email address hijacked?

[poadeleted20]

Over the last couple of days, I've received several hundred emails a day from "mailer-daemon," "system administrator," and the like saying that a message I sent was undeliverable or otherwise rejected. It appears that what was rejected was a spam message purportedly sent by me to a non-existent address. Does this mean some spammer has hijacked my email address to use to send a zillion spam emails, or is this being done by some sort of virus or worm loose in my machine (which my McAfee software has not found despite a full system and file scan)? And in either case, what can I do about it?

Thanks for the help,
Ron

 

[wsuffa]

Ron, it could be any number of things.

It may be that a virus in someone elses computer has grabbed your address and is sending spam/crapola in your name. If that's the case, nothing you can do about it.

Most likely it is not on your machine, especially if you've scanned the machine with anti-virus.

The reject message should show the full headers of the original message (that was rejected). If you can post or PM the whole reject message, it'll be easier to isolate.

 

[poadeleted20]

Here's an example...

undeliverable to sransom@northnet.org
Body of message generated response:
571 Message Refused


Original message follows.
Received: from SMTP32-FWD by stanransom.com
(SMTP32) id AE3BB015200002CA8; Mon, 30 Oct 2006 06:36:32 -0500
Received: from mindspring.com [58.70.49.36] by mailhost.westelcom.com
(SMTPD-9.10) id A3BD08F4; Mon, 30 Oct 2006 06:36:29 -0500
Message-ID: <9f6001c6fc47$5658b710$a4ce67e4@rblevy>
Reply-To: "Trader_resource" <rblevy@mindspring.com>
From: "Trader_resource" <rblevy@mindspring.com>
To: "lashay kennedy" <stan@stanransom.com>
Subject: ThisCompanyReadytoExplodeNow
Date: Mon, 30 Oct 2006 17:17:54 +0500
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_F85_8414_C6E73BC2.E2614C0E"
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
This is a multi-part message in MIME format.
------=_NextPart_F85_8414_C6E73BC2.E2614C0E
Content-Type: multipart/alternative;
boundary="----=_NextPart_7CB_B4E8_15B21444.D45AEFF5"
------=_NextPart_7CB_B4E8_15B21444.D45AEFF5
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable







holding,
Also, I am quite anxious to utilize this opportunity to show the world wh= at a powerful element electricity really is So permit me to inform you th= at, having struck the Master Key, you are at liberty to demand from me th= ree gifts each week for three successive weeks. These gifts, provided they are within the scope of electricity, I will gr= ant. Rob shook his head regretfully If I were a great electrician I should kno= w what to ask, he said, But I am too ignorant to take advantage of your k= ind offer. Then, replied the Demon, I will myself suggest the gifts, and they will b= e of such a character that the Earth people will learn the possibilities = that lie before them and be encouraged to work more intelligently and to = persevere in mastering those natural and simple laws which control electr= icity. For one of the greatest errors they now labor under is that electricity i=
[message truncated]

 

[Areeda]

The email seems to originate from 58.70.49.36 which is owned by K-Opticom Corporation of Osaka Japan. That doesn't necessarily mean they sent it.

There are a couple of spammer tricks that cause this stuff.

1. They use random addresses from the spam list as the reply to address so when people bounce or reply to the message it doesn't fill their mailbox.
2. They intentionally bounce emails with forged in hopes that you will read the bounce notification.

I don't think there is anything you can do about it. It's like trying to prohibit people from writing your address in the upper left of an evelope.

I wish besides some laws against spam we could find some resources to track these idiots down and spank them hard.

Joe

 

[wsuffa]

Agree with Joe.

Just set up a filter for this stuff and send it into oblivian.

 

[mgkdrgn]

Does it mean your name was used for a billion spam messages?

Yep.

What can you do about it?

Basically .... nothing.

Over the last couple of days, I've received several hundred emails a day from "mailer-daemon," "system administrator," and the like saying that a message I sent was undeliverable or otherwise rejected. It appears that what was rejected was a spam message purportedly sent by me to a non-existent address. Does this mean some spammer has hijacked my email address to use to send a zillion spam emails, or is this being done by some sort of virus or worm loose in my machine (which my McAfee software has not found despite a full system and file scan)? And in either case, what can I do about it?

Thanks for the help,
Ron

 

[Let'sgoflying!]

Whatever happens, if you need to contact any of us; please call!

 

[ScottM]

Does it mean your name was used for a billion spam messages?

Yep.

What can you do about it?

Basically .... nothing.

Welcome to the club Ron.

My work email, which is only used for work related stuff gets this all the time. That is because my work email is very public. As I am chairmen of severel technical commitees and I sit on the Board of Directors for a global standards group my work email is seen everywhere. It is on a lot of address books and is on the web. It gets picked for these spam things a lot. But fortunetly most filters kill the messages. When they do get through most of the people that know me recognize these as spombot generated emails and ignore.

 

[poadeleted20]

Well, the good news is that only about 75 such messages came through today -- maybe they've moved on to someone else's address.

 

[mgkdrgn]

Ya, they seem to come in waves. I had my address used for a few weeks about a year ago. They was busy little spammers!

Well, the good news is that only about 75 such messages came through today -- maybe they've moved on to someone else's address.

 

[Dave Siciliano]

Ron:
I called my ISP when that happened and they did do a few things that seemed to help. Changed my password for awhile. Has several business associates let me know they received spam from me. Would have bothered me more it I hadn't already gotten a lot from many of them.

Best,

Dave

 

[poadeleted20]

EarthLink was moderately helpful. It took two days to discover that for whatever reason, EL spamBlocker won't load into my Outlook mail handler, and I had to switch to Outlook Express. They also took my information on the spamming and the wave seems to have abated. The only problem is that I am now running spamBlocker on High, which means those not yet in my address book get one of those annoying messages to go on the web and click on something to get through (although I also get a message about their message, which I can then let in). It's not perfect, but it's working.

 

[mikea]

EarthLink was moderately helpful. It took two days to discover that for whatever reason, EL spamBlocker won't load into my Outlook mail handler, and I had to switch to Outlook Express. They also took my information on the spamming and the wave seems to have abated. The only problem is that I am now running spamBlocker on High, which means those not yet in my address book get one of those annoying messages to go on the web and click on something to get through (although I also get a message about their message, which I can then let in). It's not perfect, but it's working.

Blocking spam on your system isn't going to do a a thing about these scum spoofing your email address. Those messages don't pass through any systems that have anything to do with you.

You could kill the replies from clueless system admins by looking for "postmaster' in the From address and just deleting those.

I want something that will get these penny stock scammers. An iron maiden would be good.

For whatever reason Thunderbird won't let me filter based on the body of a message on some accounts. I need to figure that out.