2
My email is configured as follows:
I have a gmail account under my name, which is my primary email account. My gmail is then set to check the email account "webmaster@taxiwayalpha.com", and retrieve any emails from this account, and copy them to my inbox. This is a website I run, and the email address is configured as an account on a POP mail server, using Mail Enable as the server.
Yesterday, I looked in the Trash folder of my gmail account, and found the following email:
The message "Emailing: Image (8239).pdf" from webmaster@taxiwayalpha.com contained a virus or a suspicious attachment. It was therefore not fetched from your account webmaster@taxiwayalpha.com and has been left on the server.
Message-ID: <1c23c63a216110865a4482919d734e7@taxiwayalpha.com>
If you wish to write to this person, just hit reply and send a message.
Thanks,
The Gmail Team
The header info is as follows:
from: Gmail Team <mail-noreply@google.com>
reply-to: webmaster@taxiwayalpha.com
to: Gavin Coates <gavin.coates@gmail.com>
date: Wed, Jul 6, 2016 at 8:50 AM
subject: Emailing: Image (8239).pdf
mailed-by: google.com
I am receiving one of these messages every second!
They appear to come from a handful of addresses, in each case they are domains I own that are hosted on the same server. The account name varies, and sometimes is an email address that exists/have used in the past, but sometimes is an email I've never used.
I've now changed the password for the webmaster account, and have not updated this in gmail (it now shows authentication failed in the settings), yet I'm still receiving the emails.
I'm a little concerned by these emails. Why am I receiving so many (literally 1 per second)? Are these emails being sent to me, or are they being sent from my server?
Any help in identifying the cause of these would be greatly appreciated!
EDIT: I've disabled the email account webmaster@taxiwayalpha.com, and the mail server under that domain, but they still appear. Here is a sample of one of the messages received on that account prior to disabling:
Received: from dynamic.vdc.vn ([113.190.165.17]) by home with MailEnable ESMTP; Mon, 4 Jul 2016 18:51:56 +0100
From: <webmaster@taxiwayalpha.com>
To: <webmaster@taxiwayalpha.com>
Subject: Emailing: Image (8239).pdf
Date: Tue, 05 Jul 2016 00:51:45 +0700
Message-ID: <bfc3c44c20b070d97a0c1269360ad73@taxiwayalpha.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_001F_4E2DB17B.F72AFC55"
X-Mailer: Microsoft Office Outlook 12.0
Content-Language: en-gb
Return-Path: <webmaster@taxiwayalpha.com>
Gavin Coates
Posted 2016-07-06T09:45:33.787
Reputation: 191
3My feeling is that it would be helpful to see one of the original emails, from
taxiwayalpha.com's mail server, complete with headers, so we can get some idea of what google are refusing to fully collect. My guess is that you're being joe-jobbed, and these emails are bounces - but until we see one, that's really just a guess. – MadHatter – 2016-07-06T09:53:47.190@MadHatter - The mail service is currently disabled on the domain. However, I've updated with the headers of a similar message received earlier. – Gavin Coates – 2016-07-06T13:22:13.143
1Its also worth noting, that while there are some emails there, there only seem to be around 10-20 of them. Yet I'm getting these gmail notifications every second! – Gavin Coates – 2016-07-06T13:28:28.533
1
Look up backscatter.
– a CVn – 2016-07-10T19:03:11.510You need to identify if your server is sending the emails or not, since we don't have that information, only you can determine that. I have no idea why this was transferred here though. – Ramhound – 2016-07-11T23:09:43.140
Sorry that Server Fault sent you here, since questions about web sites/services are off-topic for Super User, per the [help/on-topic]. – Ben N – 2016-07-11T23:15:45.037
Welcome to the joys and horrors of running your own mail server – Journeyman Geek – 2016-07-12T01:18:13.747
I think someone found a way to exploit some of the functionality on your website to send emails. Do you have any tell a friend or contact us forms? – Henry – 2016-07-10T18:45:24.873
Related: http://webapps.stackexchange.com/q/87036/117263
– David Refoua – 2017-04-11T10:18:10.487