Email sending out spam
Thread Starter
Join Date: Sep 2009
Location: England
Posts: 1,008
Likes: 0
Received 0 Likes
on
0 Posts
Email sending out spam
Once upon a time (about 15 years ago!) our ISP was AOL, and as such my whole family have @aol.com emails. I don't use my @aol.com email too often, but it's used for a lot of website registrations etc.
Over the past 6 months, this email has been sending out spam about once a month for no apparent reason. I have changed my password regularly to a complete random combination of letters, numbers, symbols etc but it still continues to send spam every few weeks. Virus scans etc have picked up nothing.
I haven't visited any of the websites it's been spamming, but they don't appear to be anything too awful (thankfully).
Any idea how this email address is still sending out spam? There's no way they can be guessing my password and it isn't a virus on my PC. I'm completely confused
Over the past 6 months, this email has been sending out spam about once a month for no apparent reason. I have changed my password regularly to a complete random combination of letters, numbers, symbols etc but it still continues to send spam every few weeks. Virus scans etc have picked up nothing.
I haven't visited any of the websites it's been spamming, but they don't appear to be anything too awful (thankfully).
Any idea how this email address is still sending out spam? There's no way they can be guessing my password and it isn't a virus on my PC. I'm completely confused
Thread Starter
Join Date: Sep 2009
Location: England
Posts: 1,008
Likes: 0
Received 0 Likes
on
0 Posts
Bugger, I'm guessing there's nothing that can be done against this?
The emails are being sent to my actual contacts, is that possible from spoofing?
Thanks
The emails are being sent to my actual contacts, is that possible from spoofing?
Thanks
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
The emails are being sent to my actual contacts
Thread Starter
Join Date: Sep 2009
Location: England
Posts: 1,008
Likes: 0
Received 0 Likes
on
0 Posts
I only ever use my AOL email via their website, and I'd like to think I'm fairly careful with what I have on my laptop etc.
To rule this out, last time I changed my password on AOL, I only ever logged in to read my emails using my iPhone, but it still sent spam.
To rule this out, last time I changed my password on AOL, I only ever logged in to read my emails using my iPhone, but it still sent spam.
Official PPRuNe Chaplain
Join Date: Apr 2001
Location: Witnesham, Suffolk
Age: 80
Posts: 3,498
Likes: 0
Received 0 Likes
on
0 Posts
There are at least two possibilities:
ONE:
Someone, at some past date, hacked into your account and copied your address book. It's not uncommon.
Those hacked details are now being used to send e-mails to your contacts, almost certainly not from your account.
There's nothing you can do about it directly. You could close down that AOL account and tell everyone to dump any messages from it.
TWO:
You have a virus on your PC which is sending out that stuff.
If one of the recipients of the spams is a bit pooter-savvy, he/she can look at the headers on the spam and see where it came from. That would clarify whether it's ONE or TWO above.
ONE:
Someone, at some past date, hacked into your account and copied your address book. It's not uncommon.
Those hacked details are now being used to send e-mails to your contacts, almost certainly not from your account.
There's nothing you can do about it directly. You could close down that AOL account and tell everyone to dump any messages from it.
TWO:
You have a virus on your PC which is sending out that stuff.
If one of the recipients of the spams is a bit pooter-savvy, he/she can look at the headers on the spam and see where it came from. That would clarify whether it's ONE or TWO above.
Per Ardua ad Astraeus
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
750 - an age-old trick - put an entry in your address book like '0thisis [email protected]' (or whichever email host you wish)
If you get a bounce from this address, then it is YOUR AOL account that is sending the spam from YOUR address book. If not, relax and accept the wonderful world of email.
If you get a bounce from this address, then it is YOUR AOL account that is sending the spam from YOUR address book. If not, relax and accept the wonderful world of email.
I was once told to start ones' address book with the entry !0000, which was supposed to block any attempt from "outside" to illegally copy your list ?
Did it, but don't know if it works or not ?
( I also believe that if one doesn't keep a light bulb in the ceiling socket, then all the electricity leaks out over the floor ! )
Did it, but don't know if it works or not ?
( I also believe that if one doesn't keep a light bulb in the ceiling socket, then all the electricity leaks out over the floor ! )
Spoon PPRuNerist & Mad Inistrator
I was once told to start ones' address book with the entry !0000, which was supposed to block any attempt from "outside" to illegally copy your list ?
snopes.com: How to Protect Your Address Book
SD
Official PPRuNe Chaplain
Join Date: Apr 2001
Location: Witnesham, Suffolk
Age: 80
Posts: 3,498
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by Keef
If one of the recipients of the spams is a bit pooter-savvy, he/she can look at the headers on the spam and see where it came from.
?Per Ardua ad Astraeus
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
The from address - not the one you 'see' in your client (which may be 'spoofed') but in the header? If in doubt, cut and paste it here and the doctor will see you shortly.
Thread Starter
Join Date: Sep 2009
Location: England
Posts: 1,008
Likes: 0
Received 0 Likes
on
0 Posts
Ah yes, it's showing from my actual email address rather than a contact 'nickname'.
Looks like I'll have to live with it for a while
Maybe they'll give up eventually...
Looks like I'll have to live with it for a while
Maybe they'll give up eventually...
Official PPRuNe Chaplain
Join Date: Apr 2001
Location: Witnesham, Suffolk
Age: 80
Posts: 3,498
Likes: 0
Received 0 Likes
on
0 Posts
Depending which mail client you use, there will be something you can click to display the whole message.
If you see something that just says "From: [email protected] To: [email protected]", maybe with a date and time, then you can't tell anything from that.
What you are looking for will be something like this:
The chain starts at the bottom and works up: the IP addresses are the easiest clue.
You can see from that one that it started at 192.168.0.250 which is an address on someone's local network. If your message had that, and if don't have a local network, or if yours isn't 192.169.0.something, then you'd know already that the message didn't come from you.
The local network sent it through 80.37.212.110 - although there is no indication of the transfer from local network to mail server. "Whois" reveals where 80.37.212.110 is located. If the equivalent on your address isn't at the server address, then it's not yours.
if the problem IS in your PC, then you need to get it seen to immediately if not sooner.
If you can't decipher the headers, post them here or PM them to me and the sleuthing will begin...
If you see something that just says "From: [email protected] To: [email protected]", maybe with a date and time, then you can't tell anything from that.
What you are looking for will be something like this:
From - Fri Mar 28 14:08:30 2014
X-Account-Key: account11
X-UIDL: UID7993-1219148700
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from Postfix-filter-42a77884ce2a0a03efc6bb50a6dcdb21 (localhost [127.0.0.1])
by smtp-in-75.livemail.co.uk (Postfix) with SMTP id B620565420D
for <[email protected]>; Fri, 28 Mar 2014 14:04:21 +0000 (GMT)
Received: from smtp-in-110.livemail.co.uk (smtp-in-110.livemail.co.uk [213.171.216.171])
by smtp-in-75.livemail.co.uk (Postfix) with ESMTP id 28174654205
for <[email protected]>; Fri, 28 Mar 2014 14:04:18 +0000 (GMT)
Received: from Postfix-filter-42a77884ce2a0a03efc6bb50a6dcdb21 (localhost.localdomain [127.0.0.1])
by smtp-in-110.livemail.co.uk (Postfix) with SMTP id A59CBD8193
for <[email protected]>; Fri, 28 Mar 2014 14:04:18 +0000 (GMT)
Received: from 110.Red-80-37-212.staticIP.rima-tde.net (110.Red-80-37-212.staticIP.rima-tde.net [80.37.212.110])
by smtp-in-110.livemail.co.uk (Postfix) with ESMTP id 5FA11D8195
for <[email protected]>; Fri, 28 Mar 2014 14:04:18 +0000 (GMT)
Received: from 192.168.0.250 ([192.168.0.250])
Message-ID: <F2CE492568CC4D2D8AEDFAC3716F68BF@home-jjkol10>
From: "Gabriel Marlow" <[email protected]>
To: "Benjamin Davidson" <[email protected]>
Subject: Check vacancies in our company
Date: Fri, 28-Mar-2014 14:07:06 GMT
X-Account-Key: account11
X-UIDL: UID7993-1219148700
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from Postfix-filter-42a77884ce2a0a03efc6bb50a6dcdb21 (localhost [127.0.0.1])
by smtp-in-75.livemail.co.uk (Postfix) with SMTP id B620565420D
for <[email protected]>; Fri, 28 Mar 2014 14:04:21 +0000 (GMT)
Received: from smtp-in-110.livemail.co.uk (smtp-in-110.livemail.co.uk [213.171.216.171])
by smtp-in-75.livemail.co.uk (Postfix) with ESMTP id 28174654205
for <[email protected]>; Fri, 28 Mar 2014 14:04:18 +0000 (GMT)
Received: from Postfix-filter-42a77884ce2a0a03efc6bb50a6dcdb21 (localhost.localdomain [127.0.0.1])
by smtp-in-110.livemail.co.uk (Postfix) with SMTP id A59CBD8193
for <[email protected]>; Fri, 28 Mar 2014 14:04:18 +0000 (GMT)
Received: from 110.Red-80-37-212.staticIP.rima-tde.net (110.Red-80-37-212.staticIP.rima-tde.net [80.37.212.110])
by smtp-in-110.livemail.co.uk (Postfix) with ESMTP id 5FA11D8195
for <[email protected]>; Fri, 28 Mar 2014 14:04:18 +0000 (GMT)
Received: from 192.168.0.250 ([192.168.0.250])
Message-ID: <F2CE492568CC4D2D8AEDFAC3716F68BF@home-jjkol10>
From: "Gabriel Marlow" <[email protected]>
To: "Benjamin Davidson" <[email protected]>
Subject: Check vacancies in our company
Date: Fri, 28-Mar-2014 14:07:06 GMT
You can see from that one that it started at 192.168.0.250 which is an address on someone's local network. If your message had that, and if don't have a local network, or if yours isn't 192.169.0.something, then you'd know already that the message didn't come from you.
The local network sent it through 80.37.212.110 - although there is no indication of the transfer from local network to mail server. "Whois" reveals where 80.37.212.110 is located. If the equivalent on your address isn't at the server address, then it's not yours.
if the problem IS in your PC, then you need to get it seen to immediately if not sooner.
If you can't decipher the headers, post them here or PM them to me and the sleuthing will begin...
Join Date: Jan 2007
Location: San Jose
Posts: 727
Likes: 0
Received 0 Likes
on
0 Posts
You have to be prepared for the earlier Received: headers to be forged, start at the top and work backwards through the ones you think you can trust. There is a bit of an art to it.
