Email sending out spam
Thread Starter
Joined: Sep 2009
Posts: 1,024
Likes: 37
From: England
Email sending out spam
Once upon a time (about 15 years ago!) our ISP was AOL, and as such my whole family have @aol.com emails. I don't use my @aol.com email too often, but it's used for a lot of website registrations etc.
Over the past 6 months, this email has been sending out spam about once a month for no apparent reason. I have changed my password regularly to a complete random combination of letters, numbers, symbols etc but it still continues to send spam every few weeks. Virus scans etc have picked up nothing.
I haven't visited any of the websites it's been spamming, but they don't appear to be anything too awful (thankfully).
Any idea how this email address is still sending out spam? There's no way they can be guessing my password and it isn't a virus on my PC. I'm completely confused
Over the past 6 months, this email has been sending out spam about once a month for no apparent reason. I have changed my password regularly to a complete random combination of letters, numbers, symbols etc but it still continues to send spam every few weeks. Virus scans etc have picked up nothing.
I haven't visited any of the websites it's been spamming, but they don't appear to be anything too awful (thankfully).
Any idea how this email address is still sending out spam? There's no way they can be guessing my password and it isn't a virus on my PC. I'm completely confused
Joined: Aug 2002
Posts: 3,663
Likes: 0
From: Earth
The emails are being sent to my actual contacts
Thread Starter
Joined: Sep 2009
Posts: 1,024
Likes: 37
From: England
I only ever use my AOL email via their website, and I'd like to think I'm fairly careful with what I have on my laptop etc.
To rule this out, last time I changed my password on AOL, I only ever logged in to read my emails using my iPhone, but it still sent spam.
To rule this out, last time I changed my password on AOL, I only ever logged in to read my emails using my iPhone, but it still sent spam.
Official PPRuNe Chaplain
Joined: Apr 2001
Posts: 3,498
Likes: 0
From: Witnesham, Suffolk
There are at least two possibilities:
ONE:
Someone, at some past date, hacked into your account and copied your address book. It's not uncommon.
Those hacked details are now being used to send e-mails to your contacts, almost certainly not from your account.
There's nothing you can do about it directly. You could close down that AOL account and tell everyone to dump any messages from it.
TWO:
You have a virus on your PC which is sending out that stuff.
If one of the recipients of the spams is a bit pooter-savvy, he/she can look at the headers on the spam and see where it came from. That would clarify whether it's ONE or TWO above.
ONE:
Someone, at some past date, hacked into your account and copied your address book. It's not uncommon.
Those hacked details are now being used to send e-mails to your contacts, almost certainly not from your account.
There's nothing you can do about it directly. You could close down that AOL account and tell everyone to dump any messages from it.
TWO:
You have a virus on your PC which is sending out that stuff.
If one of the recipients of the spams is a bit pooter-savvy, he/she can look at the headers on the spam and see where it came from. That would clarify whether it's ONE or TWO above.
Per Ardua ad Astraeus
Joined: Mar 2000
Posts: 18,575
Likes: 4
From: UK
750 - an age-old trick - put an entry in your address book like '0thisis [email protected]' (or whichever email host you wish)
If you get a bounce from this address, then it is YOUR AOL account that is sending the spam from YOUR address book. If not, relax and accept the wonderful world of email.
If you get a bounce from this address, then it is YOUR AOL account that is sending the spam from YOUR address book. If not, relax and accept the wonderful world of email.
Joined: Jan 2008
Aviation Qualifications: ATPL
Posts: 38
Likes: 62
From: The Smaller Antipode
I was once told to start ones' address book with the entry !0000, which was supposed to block any attempt from "outside" to illegally copy your list ?
Did it, but don't know if it works or not ?
( I also believe that if one doesn't keep a light bulb in the ceiling socket, then all the electricity leaks out over the floor ! )
Did it, but don't know if it works or not ?
( I also believe that if one doesn't keep a light bulb in the ceiling socket, then all the electricity leaks out over the floor ! )
Administrator
Joined: Mar 2001
Aviation Qualifications: PPL
Posts: 8,121
Likes: 686
From: Twickenham, home of rugby
I was once told to start ones' address book with the entry !0000, which was supposed to block any attempt from "outside" to illegally copy your list ?
snopes.com: How to Protect Your Address Book
SD
Official PPRuNe Chaplain
Joined: Apr 2001
Posts: 3,498
Likes: 0
From: Witnesham, Suffolk
Originally Posted by Keef
If one of the recipients of the spams is a bit pooter-savvy, he/she can look at the headers on the spam and see where it came from.
?Official PPRuNe Chaplain
Joined: Apr 2001
Posts: 3,498
Likes: 0
From: Witnesham, Suffolk
Depending which mail client you use, there will be something you can click to display the whole message.
If you see something that just says "From: [email protected] To: [email protected]", maybe with a date and time, then you can't tell anything from that.
What you are looking for will be something like this:
The chain starts at the bottom and works up: the IP addresses are the easiest clue.
You can see from that one that it started at 192.168.0.250 which is an address on someone's local network. If your message had that, and if don't have a local network, or if yours isn't 192.169.0.something, then you'd know already that the message didn't come from you.
The local network sent it through 80.37.212.110 - although there is no indication of the transfer from local network to mail server. "Whois" reveals where 80.37.212.110 is located. If the equivalent on your address isn't at the server address, then it's not yours.
if the problem IS in your PC, then you need to get it seen to immediately if not sooner.
If you can't decipher the headers, post them here or PM them to me and the sleuthing will begin...
If you see something that just says "From: [email protected] To: [email protected]", maybe with a date and time, then you can't tell anything from that.
What you are looking for will be something like this:
From - Fri Mar 28 14:08:30 2014
X-Account-Key: account11
X-UIDL: UID7993-1219148700
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from Postfix-filter-42a77884ce2a0a03efc6bb50a6dcdb21 (localhost [127.0.0.1])
by smtp-in-75.livemail.co.uk (Postfix) with SMTP id B620565420D
for <[email protected]>; Fri, 28 Mar 2014 14:04:21 +0000 (GMT)
Received: from smtp-in-110.livemail.co.uk (smtp-in-110.livemail.co.uk [213.171.216.171])
by smtp-in-75.livemail.co.uk (Postfix) with ESMTP id 28174654205
for <[email protected]>; Fri, 28 Mar 2014 14:04:18 +0000 (GMT)
Received: from Postfix-filter-42a77884ce2a0a03efc6bb50a6dcdb21 (localhost.localdomain [127.0.0.1])
by smtp-in-110.livemail.co.uk (Postfix) with SMTP id A59CBD8193
for <[email protected]>; Fri, 28 Mar 2014 14:04:18 +0000 (GMT)
Received: from 110.Red-80-37-212.staticIP.rima-tde.net (110.Red-80-37-212.staticIP.rima-tde.net [80.37.212.110])
by smtp-in-110.livemail.co.uk (Postfix) with ESMTP id 5FA11D8195
for <[email protected]>; Fri, 28 Mar 2014 14:04:18 +0000 (GMT)
Received: from 192.168.0.250 ([192.168.0.250])
Message-ID: <F2CE492568CC4D2D8AEDFAC3716F68BF@home-jjkol10>
From: "Gabriel Marlow" <[email protected]>
To: "Benjamin Davidson" <[email protected]>
Subject: Check vacancies in our company
Date: Fri, 28-Mar-2014 14:07:06 GMT
X-Account-Key: account11
X-UIDL: UID7993-1219148700
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from Postfix-filter-42a77884ce2a0a03efc6bb50a6dcdb21 (localhost [127.0.0.1])
by smtp-in-75.livemail.co.uk (Postfix) with SMTP id B620565420D
for <[email protected]>; Fri, 28 Mar 2014 14:04:21 +0000 (GMT)
Received: from smtp-in-110.livemail.co.uk (smtp-in-110.livemail.co.uk [213.171.216.171])
by smtp-in-75.livemail.co.uk (Postfix) with ESMTP id 28174654205
for <[email protected]>; Fri, 28 Mar 2014 14:04:18 +0000 (GMT)
Received: from Postfix-filter-42a77884ce2a0a03efc6bb50a6dcdb21 (localhost.localdomain [127.0.0.1])
by smtp-in-110.livemail.co.uk (Postfix) with SMTP id A59CBD8193
for <[email protected]>; Fri, 28 Mar 2014 14:04:18 +0000 (GMT)
Received: from 110.Red-80-37-212.staticIP.rima-tde.net (110.Red-80-37-212.staticIP.rima-tde.net [80.37.212.110])
by smtp-in-110.livemail.co.uk (Postfix) with ESMTP id 5FA11D8195
for <[email protected]>; Fri, 28 Mar 2014 14:04:18 +0000 (GMT)
Received: from 192.168.0.250 ([192.168.0.250])
Message-ID: <F2CE492568CC4D2D8AEDFAC3716F68BF@home-jjkol10>
From: "Gabriel Marlow" <[email protected]>
To: "Benjamin Davidson" <[email protected]>
Subject: Check vacancies in our company
Date: Fri, 28-Mar-2014 14:07:06 GMT
You can see from that one that it started at 192.168.0.250 which is an address on someone's local network. If your message had that, and if don't have a local network, or if yours isn't 192.169.0.something, then you'd know already that the message didn't come from you.
The local network sent it through 80.37.212.110 - although there is no indication of the transfer from local network to mail server. "Whois" reveals where 80.37.212.110 is located. If the equivalent on your address isn't at the server address, then it's not yours.
if the problem IS in your PC, then you need to get it seen to immediately if not sooner.
If you can't decipher the headers, post them here or PM them to me and the sleuthing will begin...
