False ASK Confirmations

Help
nyastest
2006-11-02
2013-06-04
  • nyastest
    nyastest
    2006-11-02

    Hi,

    Some of our users are getting ASK confirmation messages from "Frank Trotta" (trotta@holonet.net). However, they never emailed this person or even know a person by this name.

    Please see an instance of this confirmation message below. All the recipients and the sender (which I removed for security purposes) have email addresses belonging in the same domain (which means email should be routed internally in our organization). They all were
    emailing each other in the same internal network. We only use Windows in our office - which means that we cannot even install ASK, right? cuz it can only run on Linux/Unix/OSx?

    Any input that may point us in the right direction is much appreciated!

    Thank you.

    ------------------ FALSE CONFIRMATION MESSAGE STARTS HERE -------------------------------

    << IMPORTANT INFORMATION! >>

    This is an automated message.

    The message you sent (attached below) requires confirmation before it can be delivered. To confirm that you sent the message below, just hit the "R"eply button and send this message back (you don't need to edit anything). Once this is done, no more confirmations will be necessary.

    This email account is protected by:
    Active Spam Killer (ASK) V2.4.1 - (C) 2001-2002 by Marco Paganini For more information visit http://www.paganini.net/ask

    --- Original Message Follows ---

    Subject: FW: av scan
    Date: Mon, 30 Oct 2006 14:24:25 -0500
    From: <removed - but sender in same domain as recipients in To and CC fields>
    To: <removed>
    Cc: <removed>

    This is a multi-part message in MIME format.

    ------_=_NextPart_001_01C6FC58.F82BD49E
    Content-Type: text/plain;
        charset="US-ASCII"
    Content-Transfer-Encoding: quoted-printable

     
    • You can feed the eMail message, complete with all the SMTP headers, to SpamCop.Net, and it will report the true source of the message (and then you'll be provided with an option to report it as spam, or cancel the report).  You'll probably need a SpamCop.Net account first though (you can get what you need from the free account).

      What is it you're needing help with, by the way?  Your question didn't make that clear.

       
    • nyastest
      nyastest
      2006-11-09

      Thanks for your suggestion.

      We're wondering why we're getting ASK confirmations from an email account who we never emailed to. Is this a known issue with Active Spam Killer - sending false confirmations to random email accounts?

      Or is there a known spam tactic that uses ASK confirmations as a way to harvest email addresses by replying or making people click on the link that the ASK confirmation message contains?

      Thanks again.