Okay, here is the deal.... I get many bounced emails a day coming to me... For example, e-mails from [email protected] to [email protected] telling them they need to update their password, etc, etc.... Is this just people using my site as a mask to steal passwords from users (who do not exist) or is someone really sending mail?
My site is lyricshead. Here is the e-mail message:
Dear Lyricshead Member,
Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your membership.
Is there a link in this eMail, that people would use to update their info?
That's usually how these phishing scams work. Any Domain name can be spoofed, as in, used as a return eMail address, as it lends creditability to the eMail.
If you look at the eMail headers (or post them here), the actual Server being used to send these eMails will be found. They can then be reported the DC where that Server is located. That may or may not help but will provide you with documentation; to verify to your Clients and anyone else that asks, that something was to done to stop the bogus eMails.
• PotentProducts.com - for all your Hosting needs
• Helping people Host, Create and Maintain their Web Site
• ServerAdmin Services also available
You can check the logfile (var/log/exim_mainlog), and get the mail header , since it is an exim server you can find the sender informations with the command
#exim - Mvh <header> - replace the header with the one you got from the log.
#exim - Mvb <header>
Choose the right option ... The world is open for You..