You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Chris <cp...@earthlink.net> on 2005/05/01 05:30:24 UTC
Reporting scams to fraudwatchinternational
I've been reporting scams to the above site since January. Suddenly today my
reports start getting kicked back with the below:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
admin@fraudwatchinternational.com
SMTP error from remote mailer after RCPT
TO:<ad...@fraudwatchinternational.com>:
host vhost3.netpresence.com.au [69.44.157.179]:
550 5.7.1 <ad...@fraudwatchinternational.com>... Relaying denied. Proper
authentication required.
Apparently something is either wrong with their site or they've gone private.
When trying to goto the website I'm asked to accept a certificate but its
issued by root@localhost.localdomain. This leads me to believe their site
may be hosed. Anyone know of any changes they've made?
Thanks
Chris
--
Chris
Registered Linux User 283774 http://counter.li.org
22:16:48 up 3 days, 16:18, 1 user, load average: 0.87, 0.43, 0.28
Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nothing is impossible for the man who doesn't have to do it himself.
-- A.H. Weiler
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Reporting scams to fraudwatchinternational
Posted by Jay Lee <jl...@pbu.edu>.
Kris Deugau said:
>> If you use a competent email client you will be offered the option
>> of keeping a local copy, which saves the redundant recipient.
>
> Some people deliberately turn this off. I'm not sure why. (I can
> *sort* of understand it for mailing list mail, but not for "direct"
> mail.)
>
>> Further, you should never assume that other recipients do not
>> see BCCs. That it entirely up to the settings of the recipient's email
>> client.
>
> If your MUA is actually adding a "real" header with BCC: information,
> it's broken. BCC isn't supposed to be a header in the usual sense; it's a
> way to tell your mail client to add extra SMTP RCPT TO: commands when
> sending the message. The recipients should NEVER see those extra
> recipients.
>
> The only way someone might find out about BCC'ed recipients is if they
> are the server admin (or have access to the mail logs) and are willing to
> spend the effort to wade through the logs tracking the message ID to see
> who got a copy. And that only applies in the case where the sender's SMTP
> server is also the destination; and partially applies if there are
> multiple recipients at a remote domain. If a remote domain only has one
> recipient in the list, they will NOT see any information regarding other
> recipients.
I've also seen broken mail servers that add headers based on the "rcpt
to:" so you should assume that recipients bcc or not on the same remote
server may be able to discover each other. But if you're confident your
mail server/client isn't doing something stupid then there should be no
way for user@domain.com to discover the message was BCCed to
user@domain2.com.
Jay
--
Jay Lee
Network / Systems Administrator
Information Technology Dept.
Philadelphia Biblical University
--
Re: Reporting scams to fraudwatchinternational
Posted by Kris Deugau <kd...@vianet.ca>.
John Andersen wrote:
> If you use a competent email client you will be offered the option
> of keeping a local copy, which saves the redundant recipient.
Some people deliberately turn this off. I'm not sure why. (I can
*sort* of understand it for mailing list mail, but not for "direct"
mail.)
> Further, you should never assume that other recipients do not
> see BCCs. That it entirely up to the settings of the recipient's
> email client.
If your MUA is actually adding a "real" header with BCC: information,
it's broken. BCC isn't supposed to be a header in the usual sense;
it's a way to tell your mail client to add extra SMTP RCPT TO: commands
when sending the message. The recipients should NEVER see those extra
recipients.
The only way someone might find out about BCC'ed recipients is if they
are the server admin (or have access to the mail logs) and are willing
to spend the effort to wade through the logs tracking the message ID to
see who got a copy. And that only applies in the case where the
sender's SMTP server is also the destination; and partially applies if
there are multiple recipients at a remote domain. If a remote domain
only has one recipient in the list, they will NOT see any information
regarding other recipients.
-kgd
--
Get your mouse off of there! You don't know where that email has been!
Re: Reporting scams to fraudwatchinternational
Posted by John Andersen <js...@pen.homeip.net>.
On Sunday 01 May 2005 02:26 pm, Martin G. Diehl wrote:
> Loren Wilton wrote:
> > Are yoiu cc-ing yourself on the reports? I've had stupid mail systems
> > kick back mail I sent to people claiming 'relaying denied' if I had a cc
> > that wasn't at the target destinaiton.
> >
> > Loren
>
> When I want to have a 'record' copy of that sort of correspondence ...
> I use bcc: to my self ... the other recipients don't see that.
Martin:
If you use a competent email client you will be offered the option
of keeping a local copy, which saves the redundant recipient.
Further, you should never assume that other recipients do not
see BCCs. That it entirely up to the settings of the recipient's
email client.
--
_____________________________________
John Andersen
Re: Reporting scams to fraudwatchinternational
Posted by "Martin G. Diehl" <md...@nac.net>.
Loren Wilton wrote:
> Are yoiu cc-ing yourself on the reports? I've had stupid mail systems kick
> back mail I sent to people claiming 'relaying denied' if I had a cc that
> wasn't at the target destinaiton.
>
> Loren
When I want to have a 'record' copy of that sort of correspondence ...
I use bcc: to my self ... the other recipients don't see that.
Martin
Re: Reporting scams to fraudwatchinternational
Posted by Chris <cp...@earthlink.net>.
On Sunday 01 May 2005 07:46 am, Chris wrote:
>
> Nope, I finally managed to get an email off to the tech- support contact to
> whom the domain is registered to, I'll have to see what happens from there.
>
> Chris
Found out the entire fraudwatchinternational site had been down for over
32hrs. It appears to be mostly back up now, I've just forwarded a paypal
phish to them and will see what happens.
--
Chris
Registered Linux User 283774 http://counter.li.org
20:07:30 up 4 days, 14:09, 1 user, load average: 0.28, 0.25, 0.19
Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you can lead it to water and force it to drink, it isn't a horse.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Reporting scams to fraudwatchinternational
Posted by Chris <cp...@earthlink.net>.
On Saturday 30 April 2005 10:59 pm, Loren Wilton wrote:
> Are yoiu cc-ing yourself on the reports? I've had stupid mail systems kick
> back mail I sent to people claiming 'relaying denied' if I had a cc that
> wasn't at the target destinaiton.
>
> Loren
Nope, I finally managed to get an email off to the tech- support contact to
whom the domain is registered to, I'll have to see what happens from there.
Chris
--
Chris
Registered Linux User 283774 http://counter.li.org
07:44:33 up 4 days, 1:46, 1 user, load average: 0.65, 0.53, 0.33
Mandriva Linux 10.1 Official, kernel 2.6.8.1-12mdk
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
miracle: an extremely outstanding or unusual event, thing, or accomplishment.
-- Webster's Dictionary
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Re: Reporting scams to fraudwatchinternational
Posted by Loren Wilton <lw...@earthlink.net>.
Are yoiu cc-ing yourself on the reports? I've had stupid mail systems kick
back mail I sent to people claiming 'relaying denied' if I had a cc that
wasn't at the target destinaiton.
Loren