An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 1 of 2 1 2 >
Topic Options
#8638 - 02/28/10 12:43 PM Email: replies from emails I did not send
Bensheim Offline


Registered: 08/16/09
Loc: UK
I'm only posting this new topic because it irritates me - no worse than that - I'm not angry, just irritated, and it's been going on for years and years.

Situation (1): I used to be frequent flier and am a member of that airline's club. As a result I get regular emails from that airline alerting me to deals. ALL are from "noreply@......

I have never replied to any of them, of course.

Question: So why, every time they send me one of these emails, do I get multiple emails back to me, saying that my email has been rejected????

Here is one of them, just received, automatically, as a result of them having sent something to me:

This message was created automatically by mail delivery software.
A message that you sent has not yet been delivered to one or more of its
recipients after more than 72 hours on the queue on garm.silverserve.com.

The message identifier is: 1NkZVR-00026F-BJ
The subject of the message is: Your email requires verification verify#SCffAYECs8uX8UP1qTw7_vhAqndbqm4p
The date of the message is: Thu, 25 Feb 2010 08:55:37 +0000

The address to which the message has not yet been delivered is:

noreply@flyingblue.com

No action is required on your part. Delivery attempts will continue for
some time, and this warning may be repeated at intervals if the message
remains undelivered. Eventually the mail delivery software will give up,
and when that happens, the message will be returned to you.


I DID NOT EMAIL THEM! THERE ARE NO REPLIES TO HAVE "FAILED"!

Situation (2): A local wine bar sends us emails about upcoming events. I have never replied to a single one of these alerts. (I don't need to, I speak to them in person.)

Yet, every time they email me, my email program then sends me three or four emails, telling me that my replies have failed.

I DID NOT EMAIL THEM! THERE ARE NO REPLIES TO HAVE "FAILED"!

Just describing this has moved me beyond irritation, apparently. It's just another glitch though, I'm not going round the bend with mysterious bouncebacks which I never sent in the first place.

Any ideas as to why, anyone? Thanks.

Top
#8646 - 02/28/10 08:00 PM Re: Email: replies from emails I did not send [Re: Bensheim]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
canned reply for people with greylisting problems:

your ISP is "greylisting".

Basically when an email arrives at your mailserver addressed to you, the FROM is checked against a whitelist for your account. If the address is whitelisted, then the email is delivered immediately.

if NOT, then the mailserver spoofs an "i'm busy, please send this to me again later when I'm not busy, how about 15 minutes from now", and you do NOT get the mail.

If within 15 minutes the SMTP mailserver that generated the mail sends it again, the address is added to the whitelist and you get the mail. This means the first time someone emails you it will take 15-20 minutes for you to receive their email, but the rest after that will be fast as usual.

Spambots are rarely "RFC-compliant" to do with delay responses. They can't use their host ISP's SMTP server to relay mail because they'll be quickly identified and the account blocked by the ISP, so they run their own internal SMTP system on the infected computer. They have millions of other people to spam, and don't have time to pay attention to delay messages, and as such never queue and resend the spam. (they are "not RFC compliant") So greylisting is very effective against spammers.

You appear to be receiving regular emails from an "RFC Ignorant" mailing system that is direct mailing instead of relaying through their local SMTP server. (or their local SMTP is ignorant) Either way, technically the problem is on their end. But practically, you may just need to find a way to access your whitelist and add them to shut it all up.


OOOOKAY now for your personalized response now that you have the background on greylisting:

A spamzombie has YOUR email address in its database. When it blasts its spam, it randomly picks one of the many in its list to put into the "FROM" field of the spam it sends to everyone. Sometimes it's YOUR address. So when it spams to a greylisting server, it bounces the "try later" back to the sender, in the FROM field... to you.

There is very little you can do about this. Sorry. You're collateral damage in the war on spam. Consider yourself lucky. This zombie apparently is picking randomly so you're only getting hit a little bit. SOME zombies pick a specific sucker in their list to put in ALL the from's for an entire batch they send. This can easily result in thousands of what they refer to as "backscatter spam" getting sent to a single person's address from a bunch of greylisting servers. Again, there's really nothing you can do about that short of put a rule filter on your inbox to trash it on sight. Be grateful it's easy to Rule on because it's consistent, unlike the spam itself that tries very hard to be difficult to filter.
_________________________
I work for the Department of Redundancy Department

Top
#8664 - 03/01/10 02:08 PM Re: Email: replies from emails I did not send [Re: Virtual1]
Ira L Offline


Registered: 08/13/09
Loc: California
Originally Posted By: Virtual1

A spamzombie has YOUR email address in its database. When it blasts its spam, it randomly picks one of the many in its list to put into the "FROM" field of the spam it sends to everyone. Sometimes it's YOUR address. So when it spams to a greylisting server, it bounces the "try later" back to the sender, in the FROM field... to you.


This explanation makes sense except the original post said the bounces were from organizations that he knew and may have subscribed to at one time. Would a spambot target in this manner? Too coincidental? If Benheim had no association with the organizations in the bounced messages, that to me would make more sense.
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#8671 - 03/01/10 10:09 PM Re: Email: replies from emails I did not send [Re: Virtual1]
Kevin M. Dean Offline


Registered: 08/04/09
Loc: Florida
Greylisting is definitely an interesting possibility although the one's I've seen work and the mailserver level and I haven't seen them generate email responses. The other possibility is an Auto-Responder is setup either in the Mail application itself or in a server-side control panel, such as a Vacation Auto-Reply or Out-of-Office reply.
_________________________
iMac 2.7 GHz Core i5, 12 GB RAM, OS X 10.9, Int SATA 1 TB, Ext Fire 2 TB / 1 TB / 1 TB / 500 GB / 300 GB
Former MacFixIt Forums member since 11/17/99
www.rhubarbproductions.com

Top
#27525 - 11/23/13 06:55 AM Re: Email: replies from emails I did not send [Re: Ira L]
Bensheim Offline


Registered: 08/16/09
Loc: UK
This problem has increased massively. Every time I fetch mail, which is several times per day, there are 15-20 of these waiting. Since November 20th I have had 100 of them.

They all look like this:

Quote:
This message was created automatically by mail delivery software.
A message that you sent has not yet been delivered to one or more of its
recipients after more than 72 hours on the queue on garm.silverserve.com.

The message identifier is: 1Vj0jt-0005dR-2Q
The subject of the message is: Your email requires verification verify#6fZHbeG42aFTdSc8eZMkR-1384926853
The date of the message is: Wed, 20 Nov 2013 05:54:13 +0000

The address to which the message has not yet been delivered is:

xivjds@iwx.com

No action is required on your part. Delivery attempts will continue for
some time, and this warning may be repeated at intervals if the message
remains undelivered. Eventually the mail delivery software will give up,
and when that happens, the message will be returned to you.


They are ALL from spam bastards. I have never sent any of them any messages: I am not that stupid. I now spend a considerable part of my daily life deleting these ****ing messages, and have to do that twice per email address; once on the Mac's mailbox and again on the ISP's webmail where copies accumulate. Then I have to clear out webmail's spam folder too.

Sigh.

Top
#27534 - 11/25/13 08:53 AM Re: Email: replies from emails I did not send [Re: Bensheim]
Bensheim Offline


Registered: 08/16/09
Loc: UK
(Since no one replied) in the interim I have learned that this is known as Backscatter also known as outscatter, misdirected bounces, blowback or collateral spam, and that there is nothing I can do about it.

http://www.spamresource.com/2007/02/backscatter-what-is-it-how-do-i-stop-it.html


Top
#27536 - 11/25/13 12:17 PM Re: Email: replies from emails I did not send [Re: Bensheim]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
With a little care in choosing what phrase to cue on, you should be able to create a Mail rule that will automatically delete these messages before you see them. They will still take up bandwidth and disk space but at least you will not have to spend the time or deal with the annoyance of deleting them.
_________________________
joemikeb • moderator

Top
#27540 - 11/25/13 01:30 PM Re: Email: replies from emails I did not send [Re: joemikeb]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Originally Posted By: joemikeb
With a little care in choosing what phrase to cue on, you should be able to create a Mail rule that will automatically delete these messages before you see them. They will still take up bandwidth and disk space but at least you will not have to spend the time or deal with the annoyance of deleting them.


Hi Joe!

Sounds good to me. Please advise in more detail.
Many thanks.


Top
#27542 - 11/25/13 02:17 PM Re: Email: replies from emails I did not send [Re: Bensheim]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
To create a rule go to Mail > Preferences > Rules > Add Rule

A possible rule might look something like the following…
Quote:
Description: Annoyance Spam

If All: of the following conditions are met
Message content: Contains: A message that you sent has not yet been delivered

Perform the following actions:
Delete message
Stop evaluating rules

If you have one of the offending messages selected and you choose a condition such as subject or from Mail will automatically pull in the corresponding text from the selected message. Try to choose something that will be unique to these messages. You can make the rules more selective by adding conditions.

  • The stop evaluating command saves some processing time when a message has been identified.
  • Once the rule is established it will automatically be applied to any incoming message.
  • be sure and check your trash frequently until you know you are not inadvertently selecting messages you don't want to delete
  • Rules are evaluated in order from the top of the list to the bottom and you can drag and drop rules up and down to be sure they are evaluated in the order you want. If you are clever, and I have reason to believe you are from your posts here, you can do a lot with rules and/or sets of rules.
  • If you want to get really fancy rules can execute AppleScripts or Automator Workflows and trigger actions outside of Mail.
_________________________
joemikeb • moderator

Top
#27585 - 11/29/13 09:34 AM Re: Email: replies from emails I did not send [Re: joemikeb]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Hi Joe

These things come in waves, and that wave concluded itself yesterday. Today another one started, so I have just done exactly what you said.

Watch this space!

and thanks

Top
#27592 - 11/30/13 02:18 AM Re: Email: replies from emails I did not send [Re: Bensheim]
Bensheim Offline


Registered: 08/16/09
Loc: UK
For Information:

I got another this morning, and investigation shows that that didn't work because of this, from Mail Help:

Mail stops applying rules when:


The Stop Evaluating Rules action is specified in a rule.



I've now edited that out.

Top
#27596 - 11/30/13 10:32 AM Re: Email: replies from emails I did not send [Re: Bensheim]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Update some hours later.
Another one has come through. I therefore conclude that that mail preferences rule thing doesn't work.

confused

This is bad news. Within about a week on past form, the new go-around of about 100/week will start again.


Top
#27619 - 12/07/13 09:47 AM Re: Email: replies from emails I did not send [Re: Bensheim]
Bensheim Offline


Registered: 08/16/09
Loc: UK
One week later (is anyone reading this?) some more started coming through. I then realised that I had to go to another computer nearby and apply the same Rule.

Having applied that Rule there, to my aquinty-eyed disbelief, when I clicked on Get Mail, those which appeared on my computer did not appear on his.

This makes me ask: at what point does the Rule get applied? It must be before the Get Mail's action, gets the mail into that mailbox. I'd have thought - but it seems that I'm wrong - that a Rule is applied after Getting Mail?

Very strange.


Top
#27620 - 12/07/13 01:13 PM Re: Email: replies from emails I did not send [Re: Bensheim]
joemikeb Online
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
The Mail rules are being evaluated in your computer, therefore the message has to have been fetched to your computer in order to be evaluated. From there on where it goes or does not go depends on multiple factors:
  1. If the rules, or you, move the message to a folder "On My Mac" that message is deleted from the server and will only exist in the file on your Mac.
  2. If your server is POP3, the message is normally deleted from the server when it is read and will only be visible on the first computer that read the message, ie. it is "On My Mac". There are exceptions to this, but for simplicity I will ignore those for now.
  3. If your email server is IMAP, the message is fetched to the reading computer for processing, but a copy remains on the IMAP server marked as Read. The copy on the reading computer is ephemeral. If the Mail rules move that message to another mailbox on the IMAP server then anyone else accessing that account will see the read message located in the mailbox where the first computer put it. If it is moved to another IMAP mailbox everyone will see the message in this new mailbox, but if it is moved to a mailbox "On My Mac" the message is deleted on the IMAP server and thereafter will only appear On My Mac.
  4. Note there is a rule option to Copy as well as an option to Move, and then things can begin to get complicated/confusing.
_________________________
joemikeb • moderator

Top
#27621 - 12/08/13 08:34 AM Re: Email: replies from emails I did not send [Re: joemikeb]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Hi Joe

The rule I activated wasn't working. The latest cycle of irritating bouncebacks (replies to emails which I did not send) has started again.

With three of them up in my inbox, I changed the rule to Subject Contains, and then the word Warning, since they all start like that. When I clicked OK, all three were zapped into the Trash folder.

The only downside I can think of, since that clearly works, is very very occasionally, I send a legitimate email to someone who's mailbox is full, or they've changed their email address or something like that. So I'll just keep an eye on the Trash folder to check that that's not happening now and then.

Some progress at last. wink

Top
#27634 - 12/10/13 02:38 PM Re: Email: replies from emails I did not send [Re: Bensheim]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: Bensheim
(Since no one replied) in the interim I have learned that this is known as Backscatter also known as outscatter, misdirected bounces, blowback or collateral spam, and that there is nothing I can do about it.

http://www.spamresource.com/2007/02/backscatter-what-is-it-how-do-i-stop-it.html



I was late to the thread and would have replied, but that covers it all nicely, well done.
_________________________
I work for the Department of Redundancy Department

Top
#27639 - 12/10/13 03:36 PM Re: Email: replies from emails I did not send [Re: Virtual1]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Update: this is working almost too well! As I watch Get Mail get, say 14 messages, only 10 appear in my inbox. The others are identified and ZAPPED instantaneously. They don't appear in the Trash folder either! (I double-checked by logging into my ISP's webmail server where copies of all messages are saved until I manually delete them, and there they were, the irritating bouncebacks.)

There may be a down-side to this efficient filter.....

Top
#27642 - 12/10/13 05:28 PM Re: Email: replies from emails I did not send [Re: Bensheim]
artie505 Online


Registered: 08/04/09
In your rule, have you selected a destination for your zapped e-mails?

I see here that one option is "None Selected", which may be your current option, and that "Trash", et. al. are others.
_________________________
The new Great Equalizer is the SEND button.

Top
#27655 - 12/11/13 04:42 AM Re: Email: replies from emails I did not send [Re: Bensheim]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: Bensheim
They don't appear in the Trash folder either!

I started using "Rules" a few years ago and found it to be a great tool for eliminating junk before it ever hit my drive. I selected Trash and that seems to send the mail somewhere into the ether, which is fine with me.

I now get very little junk mail and, when I do, I dispatch it in the same way. The only junk I deal with differently is "Phishing" that gives the appearance of being a legitimate company like Apple or a bank, et cetera.

With those I just expand the headers to "long" and forward them to the Spam department of whichever company is being misrepresented, as well as to my ISP.

Originally Posted By: Bensheim
There may be a down-side to this efficient filter.....

You want to make sure to write your rules carefully and make sure that they refer to things very specific to the offender but not to someone else. For example, if you get....

Mail from Sarah Offender that you want to ace.

and

Mail from Sarah Friend that you want to receive.

....you would be well advised not to use "Sarah" in your rule or you may find you're no longer getting mail from your friend.


Edited by ryck (12/11/13 04:45 AM)
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX712 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#27668 - 12/12/13 07:37 AM Re: Email: replies from emails I did not send [Re: artie505]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Originally Posted By: artie505
In your rule, have you selected a destination for your zapped e-mails?

I see here that one option is "None Selected", which may be your current option, and that "Trash", et. al. are others.


I changed the Rule from 'delete' to 'move to trash'. Now I can see the number coming in, say 25, out of which only 10 appear in my inbox. The trash box has in the last two days alone, gathered 31 of these irritating and erroneous bouncebacks.

It seems crazy to me that my mail ISP's servers are working so hard to shunt through this junk, when the problem originates with them in the first place. But at least I don't have them cluttering up my inbox any more.

Top
#27669 - 12/12/13 07:42 AM Re: Email: replies from emails I did not send [Re: ryck]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Re: Phishing, some of them are really authentic-looking, but like all systems, I'm learning.

For instance, whenever I transact with HMRC (a Government website) on legitimate business, within hours I get two or three Phishing emails purporting to come from the same place. All with zip files attached, which HMRC never do.

The exact same thing applies to Companies House (another part of the Government), when the Phishing emails try to scare me with news that my submission was refused, or that an unknown person or persons have made an official complaint about our company. All with zip files attached, which Companies House never do.

Top
#27671 - 12/12/13 09:07 AM Re: Email: replies from emails I did not send [Re: Bensheim]
artie505 Online


Registered: 08/04/09
You might consider creating a separate folder to which to direct your bouncebacks so they don't clutter up your "legitimate" trash folder.

This will also make it easier for you to determine that everything your rule thinks is a bounceback actually is one.
_________________________
The new Great Equalizer is the SEND button.

Top
#27672 - 12/12/13 10:44 AM Re: Email: replies from emails I did not send [Re: Bensheim]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: Bensheim
....whenever I transact with HMRC (a Government website) on legitimate business, within hours I get two or three Phishing emails purporting to come from the same place. All with zip files attached, which HMRC never do.

Originally Posted By: Bensheim
The exact same thing applies to Companies House (another part of the Government), when the Phishing emails try to scare me with news that my submission was refused, or.... All with zip files attached, which Companies House never do.

There are folks on this site who know vastly more than me about this kind of stuff, but the fact that you get responses immediately after communicating with these agencies raises a question in my mind. How do the Phishers know exactly when you have communicated?

In my simple-minded approach, I wonder if either of two things has occurred. Has something been placed in your system that tells the Phisher about your outgoing correspondence? Or, have these agencies been infected with something that advises when correspondence (from you or others) is arriving?

As I said, I can only guess but it would be interesting to hear from the folks more enlightened than me.


Edited by ryck (12/12/13 10:44 AM)
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX712 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#27673 - 12/12/13 12:31 PM Re: Email: replies from emails I did not send [Re: Bensheim]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: Bensheim
For instance, whenever I transact with HMRC (a Government website) on legitimate business, within hours I get two or three Phishing emails purporting to come from the same place. All with zip files attached, which HMRC never do.


This would worry me a bit. There are only a handful of possible answers to this question.

1. your computer is compromised. software is installed or altered to communicate with the phishers

2. something is intercepting your communications
- the web site you are using isn't using ssl, allowing interception of traffic at various places on the internet
- the web site itself is using ssl, but is submitting forms via plain http POST traffic, allowing interception of traffic at various places on the internet
- another computer on your LAN is monitoring the traffic and is communicating with the phishers
- a computer on the government LAN is monitoring the traffic and is communicating with the phishers

3. the government computer is compromised. software is installed or altered to communicate with the phishers

4. your email provider's LAN or mail server is compromised


None of this can be ruled out without investigation. It is all possible. You can take steps to isolate / rule out factors. For example, if you take your laptop to another location and it doesn't occur, you have a LAN issue. Using another computer at your same location set up identically (same www and email settings) that doesn't get this response suggests your computer is compromised. Using your iPhone/4g to email the request (using identical mail settings) that triggers the response rules out your LAN and computer. Selecting to send using a different SMTP server (such as gmail), all other factors being unchanged, and not getting a response, strongly implicates your email provider. (I would count that as the greatest odds of being the problem)

Remember, no one is above suspicion. If your email provider is gmail, and you don't get a response when you send via media com's SMTP server, google IS the leak. Trust no one completely.
_________________________
I work for the Department of Redundancy Department

Top
#27676 - 12/13/13 10:11 AM Re: Email: replies from emails I did not send [Re: Virtual1]
Bensheim Offline


Registered: 08/16/09
Loc: UK
Originally Posted By: Virtual1
Originally Posted By: Bensheim
For instance, whenever I transact with HMRC (a Government website) on legitimate business, within hours I get two or three Phishing emails purporting to come from the same place. All with zip files attached, which HMRC never do.


This would worry me a bit. There are only a handful of possible answers to this question.

1. your computer is compromised. software is installed or altered to communicate with the phishers


This seems very unlikely indeed, but how would I check that?

Quote:
2. something is intercepting your communications
- the web site you are using isn't using ssl, allowing interception of traffic at various places on the internet
- the web site itself is using ssl, but is submitting forms via plain http POST traffic, allowing interception of traffic at various places on the internet
- another computer on your LAN is monitoring the traffic and is communicating with the phishers
- a computer on the government LAN is monitoring the traffic and is communicating with the phishers


The other computers on this LAN are all in this office and only two people use them; the other one is completely non-technical.....

Quote:
3. the government computer is compromised. software is installed or altered to communicate with the phishers


This wouldn't surprise me, the same thing happens with UK banks who in addition to HMRC and Companies House have found it necessary to put Phishing Warnings on their front pages.

Quote:

4. your email provider's LAN or mail server is compromised

Hmmm.........

Quote:
None of this can be ruled out without investigation. It is all possible. You can take steps to isolate / rule out factors. For example, if you take your laptop to another location and it doesn't occur, you have a LAN issue. Using another computer at your same location set up identically (same www and email settings) that doesn't get this response suggests your computer is compromised. Using your iPhone/4g to email the request (using identical mail settings) that triggers the response rules out your LAN and computer. Selecting to send using a different SMTP server (such as gmail), all other factors being unchanged, and not getting a response, strongly implicates your email provider. (I would count that as the greatest odds of being the problem)


I/we have no laptop (not required), I/we have no iphone either.

BTW, when communicating with these Government websites, it is not done by email. Submitting (mandatory) forms and requesting information is all done directly on their websites. No email transactions.

Quote:
Remember, no one is above suspicion. If your email provider is gmail, and you don't get a response when you send via media com's SMTP server, google IS the leak. Trust no one completely.


I don't use gmail either.......THANKS for your input, which is/was thought-provoking, but I still think that that is coincidence. For instance, I also get Phishing emails from airlines I have never used, "containing" my "e-tickets". Also from carriers such as UPS, "containing" my "tracking information", when there are no such air tickets nor delivery documents. All of these have zip attachments which proves to anyone who knows anything, that they are spam and probably viral spam destined for M/soft computers. Real e-tickets are in plain view, real tracking information ditto.

Further examination of my business email's on-line settings blizzard of icons today, reveals that I am also applying Spam Assassin to everything going through. The filter level was set at 3, I have upped it to level 5. I honestly don't think this will make much difference, but it can't do any harm.

The endless War against Spam. Sigh.

Top
Page 1 of 2 1 2 >

Moderator:  alternaut, dianne, MacManiac