. However, the email he sent me includes a set of X headers inserted by an anti spam package called "Declude". One of those headers (X-Declude-Sender:) includes one of MY email address. My reading of the declude manual suggests that what should be shown here is HIS address (as the suspected sender).
Can anyone suggests what may be going on here? If a spammer were using my email address as the spoofed sender I would expect to get the bounce message, not him.
I have obfuscated both my friend's address and mine. I have also removed the "goo.gl" URL in the email because it was obviously hostile. The failed recipient address is the original, as are the IP addresses.
Best
Mick
----------------- email sample -------------------------------
-----Original Message----- From: System Administrator [mailto:System Administrator] Sent: 25 February 2014 09:26 To: my-friend@his-address.com Subject: Delivery Failure
Could not deliver message to the following recipient(s):
Failed Recipient: umnovai@kfker.ru Reason: Remote host said: 530 5.7.1 No such user!
-- The header and top 20 lines of the message follows --
Received: from Unknown (UnknownHost [112.241.213.245]) by mail.delawarewebs.com with SMTP; Tue, 25 Feb 2014 04:23:48 -0500 Message-ID: 8B4E322C08AD471651D1FEEAD2G1D34S@ogunb
Subject: =?windows-1251?B?7+4g8ODh7vLl?= Date: Tue, 25 Feb 2014 13:22:22 +0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0528_01CF322C.9D8C9660" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Live Mail 14.0.8289.726 X-MimeOLE: Produced By Microsoft MimeOLE V14.0.8089.726 X-Declude-Sender: my-address@mydomain.com X-Declude-Spoolname: 217461170.eml X-Declude-RefID: X-Declude-Note: Scanned by Declude 4.13.02 X-Declude-Scan: Outgoing Score [0] at 04:24:02 on 25 Feb 2014 X-Declude-Tests: None X-Country-Chain: X-Declude-Code: 0 X-HELO: Unknown X-Identity: 113.261.243.245 | | rma.ru
------=_NextPart_000_0528_01CF322C.9D8C9660 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable
=C4=EE=E1=F0=FB=E9 =E4=E5=ED=FC!
=D1=EF=E0=F1=E8=E1=EE, =F7=F2=EE =E7=E0=E8=ED=F2=E5=F0=E5=F1=EE=E2=E0=EB=E8= =F1=FC =F1=E8=F1=F2=E5=EC=EE=E9 "=C0=E2=F2=EE=EC=E0=F2=E8=F7=E5=F1=EA=EE=E9= =F2=EE=F0=E3=EE=E2=EB=E8 =E2 =E8=ED=F2=E5=F0=ED=E5=F2=E5" =D1=E8=F1=F2=E5=EC=E0 =EF=EE=EB=ED=EE=F1=F2=FC=FE =E0=E2=F2=EE=EC=E0=F2=E8= =E7=E8=F0=EE=E2=E0=ED=E0 =E8 =E4=EE=F1=F2=F3=EF=ED=E0 =E4=E0=E6=E5 =ED=EE= =E2=E8=F7=EA=E0=EC! =C2 =F1=E2=EE=E5=EC =C1=EB=EE=E3=E5 http://goo.gl/OBFUSCATED =FF =EE=EF=E8=F1= =E0=EB =F1=E8=F1=F2=E5=EC=F3 =E8 =E5=E5 =EF=F0=E5=E8=EC=F3=F9=E5=F1=F2=E2= =E0, =F2=E0=EA-=E6=E5 =EF=F0=E8=E2=E5=EB =E8=ED=F1=F2=F0=F3=EA=F6=E8=FE =EF= =EE =F0=E0=E1=EE=F2=E5 =F1 =F1=E8=F1=F2=E5=EC=EE=E9! =CE=E7=ED=E0=EA=EE=EC=F2=E5=F1=FC =F1 =E8=ED=F1=F2=F0=F3=EA=F6=E8=E5=E9 =E8= =EC=EE=E6=ED=EE =EF=F0=E8=F1=F2=F3=EF=E0=F2=FC =EA =F0=E5=E3=E8=F1=F2=F0=
---------------------------------------------------------------------
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------