Bear with me this OT issue. I share the issue here because I trust most of the regular people here.
Starting this morning, I began to get thousands of bounce messages.
Apparently, spam was being sent from my domain.
I understand that most of these issues are just backscatter, but judging from the headers of the bounce messages I cannot be sure.
Thus, my question: can you tell if this is just backscatter or if my domain account was hijacked? Thanks in advance.
Below there is an anonymized bounce message.
Key: myhosting.com = my hosting provider
mydomain.org = my domain name
Delivery-date: Wed, 12 Mar 2014 17:44:13 -0500
Received: from mailnull by myhosting.com with local (Exim 4.82)
for email@example.com; Wed, 12 Mar 2014 17:44:13 -0500
From: Mail Delivery System <Mailer-Daemon@myhosting.com>
Subject: Mail delivery failed: returning message to sender
Date: Wed, 12 Mar 2014 17:44:13 -0500
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
SMTP error from remote mail server after RCPT TO:<firstname.lastname@example.org>:
host scc-mailrelay.att.net [188.8.131.52]: 551 not our customer
------ This is a copy of the message, including all the headers. ------
Received: from sombrag by myhosting.com with local (Exim 4.82)
for email@example.com; Wed, 12 Mar 2014 17:44:02 -0500
Subject: Voice Message Notification
From: "WhatsApp Messaging Service" <firstname.lastname@example.org>
Reply-To: "WhatsApp Messaging Service" <email@example.com>
Date: Wed, 12 Mar 2014 17:44:02 -0500
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
(some spam here)