Welcome to the MacNN Forums.

msuper69 · Jul 18, 2010, 07:52 AM

I've just recently started getting a lot of bogus messages similar to this:

From: Mail Delivery Subsystem <MAILER-DAEMON@ogham.futhark.ch>
Subject: Returned mail: see transcript for details
Date: July 18, 2010 7:40:03 AM EDT
To: xxxxxxxxxxxx <xxxxxxx@xxxx.com>
The original message was received at Sun, 18 Jul 2010 11:21:35 GMT
from [41.249.29.114]

----- The following addresses had permanent fatal errors -----
<biggerd@futhark.ch>
(reason: 550 5.1.1 User unknown)

----- Transcript of session follows -----
550 5.1.1 <biggerd@futhark.ch>... User unknown
Reporting-MTA: dns; ogham.futhark.ch
Arrival-Date: Sun, 18 Jul 2010 11:21:35 GMT

Final-Recipient: RFC822; biggerd@futhark.ch
X-Actual-Recipient: RFC822; biggerd@ogham.futhark.ch
Action: failed
Status: 5.1.1

--------------------------------------

Now I know this is some kind of scam or social engineering attempt but I don't see how it's supposed to work.

Anybody seen this kind of stuff before?

ghporter · Jul 18, 2010, 08:21 AM

Not necessarily a scam. It could be that someone has used your email address in the "from" field for spam. This happens to me on one of my public addresses every now and then. I've wound up either writing a rule to trash "mailer daemon" mail or simply ignoring these replies.

msuper69 · Jul 18, 2010, 08:25 AM

Originally Posted by ghporter

Not necessarily a scam. It could be that someone has used your email address in the "from" field for spam. This happens to me on one of my public addresses every now and then. I've wound up either writing a rule to trash "mailer daemon" mail or simply ignoring these replies.

Yeah, it's probably somebody using my email address.

I've had the same email address for about 10 years now. I think it's time to start fresh and NEVER post the new address on the Internet. MobileMe lets you set up alias so I could use one of them for those times when places like Amazon.com require an email address. If that alias gets compromised I think you can delete it and create a replacement. Not sure about the MobileMe rules regarding aliases.

Thanks!

mduell · Jul 18, 2010, 10:49 AM

Yea, looks like backscatter to me.

seanc · Jul 18, 2010, 02:25 PM

You don't have your own mail server do you?

pcryan5 · Jul 18, 2010, 04:18 PM

Originally Posted by msuper69

MobileMe lets you set up alias so I could use one of them for those times when places like Amazon.com require an email address.

I attend a few tech conferences each year and create an alias for each one. The amount of post conference spam your mandatory badge scanning generates is quite the bore. I simply filter the email into the matching folder and review whenever.

mduell · Jul 20, 2010, 06:02 PM

Was there any javascript in the message? Apparently it's a new attack that Google is now blocking.

msuper69 · Jul 20, 2010, 07:07 PM

Originally Posted by mduell

Was there any javascript in the message? Apparently it's a new attack that Google is now blocking.

How can I tell? It looks like a plain text message to me.