This sounds excatly like what I was experiencing a couple of weeks ago and it turned out to be (as far as I am aware) that someone managed to get a hold of my email password. I came to this conclusion due to my outgoing SMTP mail server needing authentication, and also now 2 weeks on, after changing my passwords, I am receiving zero of these undelivered email reports etc.

Best advice I can give you from past experience, change all of your CPanel and email passwords.

NickyD,

Here's a couple things you might want to know about spam...

Nothing in the SMTP specification deals with authentication or forging. You can "say" anything that you want; and it isn't validated. For example, I can "say" that I'm you, list your return address, and go.

A common virus / zombie spamming tactic goes like this:

1. Infect target's computer
2. Harvest address book / inbox data
3. Send bogus emails out using target's return info (to everybody in the address book).
4. Save for later, so future spams look credible.

There are some ideas to limit the forging; but none have been widely enough adopted to be useful.

I run the mail systems for some pretty major lending companies. Our spam volume is ridiculous. We have a long list of custom filters.

We immediately search all emails for any executable code (infectious or not). Always remember, a virus isn't known on day zero. We also have several different white/gray/black lists working. We have special filters for inline images as well. The inline image filters stop a ton of stuff. Since we whitelist first, we don't lose much good stuff in the mix.

If they would be of any use to you, I'd be happy to tell you more about how we filter, or share some of our lists.

Hope this helps.

-Ben

P.S. Christoper is dead right also. Spam relaying happens quite frequently, if you aren't careful.

I don't know much about your mail hosting; so I'll just describe the approaches that we use:

We use a many-tiered filter approach. It allows us to be pretty strict with minimal losses. We only retrieve about one message per week from our Quarantine box.

First Priority:

Kill anything *known* to be infected (via virus scanner)

Second Priority:

Stop filtering if user is authenticated (it's one of us). This allows us to send out (or to each other) anything we want. For example, we can use the forbidden word "viagra" that gets outside emails killed.

Third Priority:

Delete any emails that contain blacklist keywords in the subject or body. These are the worst of the worst, like "viagra" or "rolex".

Delete any emails that use forbidden X-Mailers.

Fourth Priority:

Stop processing filters for anything on the whitelists (keywords that relate to our business). We run these first, before the more broad graylist deletes.

Fifth Priority:

Quarantine any emails that contain graylist keywords in the subject or body.

Delete any email that contains an executable attachment (known virus or not).

Delete any email containing an inline image (normal users attach, not inline).

Sixth Priority:

Quarantine by broad match rules "via*", "phar*", "teen*", etc.
Quarantine by excessive / deceptive CSS.



It's a lot of steps, but it works really well for us. Hope this helps.

-Ben

No problem. Email me if you want the specific gray or black lists.

Syuk,

Thanks for mentioning the server blacklisting. I completely forgot about it in my posts. We use SpamCop and SpamHaus. I forgot about it, as it is outside our normal filter structure. We handle those as a pre-acceptance denial.

Actually, I'd be curious to hear... What mail server software does the rest of the group use?

Very informative. Thanks for the info everyone.

Josh, that's what was happening to me as well, getting email's from such addresses as: xygs@edg3.co.uk / yubdbhlb@edg3.co.uk / etc.

I just decided to turn off my catch all account and bounce any email that isn't sent to my specific addresses. Not sure if that's an option with you. Depends do you get many real emails through mistyped email addresses?