I couldn't find a simple way to post to BlueHost, hopefully the forums are the way to go.

Anyway, as of yesterday and today I've received several "failure notice" emails purportedly from "MAILER-DAEMON@outbound-mail-x1.bluehost.com" referring to emails that I did not send.

I'm not sure if they're spoofs or if SpamAssassin is getting confused. I didn't think it prudent to post the mail headers, but I'm willing to forward them on.

The message bodies contain different names each day - I've edited the names in the message body below:

Hi. This is the qmail-send program at outbound-mail-x1.bluehost.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<xxx@xxx.com>:
72.14.253.27 does not like recipient.
Remote host said: 550 5.1.1 No such user q18si20505240pog.12
Giving up on 72.14.253.27.

--- Enclosed are the original headers of the message.


(Body supressed)

Can anyone shed some light on this? Thanks.

There is no way for someone to prevent email spoofing.

If I wanted to, I could send an email out from george @ whitehouse.gov.

This has been talked about before several times. Do a search on the forums and you might be able to find them. In short, unfortunately you cannot prevent it.

There is no way for someone to prevent email spoofing.

If I wanted to, I could send an email out from george @ whitehouse.gov.

This has been talked about before several times. Do a search on the forums and you might be able to find them. In short, unfortunately you cannot prevent it.

No doubt, however in this case it appears that bluehost.com is the source for the attemped delivery, which would indicate that a client of bluehost is the culprit.

I would hope that bluehost.com would be less inclined to be trite regarding such matters. Perhaps not.

Those failure notice are not an indication that the email originated on an account at BlueHost, merely an indication that they have been relayed through an account on BlueHost that has bounced the message to the From address because the email in the To address (which is on BlueHost) was not able to accept delivery. As such, all that your receiving that message means is that both the To and From email addresses within the email are both on sites hosted at BlueHost and as yours is the From rather than the To address, you have no way to determine where the spam originated since only the headers on the email when it arrived at the To address (where it was bounced without ever being seen) would provide that information.

BlueHost has been known to immediately cancel the account of anyone found using their account to send spam. The email limits on the number of emails that can be sent per hour from accounts on BlueHost mean that a spammer would at most be able to send a few thousand spam emails before their site is shut down. Spam emails that originate on BlueHost accounts rather than simply having been bounced by a BlueHost account therefore make up approximately 0% of the spam being delivered to our accounts.

I'm getting ten of these per day, and there's nothing I can do about it??

or is there?

:(

Well if you killed whoever is sending them then they would stop. Finding which one person somewhere in the world is the actual one responsible may take you a while though since they are being bounced via a third party rather so the path will lead back to that innocent third party rather then the person responsible. I'd say you have about one chance in around seven billion or so of finding them. Also chances are that by the time you do find the person currently responsible there will be another few hundred people doing the same thing.

The only real fix is to get everyone to turn off bouncing undeliverable emails. If you take that approach though you have a few million people to convince to make changes to their site.