Delivery failure notice

Has anyone else recently had any messages show up in their inbox w/subject "Delivery failure notice (ID-0000XXXX)" (fill in a hex number for the Xs)? I've had one a day since Wednesday, all between 9:00 and 10:00 AM my time (EDT), all from sites I've never sent messages to, all with essentially the same text:

--- Mail Part Delivered ---
220 Welcome to [mydomain.com]
Mail type: multipart/related
--- text/html RFC 2504
MX [Mail Exchanger] mx.mt2.kl.mydomain.com
Exim Status OK.

Delivered message is available.

All have a 25K attachment (of type "application/octet-stream"), which I, of course, refuse to download. It shows up addressed to what I use as my main email address (which I have never posted online). I'm assuming these are forged in some way since the Received header is always :

Received: from mydomain.com (sticksony.chem.uga.edu [128.192.5.212])
     by ludo.dreamhost.com (Postfix) with ESMTP id 95FB12843F
     for <me@mydomain.com>; Fri, 23 Apr 2004 06:53:47 -0700 (PDT)

The date and who it's from varies with each, but essentially all are the same (and I don't run the uga.edu domain!).

Is this something to be concerned about? Anyone with similar experiences? Think I should I contact to support to let them know?

You should use "example.com" instead of valid domains which are (presumably) not yours, such as "mydomain.com".

This is probably due to a virus or spam message with your domain forged as the sender. This is not unusual, but there's really nothing we can do about it.

it looks like the netsky.y worm virus, or some other variation

...yeah, don't touch that attachment.

I get those in my hotmail accounts more and more frequently.

> You should use "example.com" instead of valid domains
> which are (presumably) not yours, such as "mydomain.com".

Thanks for the tip, will; I've seen that used as an example throughout the forums, so I didn't give it a second thought. I'll try to use .example.* from now on...

> This is probably due to a virus or spam message with
> your domain forged as the sender. This is not unusual,
> but there's really nothing we can do about it.

Understandable, and I figured as much... It's not a huge concern on my end, as there are only two mail users in my domain, me and my SO, and both of us are smart enough not touch stuff like that. Just thought I'd ask since it's the first time this has happened since I registered the domain...

To be more complete, such "dummy" example domains are specified in RFC 2606:
http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2606.html

They include example.com, example.net, and example.org (though not example.* in any other TLD, such as .edu or .info), as well as the "dummy TLDs" .test, .example, .invalid, and .localhost.

Explanation of their use from the RFC:

In reply to:

".test" is recommended for use in testing of current or new DNS related code.

".example" is recommended for use in documentation or as examples.

".invalid" is intended for use in online construction of domain names that are sure to be invalid and which it is obvious at a glance are invalid.

The ".localhost" TLD has traditionally been statically defined in host DNS implementations as having an A record pointing to the loop back IP address and is reserved for such use. Any other use would conflict with widely deployed code which assumes this use.

So you can give example addresses of the form "mydomain.example".

-- Dan

> So you can give example addresses of the form
> "mydomain.example".

The main problem with this being that it doesn't look an awful lot like a domain name, and documentation is often being read by people who are confused enough as-is.

Of course, it wouldn't be the first time that an RFC writer is divorced from the real world where stuff like this matters. :>

I suppose that "example.com", etc. works fairly well, though even that isn't as clear as, say, "yourdomain.com".

- Jeff @ DreamHost
- DH Discussion Forum Admin

In reply to:
Of course, it wouldn't be the first time that an RFC writer is divorced from the real world where stuff like this matters. :>

Or, as I prefer to think, that the so-called "real world" is divorced from the technical realities (and intricate, consistent logic) of the geeks, as expressed in such places as RFCs.

Where example addresses are concerned, I'd prefer to avoid using anything with .com on it, to keep from reinforcing the unfortunate tendency of the public to regard this as the only "normal" domain ending, and encourage its abuse for addresses of noncommercial things that have no business ending in .com.

-- Dan