Lunarpages Web Hosting Forum

Author Topic: email "from" ###qq.com  (Read 944 times)

Offline turula2

  • Spaceship Navigator
  • *****
  • Posts: 91
  • Peter in DG
email "from" ###qq.com
« on: June 01, 2018, 08:01:46 PM »
One of my users is targeted with about 100 emails a day that have ###@qq.com as the "From:" header. The sender host is never qq.com but something like szcfxx.com, virexchina.com, maxnetsys.com.cn, xuanruanjian.com, etc. etc.  Almost all of these get stopped by RBL...spamcop.net and never get into my email system, but they show up in "Track Delivery" and clutter it up. The few that get through into my email system are trapped out by a spam filter, as they typically have a spam score between 15 and 30!

Anyone have any insight into this?

Offline MrPhil

  • Senior Moderator
  • Berserker Poster
  • *****
  • Posts: 6310
Re: email "from" ###qq.com
« Reply #1 on: June 02, 2018, 04:38:05 AM »
Is there any sign that these are originating onsite, through a Contact form or the like? If they're coming from the outside world with faked "From" addresses, I'm not sure there's much more you can do, but if internal, perhaps "sender" addresses from qq.com could be silently diverted to the bit bucket by the Contact form (without telling anyone)? The idea is that such mails never get into the system, to clutter up things.
Visit My Site

E-mail Me
-= From the ashes shall rise a sooty tern =-

Offline turula2

  • Spaceship Navigator
  • *****
  • Posts: 91
  • Peter in DG
Re: email "from" ###qq.com
« Reply #2 on: June 04, 2018, 09:10:57 AM »
[[ I should have noted that ### in ###@qq.com is a 6 to 10 digit random number ]]

CTS: Basically no. As I noted in my post, per the "Track Delivery" tables these are all coming from various outside domains (per the "Sender Host" and "Sender IP" columns) - probably wherever they can find an open SMTP. Of these 90% already "never get into the system" because, as I noted in my post, they get stopped by "RBL...spamcop.net" and never enter my email system, and those that do I easily filter out. Note that the "Track Delivery" tables are very useful in looking into this kind of problem. I stumbled onto this problem while trying to resolve the problem in my nearby post  "Fail With Message action not working properly" by reviewing the "Track Delivery" tables.

My user is now targeted with about 50 ###@qq.com emails per day. If you google this issue some report getting 2-3 emails a minute (3,500 par day?)!

Offline turula2

  • Spaceship Navigator
  • *****
  • Posts: 91
  • Peter in DG
Re: email "from" ###qq.com
« Reply #3 on: June 11, 2018, 07:30:43 AM »
These email track entries went from about 300 a week to zero in the last 7 days!