Are the mails from mailer-daemon@googlemail.com authentic?
Some months ago, I started to receive some emails from "Mail Delivery Subsystem" (mailer-daemon@googlemail.com). Despite this being an "automatic" failure email, I thought these emails were spam, so I just ignored them. But today I received many more emails, and this started to disturb me.
These emails are sent from mailer-daemon@googlemail.com (there is an icon that indicates a reply email) and says that "MYEMAIL@aol.com couldn't be found". "MYEMAIL" is the email that is receiving these messages, but with domain "aol.com" (I don't have any email from this domain).
In these emails, there is always an attached file about something attractive, like diets and wines. I think the most curious detail is that I was receiving these emails but in a "normal way". Before receiving mailer-daemon, I was receiving spam like normal, even with the same subject, and at some point this changed to mailer-daemon. Another detail is despite these emails always having an attached file, I can't see the attached file icon until I open the email. Only then, when I close the email, I can see the attached file icon. Obviously I never downloaded these files
I already changed my password, checked login's entries and everything seems to be normal. I can just block emails from mailer-daemon@googlemail.com, but I'm concerned about why this is happening.
This mailer-daemon@googlemail.com is probably backscatter spam, in which a spammer sends out junk with a forged sender address. Recipient addresses that bounce (on servers misconfigured to send bounce messages as external email) will be sent to that forged sender address. In this case, that was you. However, it seems highly unlikely that Google is so misconfigured. If you can paste a copy of one of those bounces as source code in your question, I can help you determine whether it truly came from Google or if the whole thing is forged. My suspicion is that you're forwarding these messages to another (non-Google) account and the receiving system has SMTP-rejected them as spam, which will generate a legitimate bounce message back to you.
Answer (1)
Emails from "Mailer-Daemon" typically indicate automated messages generated by mail servers to notify users about delivery issues or other email-related problems. However, the authenticity of such emails depends on various factors:
Sender Address: In your case, "Mailer-Daemon" emails purportedly coming from Googlemail.com should be treated with caution. While Google does use Mailer-Daemon notifications for bounced emails and other delivery issues, scammers can spoof sender addresses to make their emails appear legitimate.
Content: Authentic Mailer-Daemon emails usually contain information about the failed delivery, such as the recipient's address, the reason for the failure, and sometimes troubleshooting tips. If the content seems suspicious, it's wise to be skeptical.
Links and Attachments: Be wary of any links or attachments included in the email, especially if you were not expecting them. Malicious actors often use phishing links or malware attachments in spoofed emails to trick recipients into revealing sensitive information or compromising their devices.
To verify the authenticity of an email purportedly from "Mailer-Daemon" or any other sender, consider the following steps:
- Check the email headers for any inconsistencies or signs of spoofing.
- If the email claims to be from a legitimate company or service, such as Google, verify the sender's domain and compare it to known domains used by that company.
- Avoid clicking on links or downloading attachments from suspicious emails. Instead, independently verify the information through the company's official website or contact their support directly.
- If you're uncertain about the legitimacy of an email, err on the side of caution and refrain from taking any actions requested in the email until you can verify its authenticity.
If you receive an email from "Mailer-Daemon" that you suspect may be fraudulent, it's a good idea to report it to your email provider as spam or phishing. Most email providers have mechanisms in place to handle such reports and prevent similar emails from reaching other users.