BlackBerry Forums Support Community
              
Register Sponsored By BlackBerryFAQ Today's Posts

Go Back

BlackBerry Forums Support Community

 BlackBerry Device Specific General 8300 Series Discussion - Curve Go

Phantom Messages (maybe virus?)

Closed Thread
 
Thread Tools
Old 09-22-2008, 10:56 AM   #1
CletusJones
Knows Where the Search Button Is
 
Join Date: Sep 2006
Location: Chicagoland
Model: 8320
PIN: 24427bba
Carrier: T-Mobile
Posts: 48
Default Phantom Messages (maybe virus?)

Please Login to Remove!
For the past several days I've been getting delivery failed messages for mail that I obviously haven't sent (spam) and in the transcript it lists a blackberry address as the originating server. How is this possible? Could I have a rogue program on my device? I haven't installed anything that I can think of.

Here's a copy of the relevant portions of the email header. Any ideas?
Quote:
Return-Path: <srs0=hu3awr=2a=omg-stfu.com=josh@srs.bis.na.blackberry.com>
Received: (qmail 23721 invoked from network); 22 Sep 2008 10:25:30 -0000
Received: from unknown (HELO hisar.endersys.com) (213.144.99.107)
by 0 with SMTP; 22 Sep 2008 10:25:30 -0000
Received: (surgate 85384 invoked by uid 1001); 22 Sep 2008 10:24:54 -0000
Received: from unknown (HELO smtp10.bis.na.blackberry.com) (216.9.248.57) by 0 with SMTP; 22 Sep 2008 10:24:51 -0000
Received: from bda471.bisx.prod.on.blackberry (bda471.bisx.prod.on.blackberry [172.20.218.16])by srs.bis.na.blackberry.com (8.13.7 TEAMON/8.13.7) with ESMTP id m8MAQBrD001274for <kuchiutu_2000@EnderUNIX.org>; Mon, 22 Sep 2008 10:26:11 GMT
Received: from bda471.bisx.prod.on.blackberry (localhost.localdomain [127.0.0.1])by bda471.bisx.prod.on.blackberry (8.13.7 TEAMON/8.13.7) with ESMTP id m8MAQ8r5021427for <kuchiutu_2000@EnderUNIX.org>; Mon, 22 Sep 2008 10:26:08 GMT
Message-ID: <1850735552-1222079167-cardhu_decombobulator_blackberry.rim.net-1724798101-@bxe195.bisx.prod.on.blackberry>
Offline  
Old 09-22-2008, 11:03 AM   #2
JSanders
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
Default
There are no viri on the BB.

You can post your email address somewhere and a net spider or whatever catches it, and uses it to send spam, using that as the originating address. It has happened on my personal domain email email address?
Offline  
Old 09-22-2008, 11:07 AM   #3
paulbblc
Retired BBF Moderator
 
paulbblc's Avatar
 
Join Date: Oct 2005
Location: Twin Cities, MN
Model: ip 3g
PIN: 8675309
Carrier: AT&T
Posts: 3,555
Default
And here I thought that you just enjoyed spamming my inbox with pron links J...
Offline  
Old 09-22-2008, 11:09 AM   #4
CletusJones
Knows Where the Search Button Is
 
Join Date: Sep 2006
Location: Chicagoland
Model: 8320
PIN: 24427bba
Carrier: T-Mobile
Posts: 48
Default
Quote:
Originally Posted by JSanders View Post
There are no viri on the BB.

You can post your email address somewhere and a net spider or whatever catches it, and uses it to send spam, using that as the originating address. It has happened on my personal domain email email address?
Understood, but why then does it list the originating server as a bis.na.blackberry address? Shouldn't it be my mail server (mail.omg-stfu.com) instead?
Offline  
Old 09-22-2008, 11:18 AM   #5
JSanders
Crimson Tide Moderator
 
JSanders's Avatar
 
Join Date: Oct 2004
Location: North of the moss line
Model: Z30
OS: 7.0sumtin
PIN: t low
Carrier: Verizon
Posts: 41,921
Default
213.144.99.107 is endersys.com, a Turkish-based anitspam and anti virus software company.

Perhaps it was caught by them...

I don't know.
Offline  
Old 09-22-2008, 11:27 AM   #6
CletusJones
Knows Where the Search Button Is
 
Join Date: Sep 2006
Location: Chicagoland
Model: 8320
PIN: 24427bba
Carrier: T-Mobile
Posts: 48
Default
Hmmm. I guess I'll just have to investigate. I'd hate to have my domain flagged as spam.
Offline  
Old 09-22-2008, 01:11 PM   #7
daphne
BBF Spam Killer Moderator
 
daphne's Avatar
 
Join Date: May 2007
Location: on a sunny beach
Model: Paspt
OS: 10.3.0.90
PIN: X1ZPY34K
Carrier: VZW but not for long
Posts: 9,176
Default
Spammers may be spoofing your domain to send spam. That doesn't mean spam is coming from your domain, but the headers can be spoofed to make it look like the spam is coming from your domain. It happens to me on a fairly regular basis.
__________________
Report spam text messages to 7726
#BlackBerry by choice
Offline  
Closed Thread

« Previous Thread | Next Thread »


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


1pcs used TSXMFPP128K Memory Card picture

1pcs used TSXMFPP128K Memory Card

$175.00


Desktop Memory Case Tray Case for PC DDR DRAM RAM DIMM Modules - 2 fits 100 New picture

Desktop Memory Case Tray Case for PC DDR DRAM RAM DIMM Modules - 2 fits 100 New

$20.50


2 - RAM DRAM Tray-Container Box For Server PC Memory DIMM Modules - Fits 100 NEW picture

2 - RAM DRAM Tray-Container Box For Server PC Memory DIMM Modules - Fits 100 NEW

$21.90


Memory Blister Pack Box for DDR DIMM Module Anti Static - Lot of 6 18 35 100 200 picture

Memory Blister Pack Box for DDR DIMM Module Anti Static - Lot of 6 18 35 100 200

$17.95


NEW Mitsubishi A1SNMCA-8KE Memory Cassette picture

NEW Mitsubishi A1SNMCA-8KE Memory Cassette

$151.62


NEW Original Allen Bradley 2080-MEMBAK-RTC Memory Module With RTC Plug-In picture

NEW Original Allen Bradley 2080-MEMBAK-RTC Memory Module With RTC Plug-In

$284.00






Copyright © 2004-2016 BlackBerryForums.com.
The names RIM © and BlackBerry © are registered Trademarks of BlackBerry Inc.

Contact Us - BlackBerryForums.com - Archive - Top