I have been getting returned emails for the last few weeks - none of which I have sent, so someone is sending out spam using my address as a spoof. All the undelivered ones therefore come back to me.
Can some clever person help by deciphering the header info to track down where they are coming from? Would I be right in suspecting 82.165.159.3 is the source? What about sheaf636@dallasmail.com (in red below)?
Here's a typical header for the returned mail, which includes the header info on the original email as well (with my own email address replaced with myname<at>tiscali.co.uk)
Return-Path: <>
Received: from public.mx16gb1.int.opaltelecom.net (62.24.139.126) by mail.svcgb1.int.opaltelecom.net (8.5.153)
id 535DB7740406DF7D for myname<at>tiscali.co.uk; Fri, 5 Dec 2014 10:51:13 +0000
Message-ID: <535DB7740406DF7D@ms12gb1.int.opaltelecom.net> (added by postmaster@mail.svcgb1.int.opaltelecom.net)
X-IronPort-AV: E=Sophos;i="5.07,521,1413241200";
d="scan'208";a="709941708"
Received: from mout-bounce.web.de ([212.227.15.26])
by public.mx16gb1.int.opaltelecom.net with ESMTP; 05 Dec 2014 10:51:13 +0000
Received: from mda by moweb003.server.lan id 0MWdfH-1YUEGp26A7-00XqTe
Fri, 05 Dec 2014 11:51:12 +0100
Date: Fri, 05 Dec 2014 11:51:12 +0100
From: <keineantwortadresse@web.de>
To: myname<at>tiscali.co.uk
Subject: Mail delivery failed: returning message to sender
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-UI-Out-Filterresults: unknown:0;
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:
"tanjabirke@renekuenzel.com":
SMTP error from remote server after HELO command:
host: mx0.renekuenzel.com:
REJECT: 82.165.159.3 is in sbl-xbl.spamhaus.org :
http://www.spamhaus.org/sbl/query/SBL175030
--- The header of the original message is following. ---
Received: from [213.165.67.104] ([213.165.67.104]) by mx-ha.web.de (mxweb008)
with ESMTPS (Nemesis) id 0LZi5E-1XZdCm0jrY-00lVyT for
<tanjabirke@renekuenzel.com>; Fri, 05 Dec 2014 11:51:12 +0100
Received: from out.ipsmtp3nec.opaltelecom.net ([62.24.202.75]) by mx-ha.web.de
(mxweb008) with ESMTPS (Nemesis) id 0MVuuW-1YTxHs0hFg-00X1xt for
<tanjabirke@web.de>; Fri, 05 Dec 2014 11:51:12 +0100
X-SMTPAUTH: myname<at>tiscali.co.uk
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgsxAG6NgVRP6RTnPGdsb2JhbABZhDCDBYMuggqCMahJAQEBAQEBBppJAQEBAQEGAQEBATg7hCwVWR0CBSECETQaE4gmAQEBFrADhy8OhDaDT4ZniVsGHQmGJYEohH+CVopIgUcFj0ZckCmOGAwBgh0/MIJDAQEB
X-IPAS-Result: AgsxAG6NgVRP6RTnPGdsb2JhbABZhDCDBYMuggqCMahJAQEBAQEBBppJAQEBAQEGAQEBATg7hCwVWR0CBSECETQaE4gmAQEBFrADhy8OhDaDT4ZniVsGHQmGJYEohH+CVopIgUcFj0ZckCmOGAwBgh0/MIJDAQEB
X-IronPort-AV: E=Sophos;i="5.07,521,1413241200";
d="scan'208";a="353085057"
Received: from p4fe914e7.dip0.t-ipconnect.de (HELO Vollstrecker-PC) ([79.233.20.231])
by out.ipsmtp3nec.opaltelecom.net with ESMTP/TLS/AES256-SHA; 05 Dec 2014 10:51:05 +0000
From: "Kehl Agentur" <myname<at>tiscali.co.uk>
To: "Birko" <tanjabirke@web.de>
Subject: =?utf-8?q?Neue Stellenausschreibung f=C3=BCr Sie?=
Date: Fri, 5 Dec 2014 10:51:12 GMT
Reply-To: <sheaf636@dallasmail.com >
Message-ID: <00d8d0d9.0e8f1b835406d0bb@Vollstrecker-PC>
Mime-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-UI-Out-Filterresults: junk:10;
Can some clever person help by deciphering the header info to track down where they are coming from? Would I be right in suspecting 82.165.159.3 is the source? What about sheaf636@dallasmail.com (in red below)?
Here's a typical header for the returned mail, which includes the header info on the original email as well (with my own email address replaced with myname<at>tiscali.co.uk)
Return-Path: <>
Received: from public.mx16gb1.int.opaltelecom.net (62.24.139.126) by mail.svcgb1.int.opaltelecom.net (8.5.153)
id 535DB7740406DF7D for myname<at>tiscali.co.uk; Fri, 5 Dec 2014 10:51:13 +0000
Message-ID: <535DB7740406DF7D@ms12gb1.int.opaltelecom.net> (added by postmaster@mail.svcgb1.int.opaltelecom.net)
X-IronPort-AV: E=Sophos;i="5.07,521,1413241200";
d="scan'208";a="709941708"
Received: from mout-bounce.web.de ([212.227.15.26])
by public.mx16gb1.int.opaltelecom.net with ESMTP; 05 Dec 2014 10:51:13 +0000
Received: from mda by moweb003.server.lan id 0MWdfH-1YUEGp26A7-00XqTe
Fri, 05 Dec 2014 11:51:12 +0100
Date: Fri, 05 Dec 2014 11:51:12 +0100
From: <keineantwortadresse@web.de>
To: myname<at>tiscali.co.uk
Subject: Mail delivery failed: returning message to sender
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-UI-Out-Filterresults: unknown:0;
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of
its recipients. This is a permanent error. The following address
failed:
"tanjabirke@renekuenzel.com":
SMTP error from remote server after HELO command:
host: mx0.renekuenzel.com:
REJECT: 82.165.159.3 is in sbl-xbl.spamhaus.org :
http://www.spamhaus.org/sbl/query/SBL175030
--- The header of the original message is following. ---
Received: from [213.165.67.104] ([213.165.67.104]) by mx-ha.web.de (mxweb008)
with ESMTPS (Nemesis) id 0LZi5E-1XZdCm0jrY-00lVyT for
<tanjabirke@renekuenzel.com>; Fri, 05 Dec 2014 11:51:12 +0100
Received: from out.ipsmtp3nec.opaltelecom.net ([62.24.202.75]) by mx-ha.web.de
(mxweb008) with ESMTPS (Nemesis) id 0MVuuW-1YTxHs0hFg-00X1xt for
<tanjabirke@web.de>; Fri, 05 Dec 2014 11:51:12 +0100
X-SMTPAUTH: myname<at>tiscali.co.uk
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgsxAG6NgVRP6RTnPGdsb2JhbABZhDCDBYMuggqCMahJAQEBAQEBBppJAQEBAQEGAQEBATg7hCwVWR0CBSECETQaE4gmAQEBFrADhy8OhDaDT4ZniVsGHQmGJYEohH+CVopIgUcFj0ZckCmOGAwBgh0/MIJDAQEB
X-IPAS-Result: AgsxAG6NgVRP6RTnPGdsb2JhbABZhDCDBYMuggqCMahJAQEBAQEBBppJAQEBAQEGAQEBATg7hCwVWR0CBSECETQaE4gmAQEBFrADhy8OhDaDT4ZniVsGHQmGJYEohH+CVopIgUcFj0ZckCmOGAwBgh0/MIJDAQEB
X-IronPort-AV: E=Sophos;i="5.07,521,1413241200";
d="scan'208";a="353085057"
Received: from p4fe914e7.dip0.t-ipconnect.de (HELO Vollstrecker-PC) ([79.233.20.231])
by out.ipsmtp3nec.opaltelecom.net with ESMTP/TLS/AES256-SHA; 05 Dec 2014 10:51:05 +0000
From: "Kehl Agentur" <myname<at>tiscali.co.uk>
To: "Birko" <tanjabirke@web.de>
Subject: =?utf-8?q?Neue Stellenausschreibung f=C3=BCr Sie?=
Date: Fri, 5 Dec 2014 10:51:12 GMT
Reply-To: <sheaf636@dallasmail.com >
Message-ID: <00d8d0d9.0e8f1b835406d0bb@Vollstrecker-PC>
Mime-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-UI-Out-Filterresults: junk:10;