Bad Headers

[Salman75]

I have been getting a lot of spam reports from AOL lately and was confused by the headers. So I did a simple experiment. Here goes:

1. Login to cPanel and create a forwarder to an outside domain. I used a Yahoo email address. So you have email@cpaneldomain.com forwards to email@yahoo.com

2. Then i log into my hotmail account and sent an email to email@cpaneldomain.com which was then forwarded by the server to my yahoo account.

3. Login to the Yahoo account and retrieve this email.

4. Copy and paste ALL the headers into http://www.spamcop.com/

You will be surprised to learn that SPAMCOP reported the message as origination from the CPANEL server, not hotmail.

AOL is also using the same reporting technology. How is this possible????

The message did not originate from the cPanel server, so how is it responsible for this message?

AOL has blocked a few of our servers for this exact cause ... and it isn’t even our fault

[AndyReed]

You'll have to contact AOL and ask them these questions. If you wish to be in the whitelist with AOL, see: http://postmaster.aol.com/tools/whitelist_guides.html
Good luck.

[Salman75]

Thanks for the reply.

Already doing that but AOL will remove the whitelist status as soon as a few more spam reports come in. Dealing with AOL, thats no easy issue either.

But why and how do spamcop and aol see the message coming from our server rather than yahoo, hotmail or some other free service?

The following headers were added to the forwarded emails:

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - host122.cpaneldomain.com
X-AntiAbuse: Original Domain - cpaneldomain.com
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - hotmail.com

Makes no sense

[RizyDeWino]

Simply because the forwarders are setup at your server . The mail is not sent TO email@cpaneldomain.com and CC email@aol.com from some email account. It is only sent TO email@cpaneldomain.com and when it reaches at your server , your mail server checks that there is a forwarder and then your server's mail server send this mail to emil@aol.com (the forwarder).

If you have some user having lot of forwarder to AOL and his own domain is reciening spam then that spam will be forwarded to AOL users too and your server's IP will be blocked by AOL later , and when you will contact them , they will tell you ask your users to remove the forwarders. This is how it is.