Fake Reply and sender address - looping receive mail in mailscanner

[Ronald Ong]

Hi,

It seems Spammers are sending spams to different mail servers using our 
domain as REPLY address. All users in the reply address 
(ourusers-fake at ourdomain)  are fake . RECIPIENT address also 
non-existent. Both servers are looping and bouncing mail notification.

Recipient  anti-spam server will send a notification email to our server 
(using the fake reply) saying that it cannot deliver.
Since REPLY address are fake , MAILSCANNER will send out bounce 
notification.

These are the subject headers from MAILWATCH using  MAILSCANNER  4.70   - 
    FROM : blank    TO:  fakeuser at ourdomain
    SUBJECT :
   - Undelivered Mail Returned to Sender
   - failure notice
   - Returned mail: Cannot send message within 5 minutes
   - Returned mail: see transcript for details
   - Delayed Mail (still being retried)
   - Delivery Status Notification (Failure)
   - Unable to deliver your message

1. Are these subject headers are legitimate and generated by MAILSCANNER 
or it is a bogus bounce header?
2.  Why is it  the TO:  field is    fakeuser at ourdomain  instead of the  
recipient email.  and the FROM is blank.
      Im thinking the source of spam is within our network, but when i 
checked the first mail receive , the IP is  from other country.
3.  How can i trap  bogus reply address or stop mailscanner sending this 
emails on second attempt ( looping)
 
Thanks

Ronald
AMA University




-- 
This message has been scanned for viruses and
dangerous content by AMA!MailScan, and is
believed to be clean.