• GoDaddy Community
  • Managing Email

    • Managing Email

    cancel
    Turn on suggestions
    Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
    Showing results for 
    Show  only  | Search instead for 
    Did you mean: 
    skyglow
    New
    ‎04-19-2016 09:11 AM
    ‎04-19-2016 09:11 AM

    Lots of Delivery Status Notifications.

    I've been having a problem for the past couple of days where I get a bunch of 'Delivery Status Notifications' from the mail delivery system. It looks like my email account is being used to relay spam, and these messages are from the messages sent to bad addresses. I'm used to the fake spam that pretends to be a delivery failure, but based on the headers these look like they are all coming from a GoDaddy mail server. S, I'm not sure if I have a virus on my PC, or if someone just cracked my email password. I have changed my password and set the SMTP relay's for my email address to 0 for the time being, but I was wondering if there is any way to tell what IP GoDaddy's server received the SMTP send from. Here is what I see in the full headers for one of the bounce emails:

     

    Received: (qmail 10601 invoked by uid 30297); 19 Apr 2016 15:36:51 -0000
Received: from unknown (HELO p3plibsmtp03-07.prod.phx3.secureserver.net) ([173.201.192.59])
          (envelope-sender <>)
          by p3plsmtp12-04.prod.phx3.secureserver.net (qmail-1.03) with SMTP
          for <[My Email Address Redacted]>; 19 Apr 2016 15:36:51 -0000
Received: from p3plsmtpa07-05.prod.phx3.secureserver.net ([173.201.192.234])
	by p3plibsmtp03-07.prod.phx3.secureserver.net with bizsmtp
	id kFc81s00p53toe501FcrxV; Tue, 19 Apr 2016 08:36:51 -0700
Date: Tue, 19 Apr 2016 08:36:51 -0700
From: Mail Delivery System
To: [My Email Address Redacted]
Subject: Delivery Status Notification
MIME-Version: 1.0
Content-Type: multipart/report; boundary="------------I305M09060309060P_990914610802110"
X-Nonspam: None

    The headers don't help, and the attached .eml files with the delivery failure message don't have any IP's in the either. Is there any way to get GoDaddy to tell me where the original email came from? If I call customer support is there anything they can do to help me figure this out?

     

    Just FYI, I did run Malwarebytes on my PC after I started seeing these, but it didn't find any viruses, but I'd feel better if I could see that the original messages didn't come from my home IP address.

    0 Kudos
    Reply
    2 REPLIES 2
    D3
    Advocate V Advocate V
    Advocate V
    ‎04-20-2016 02:08 AM
    ‎04-20-2016 02:08 AM

    It is possible that someone is sending email from their own server and just putting your name in the FROM field and/or the Reply-To field.  They don't necessarily have to be coming through Godaddy's email system.

    Having set your relays to 0, are you still getting delivery failure notifications?

    Keep on Coding!
    Mark Cicchetti - There are 10 kinds of people... those who understand binary and those who don't.
    Reply
    skyglow
    New
    In response to D3
    ‎04-20-2016 06:52 AM
    ‎04-20-2016 06:52 AM

    No, now that I have set the relays to 0, I haven't had any more delivery failure notifications. I can still send messages using the GoDaddy webmail interface though, so I'm doing that for the time being.

     

    I've dealt with spam and spoofed addresses before in my day-job. What's bugging me are the headers in these emails. The message originates, according to the headers, from 'unknown'. Typically, I can tell email has been spoofed because the headers will indicate it came from an IP address that has nothing to do with the sender or recipient. Regardless of what the email address claims, the header should have, at least, the IP address of whatever sent the message to the secureserver.net relay. However, all I see is unknown. I know it COULD still be a spoofed sender, but it has my spider senses tingling!

    0 Kudos
    Reply

    You may also like...