Very odd bounce
am 17.02.2007 01:02:41 von John ErsatznomAnyone here knowledgeable about deciphering bounces?
I just got a bounce that's arguably the most uninformative in history.
First, it makes contradictory claims about the cause of the bounce -- in
one place it says user unknown, and in another it says it's infected by
Win32.Swen. Second, it doesn't contain any of the original message that
bounced. Not even the bits that can't possibly have been infected. It
doesn't, in fact, contain a part of any message I can recall sending
recently, or ever for that matter. Not even an address. That's the
really screwy thing. No address I actually sent mail to is listed in the
bounce at all. I'm guessing someone forwards their mail through a
spam/virus filtering service provider, but the bounce this provider
generated is completely useless for figuring out which of your emails
you need to resend. I can't determine from this ANY of the following:
* What message, to who, that I sent, actually bounced.
* Why it REALLY bounced.
* Even what ISP I was sending to.
* For that matter, even what ISP I was sending *from*. The message went
to my gmail address that is my email Reply-To: but doesn't even appear
to be addressed to me!
OTOH it doesn't seem to be some kind of spam disguised as a bounce. It's
not trying to sell me anything, convert me to any belief system, or
convince me to vote for someone. The source, some company called NCI
Notification, seems legit on googling.
The amazing thing is I can post this thing here unedited and entire and
not reveal much about myself save that I use Thunderbird and have a
gmail account.
Incidentally, I find the "infected by Swen" explanation for the bounce
improbable. I run AVG daily and scan all new executables before doing
anything with them, and rarely get new executables anyway. I haven't
ever had a serious virus problem and I've only ever had one suspicious
Java applet and several suspect downloads test positive over a period of
years -- all deleted without being run once discovered, of course.
Needless to say, this morning's scan was clean.
My best guess is misconfigured filtering/forward-thru service at this
time. Now if I only knew which of my contacts used that broken service
so I could explain why they should find another one -- assuming the
first will ever let me get a message past it, of course...
Bounce follows:
From - Fri Feb 16 18:33:47 2007
X-Account-Key: account3
X-UIDL: GmailId110ccb8ab522c26f
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Delivered-To: twisted0n3@gmail.com
Received: by 10.82.164.18 with SMTP id m18cs76368bue;
Fri, 16 Feb 2007 14:42:39 -0800 (PST)
Received: by 10.115.108.1 with SMTP id k1mr2210083wam.1171665758906;
Fri, 16 Feb 2007 14:42:38 -0800 (PST)
Return-Path: <>
Received: from mail.ncidata.com (mail.ncidata.com [64.139.97.6])
by mx.google.com with ESMTP id z15si2305929pod.2007.02.16.14.42.38;
Fri, 16 Feb 2007 14:42:38 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
mail.ncidata.com designates 64.139.97.6 as permitted sender)
Received: from mail.ncidata.com
by mail.ncidata.com (NCIDatacom Swift Stream Mail Server) with
SMTP id VYG40538
for
Date: Fri, 16 Feb 2007 14:42:38 -0800
From: NCI Notification
To: "Email Client"
Message-Id: <911242579@mail.ncidata.com>
Subject: Warning: antivirus system report
Content-Type: multipart/report; report-type=virus-report;
boundary="911242579200702161442367410@mail.ncidata.com"
This is a MIME-encapsulated message
--911242579200702161442367410@mail.ncidata.com
Content-Type: text/plain; charset="utf-8"
Warning: Virus 'Win32:Swen [Wrm]' detected. Message was rejected.
Message's header:
Received: from pkmpknpu ([64.139.110.40])
by mail.ncidata.com (NCIDatacom Swift Stream Mail Server) with
SMTP id VYG54636;
Fri, 16 Feb 2007 14:42:36 -0800
FROM: "MS System"
TO: "Email Client"
SUBJECT: returned message: user unknown
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="zpinyg"
The original message was received at Fri, 16 Feb 2007 14:42:38 -0800
The message was sent from: "MS System"
The message was sent to: "Email Client"
The virus found was: Win32:Swen [Wrm]
--911242579200702161442367410@mail.ncidata.com
Content-Type: message/rfc822
Received: from pkmpknpu ([64.139.110.40])
by mail.ncidata.com (NCIDatacom Swift Stream Mail Server) with
SMTP id VYG54636;
Fri, 16 Feb 2007 14:42:36 -0800
FROM: "MS System"
TO: "Email Client"
SUBJECT: returned message: user unknown
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="zpinyg"
--zpinyg--
--911242579200702161442367410@mail.ncidata.com--