cancel
Showing results for 
Search instead for 
Did you mean: 

Bounce to wrong sender

richard17
Newbie
Posts: 1
Registered: ‎21-09-2017

Bounce to wrong sender

Here's a weird one. A friend forwarded a message intended to me, that the spam filter had rejected, but she had not sent it. Here is the message:

From: Mail Delivery System <MAILER-DAEMON@messagelabs.com>
Date: 21 September 2017 at 08:32
Subject: Mail Delivery Failure
To: carbon.cutters@gmail.com

This is the mail delivery agent at Symantec Email Security.cloud.
I was unable to deliver your message to the following addresses:
richard@riggshome.plus.com

Reason: 552 Spam Message Rejected

The message subject was: Fwd: IMPORTANT: Updated insurance policy documents
The message date was: Thu, 21 Sep 2017 08:31:25 +0100
The message identifier was: 05/CD-02208-81B63C95
The message reference was: server-11.tower-207.messagelabs.com!1505979152!27608934!1

Please do not reply to this email as it is sent from an unattended mailbox.
Contact your email administrator if you need more information, or
instructions for resolving this issue.

Last-Attempt-Date: Thu, 21 Sep 2017 07:32:44 +0000
Diagnostic-Code: smtp; 552 Spam Message Rejected
Status: 5.0.0
Action: failed
Final-Recipient: rfc822; richard@riggshome.plus.com

--------------

I do not know who would have sent the message to me and it may indeed have been spam. What puzzles me is why she received a reply to a message that she did not send. She had sent a routine message (harmless, and nothing to do with insurance) at 12:08 and I received it, then she received this bounce. Can the Plusnet spam filter be getting out of sync?

 

1 REPLY 1
spraxyt
Resting Legend
Posts: 10,063
Thanks: 674
Fixes: 75
Registered: ‎06-04-2007

Re: Bounce to wrong sender

It looks like what happened here is that a spammer tried to send a message to you forging your friend's name and email as sender. Had it got through you might have been tempted to trust it because you knew the (apparent) sender.

However the message was rejected as spam so the delivering server passed it to the apparent sender - your friend. I'm assuming that the delivering server at messagelabs.com is an intermediary and not the original sending server which should have passed it back to the real sender..

This behaviour is known as backscatter.

David