Failed delivery reports on my xtra email, spam or compromised email account?

Forums › Spark New Zealand (including Skinny and BigPipe) › Failed delivery reports on my xtra email, spam or compromised email account?

surfisup1000

5288 posts

Uber Geek

#243533 16-Dec-2018 21:33

I am getting a lot of these failed delivery emails to my xtra account ....

Hello, this is the mail server on bisko.win.

I am sending you this message to inform you on the delivery status of a

message you previously sent. Immediately below you will find a list of

the affected recipients; also attached is a Delivery Status Notification

(DSN) report in standard format, as well as the headers of the original

message.

In the attachment...

Reporting-MTA: dns;bisko.win
X-PowerMTA-VirtualMTA: mta-144.217.22.102
Received-From-MTA: dns;bwada3.xyz (144.217.22.102)
Arrival-Date: Fri, 7 Dec 2018 00:42:47 +0000

Final-Recipient: rfc822;zzzzzzzzzzzzzz@xtra.co.nz
Action: failed
Status: 5.7.1 (delivery not authorized)
Remote-MTA: dns;mx.xtra.co.nz (210.55.143.33)
Diagnostic-Code: smtp;554 5.7.1 Message rejected due to possible spam content
X-PowerMTA-BounceCategory: spam-related

Does this mean someone has my xtra email account settings like password?

Or , is it just spam to confuse me?

gehenna

8495 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#2146290 16-Dec-2018 21:41

Doesn't look legit

surfisup1000

5288 posts

Uber Geek

#2146292 16-Dec-2018 21:47

gehenna: Doesn't look legit

You mean these are not real failed delivery reports?

I don't get why people would send these, what is the point? There is only the txt attachment which cannot store malware, no malicious links , maybe just to annoy for the fun of it?

Oblivian

7296 posts

Uber Geek

ID Verified

#2146297 16-Dec-2018 21:54

It will be using your xtra account (nabbed in previous breaches) as the 'from' address.

While sending to another person with the recipient xtra address.

And for once, someones mail server is onto it. All those .win domains are commonly what sends the junk survey emails to/from xtra.

When its stopped, you get the notification being the apparent sender. My gmail is full of them ironically from the xtra servers attempting detecting spam as it tries to send my xtra aliases to gmail. But not as it arrived.

This message was created automatically by the mail system (ecelerity). A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

xxx (reading confirmation): 554 5.7.1 Message rejected due to possible spam content

Reporting-MTA: dns; xtra.co.nz Arrival-Date: Fri, 30 Nov 2018 22:28:53 +0000 Last-Attempt-Date: Fri, 30 Nov 2018 22:28:53 +0000 Remote-MTA: dns; 10.23.30.55 Diagnostic-Code: smtp; 554 5.7.1 Message rejected due to possible spam content Status: 5.7.1 Final-Recipient: rfc822; mygmailacct Action: failed

hio77

12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

#2146311 16-Dec-2018 21:58

surfisup1000:

Reporting-MTA: dns;bisko.win

known for being hosted on a OVH server, reports for phishing and email scams.

That's also not how xtra bounces mails.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Oblivian

7296 posts

Uber Geek

ID Verified

#2146313 16-Dec-2018 22:04

hio77:

known for being hosted on a OVH server, reports for phishing and email scams.

That's also not how xtra bounces mails.

If theres binning globally from other hosts to Xtra because of this finally.. YUS!!!!

The number of flag-as-spam reports of the originating host being VPS/OVH hosted from the get go of that outburst that peeved everyone off should have instigated something quicker than it did

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2146316 16-Dec-2018 22:17

Anyone can use any email on From: and Reply To: fields. Someone is sending using your email address so you receive the DND notifications. If in doubt, change your password, but likely unrelated.

surfisup1000

5288 posts

Uber Geek

#2146317 16-Dec-2018 22:18

OK, so there is nothing I can do about it.

I think someone may have actually emailed me once, asking me to stop sending them spam.

But I can't do anything about it as it doesn't actually come from me.

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

Oblivian

7296 posts

Uber Geek

ID Verified

#2146319 16-Dec-2018 22:20

surfisup1000:

OK, so there is nothing I can do about it.

I think someone may have actually emailed me once, asking me to stop sending them spam.

But I can't do anything about it as it doesn't actually come from me.

Not really. As an analogy..

You can slap on a stamp and post a letter of hatemail to someone you don't like. And put your bad santa uncles name and address on the back as a return to sender address.

It doesn't mean too much to prove if it was the actual sender..

Oblivian

7296 posts

Uber Geek

ID Verified

#2146660 17-Dec-2018 20:01

And if you needed more assurance..

One I got today

from:Xmas Specials <service @ bisko.win>

Of course it was dropped on the outgoing attempt not the inbound.

richms

28168 posts

Uber Geek

Trusted

Lifetime subscriber

#2146663 17-Dec-2018 20:07

surfisup1000:

gehenna: Doesn't look legit

You mean these are not real failed delivery reports?

I don't get why people would send these, what is the point? There is only the txt attachment which cannot store malware, no malicious links , maybe just to annoy for the fun of it?

Get you to click links in the fake bounce to give you malware. Nosy people want to see what they allegedly sent and its from what I was told a very effective way to get clicks.

Richard rich.ms