Successful Mail Delivery Report spam

boddie

A year or so ago, I asked about why people can spoof addresses from my domain when spamming me. In other words, a spammer can send a mail from THEM@MY_DOMAIN to ME@MY_DOMAIN, using their own mail server, and this message gets accepted and delivered by Opalstack. I think the essence of the reply was that nobody prevents this kind of thing, despite the fact that "administrator needs your password" spams are ubiquitous.

However, now I occasionally get not only fake domain spam but also "Successful Mail Delivery Report" messages that read as follows:

This is the mail system at host mx1.de.opalstack.com.

Your message was successfully delivered to the destination(s)
listed below. If the message was delivered to mailbox you will
receive no further notifications. Otherwise you may still receive
notifications of mail delivery errors from other systems.

So, I not only get spammed, but Opalstack tells me that it was successful in allowing me to be spammed. Fortunately, this doesn't happen often, but it could potentially happen a lot. Are there really no good ways of dealing with this?

Thanks in advance for any guidance you can offer.

sean

boddie the spammer sent the message with a delivery receipt requested, so our server sent the receipt to the sender address.

You can't prevent this type of spoofing, but you can mitigate it somewhat by using a SPF record for your domain. In your original post you said you'd already done this, so if it doesn't seem to be working for you then feel free to contact support with the specific details like the domain, the SPF that you're using, and the headers from one of the spoofed messages that you received. We'll then look into it further.

boddie

sean

My SPF record says this:

v=spf1 include:spf.opalstack.com ~all

I think I followed the guide on this because I don't profess to know any better myself.