Windows Vista Tips

Windows Vista Tips > Newsgroups > Windows Live Mail > Mail Delivery System emails???

Reply
Thread Tools Display Modes

Mail Delivery System emails???

 
 
Walter Goldschmidt
Guest
Posts: n/a

 
      10-26-2010
Keep getting these emails, about 20 to 30 a day. They say From:Mail Delivery
System. Subject:Mail Delivery Failure. Then below I have pasted what they
say. The also have an attached file which I scanned for a virus and found
none. The attached file is called ATT00069.dat I've attached that file
but I don't know if it will come through or not. Appreciate any help on
this.


Walt

This message was created automatically by the mail system (ecelerity).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

>>> (after RCPT TO): 550 Requested action not taken:
>>> mailbox unavailable




--------------------------------------------------------------------------------


------ This is a copy of the original message, including all headers. ------

Return-Path: <>
Authentication-Results: cdptpa-omtalb.mail.rr.com
smtp.user=; auth=pass (PLAIN)
X-Authority-Analysis: v=1.1 cv=Inhw+Jdt7z1D3BivGPfn2aw54OvUEJw5lAn/booRZkE=
c=1 sm=0 a=8YLJaDplg2QA:10 a=IkcTkHD0fZMA:10 a=U6zP4io0eyXriI5kRbCzZQ==:17
a=d7R94OsRAAAA:20 a=gjV1xc0t9rE_m_cTh2YA:9 a=Z8v8luvMMntYOCPAby4A:7
a=dGo9NWTa6S_Fgz_JYQY6Zxa1k0oA:4 a=QEXdDO2ut3YA:10 a=F0BH2fg0mm0A:10
a=U6zP4io0eyXriI5kRbCzZQ==:117
X-Cloudmark-Score: 0
X-Originating-IP: 190.41.121.100
Received: from [190.41.121.100] ([190.41.121.100:17547] helo=Devin)
by cdptpa-oedge04.mail.rr.com (envelope-from <>)
(ecelerity 2.2.3.46 r()) with ESMTPA
id 12/1D-13137-F4627CC4; Tue, 26 Oct 2010 19:04:47 +0000
Message-ID: <>
Date: Tue, 26 Oct 2010 14:04:49 -0500
From: Devin Rheome <>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.2.7)
Gecko/20100713 Thunderbird/3.1.1
MIME-Version: 1.0
To: "Webber00799" <>
Subject: D'o you id;entify m'e o:n that picture?
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>D'o you id;entify m'e o:n that picture?</title>
</head>
<body bgcolor="#ffffff" text="#000000">
<a href="http://LNK.by/edq3P">http://LNK.by/edq3P</a>
Name was dark eyes and called<br>
Help thinking as much better. Whether he sat down beside the matter<br>
Rejoined kate gently at length in short<br>
<br>
</body>
</html>

 
Reply With Quote
 
 
 
 
Magnus
Guest
Posts: n/a

 
      10-26-2010
This is porn spam. It bounced because the email address is bad, or the
receiving account is over capacity, or that MSN rejected the email as spam.
Like a fool I checked the link.

It appears to be using your smtp server and account password (I'm not 100%
sure of this)
Are you sending these intentionally? (I doubt)
Do these messages also appear in your Sent folder? (big trouble)
Is the "to" email in your address book? (probably not)

>>>>Please expunge your email info when posting<<<<<


This is how the spammers get your address.

Download malwarebytes antimalware and superantispyware. Install, and update
their signature files. Do a FULL scan of your system one at a time. Clean,
reboot to safe mode, and scan again.

It would be prudent to change your email password with road runner.

"Walter Goldschmidt" <@woh.rr.com> wrote in message
news:ia79it$m9j$...
> Keep getting these emails, about 20 to 30 a day. They say From:Mail
> Delivery
> System. Subject:Mail Delivery Failure. Then below I have pasted what they
> say. The also have an attached file which I scanned for a virus and found
> none. The attached file is called ATT00069.dat I've attached that
> file
> but I don't know if it will come through or not. Appreciate any help on
> this.
>
>
> Walt
>
> This message was created automatically by the mail system (ecelerity).
>
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
>
>>>> (after RCPT TO): 550 Requested action not taken:
>>>> mailbox unavailable

>
>
>
> --------------------------------------------------------------------------------
>
>
> ------ This is a copy of the original message, including all
> headers. ------
>
> Return-Path: <>
> Authentication-Results: cdptpa-omtalb.mail.rr.com
> smtp.user=; auth=pass (PLAIN)
> X-Authority-Analysis: v=1.1
> cv=Inhw+Jdt7z1D3BivGPfn2aw54OvUEJw5lAn/booRZkE=
> c=1 sm=0 a=8YLJaDplg2QA:10 a=IkcTkHD0fZMA:10 a=U6zP4io0eyXriI5kRbCzZQ==:17
> a=d7R94OsRAAAA:20 a=gjV1xc0t9rE_m_cTh2YA:9 a=Z8v8luvMMntYOCPAby4A:7
> a=dGo9NWTa6S_Fgz_JYQY6Zxa1k0oA:4 a=QEXdDO2ut3YA:10 a=F0BH2fg0mm0A:10
> a=U6zP4io0eyXriI5kRbCzZQ==:117
> X-Cloudmark-Score: 0
> X-Originating-IP: 190.41.121.100
> Received: from [190.41.121.100] ([190.41.121.100:17547] helo=Devin)
> by cdptpa-oedge04.mail.rr.com (envelope-from <>)
> (ecelerity 2.2.3.46 r()) with ESMTPA
> id 12/1D-13137-F4627CC4; Tue, 26 Oct 2010 19:04:47 +0000
> Message-ID: <>
> Date: Tue, 26 Oct 2010 14:04:49 -0500
> From: Devin Rheome <>
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.2.7)
> Gecko/20100713 Thunderbird/3.1.1
> MIME-Version: 1.0
> To: "Webber00799" <>
> Subject: D'o you id;entify m'e o:n that picture?
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: 7bit
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
>
> <meta http-equiv="content-type" content="text/html; charset=UTF-8">
> <title>D'o you id;entify m'e o:n that picture?</title>
> </head>
> <body bgcolor="#ffffff" text="#000000">
> <a href="http://LNK.by/XXXXX">http://LNK.by/XXXXX</a>
> Name was dark eyes and called<br>
> Help thinking as much better. Whether he sat down beside the matter<br>
> Rejoined kate gently at length in short<br>
> <br>
> </body>
> </html>
>


 
Reply With Quote
 
 
 
 
Walter Goldschmidt
Guest
Posts: n/a

 
      10-26-2010
No to all your questions. I haven't sent a single email to any of these,
they aren't in my address book. Also not in my sent folder. I'll change my
password. I've got Kaspersky Internet Security on my computer and I've gone
to Kaspersky's web site and downloaded a virus removal tool called
VirutKiller and ran it after disabling System Restore but it didn't find
anything. Also the email address I have listed is not my true address. I'll
also try those 2 programs you mentioned and change my password then I'll let
you know what I find out. Thanks.

Walt

"Magnus" wrote in message news:3cHxo.189$...

This is porn spam. It bounced because the email address is bad, or the
receiving account is over capacity, or that MSN rejected the email as spam.
Like a fool I checked the link.

It appears to be using your smtp server and account password (I'm not 100%
sure of this)
Are you sending these intentionally? (I doubt)
Do these messages also appear in your Sent folder? (big trouble)
Is the "to" email in your address book? (probably not)

>>>>Please expunge your email info when posting<<<<<


This is how the spammers get your address.

Download malwarebytes antimalware and superantispyware. Install, and update
their signature files. Do a FULL scan of your system one at a time. Clean,
reboot to safe mode, and scan again.

It would be prudent to change your email password with road runner.

"Walter Goldschmidt" <@woh.rr.com> wrote in message
news:ia79it$m9j$...
> Keep getting these emails, about 20 to 30 a day. They say From:Mail
> Delivery
> System. Subject:Mail Delivery Failure. Then below I have pasted what they
> say. The also have an attached file which I scanned for a virus and found
> none. The attached file is called ATT00069.dat I've attached that
> file
> but I don't know if it will come through or not. Appreciate any help on
> this.
>
>
> Walt
>
> This message was created automatically by the mail system (ecelerity).
>
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
>
>>>> (after RCPT TO): 550 Requested action not taken:
>>>> mailbox unavailable

>
>
>
> --------------------------------------------------------------------------------
>
>
> ------ This is a copy of the original message, including all
> headers. ------
>
> Return-Path: <>
> Authentication-Results: cdptpa-omtalb.mail.rr.com
> smtp.user=; auth=pass (PLAIN)
> X-Authority-Analysis: v=1.1
> cv=Inhw+Jdt7z1D3BivGPfn2aw54OvUEJw5lAn/booRZkE=
> c=1 sm=0 a=8YLJaDplg2QA:10 a=IkcTkHD0fZMA:10 a=U6zP4io0eyXriI5kRbCzZQ==:17
> a=d7R94OsRAAAA:20 a=gjV1xc0t9rE_m_cTh2YA:9 a=Z8v8luvMMntYOCPAby4A:7
> a=dGo9NWTa6S_Fgz_JYQY6Zxa1k0oA:4 a=QEXdDO2ut3YA:10 a=F0BH2fg0mm0A:10
> a=U6zP4io0eyXriI5kRbCzZQ==:117
> X-Cloudmark-Score: 0
> X-Originating-IP: 190.41.121.100
> Received: from [190.41.121.100] ([190.41.121.100:17547] helo=Devin)
> by cdptpa-oedge04.mail.rr.com (envelope-from <>)
> (ecelerity 2.2.3.46 r()) with ESMTPA
> id 12/1D-13137-F4627CC4; Tue, 26 Oct 2010 19:04:47 +0000
> Message-ID: <>
> Date: Tue, 26 Oct 2010 14:04:49 -0500
> From: Devin Rheome <>
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.2.7)
> Gecko/20100713 Thunderbird/3.1.1
> MIME-Version: 1.0
> To: "Webber00799" <>
> Subject: D'o you id;entify m'e o:n that picture?
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: 7bit
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
>
> <meta http-equiv="content-type" content="text/html; charset=UTF-8">
> <title>D'o you id;entify m'e o:n that picture?</title>
> </head>
> <body bgcolor="#ffffff" text="#000000">
> <a href="http://LNK.by/XXXXX">http://LNK.by/XXXXX</a>
> Name was dark eyes and called<br>
> Help thinking as much better. Whether he sat down beside the matter<br>
> Rejoined kate gently at length in short<br>
> <br>
> </body>
> </html>
>

 
Reply With Quote
 
Magnus
Guest
Posts: n/a

 
      10-27-2010
It's possible that your email address has been harvested and is forged as
the from source on a spam system completely apart from you and your account.
To be sure, check your webmail interface sent folder. If you see nothing
unusual here, you're just a victim of a virulent spamming jerk. If that's
the case, changing your password will have no effect and you'll continue to
receive the bouncing emails until the spammer swaps your email address for
another.

At Earthlink I'd get these maybe a few times a month, and figure they were
random. But at your level, I'd want to check that nothing has been
compromised.


"Walter Goldschmidt" <> wrote in message
news:ia7mth$dq5$...
> No to all your questions. I haven't sent a single email to any of these,
> they aren't in my address book. Also not in my sent folder. I'll change my
> password. I've got Kaspersky Internet Security on my computer and I've
> gone to Kaspersky's web site and downloaded a virus removal tool called
> VirutKiller and ran it after disabling System Restore but it didn't find
> anything. Also the email address I have listed is not my true address.
> I'll also try those 2 programs you mentioned and change my password then
> I'll let you know what I find out. Thanks.
>
> Walt
>
> "Magnus" wrote in message news:3cHxo.189$...
>
> This is porn spam. It bounced because the email address is bad, or the
> receiving account is over capacity, or that MSN rejected the email as
> spam.
> Like a fool I checked the link.
>
> It appears to be using your smtp server and account password (I'm not 100%
> sure of this)
> Are you sending these intentionally? (I doubt)
> Do these messages also appear in your Sent folder? (big trouble)
> Is the "to" email in your address book? (probably not)
>
>>>>>Please expunge your email info when posting<<<<<

>
> This is how the spammers get your address.
>
> Download malwarebytes antimalware and superantispyware. Install, and
> update
> their signature files. Do a FULL scan of your system one at a time. Clean,
> reboot to safe mode, and scan again.
>
> It would be prudent to change your email password with road runner.
>
> "Walter Goldschmidt" <@woh.rr.com> wrote in message
> news:ia79it$m9j$...
>> Keep getting these emails, about 20 to 30 a day. They say From:Mail
>> Delivery
>> System. Subject:Mail Delivery Failure. Then below I have pasted what they
>> say. The also have an attached file which I scanned for a virus and found
>> none. The attached file is called ATT00069.dat I've attached that
>> file
>> but I don't know if it will come through or not. Appreciate any help on
>> this.
>>
>>
>> Walt
>>
>> This message was created automatically by the mail system (ecelerity).
>>
>> A message that you sent could not be delivered to one or more of its
>> recipients. This is a permanent error. The following address(es) failed:
>>
>>>>> (after RCPT TO): 550 Requested action not taken:
>>>>> mailbox unavailable

>>
>>
>>
>> --------------------------------------------------------------------------------
>>
>>
>> ------ This is a copy of the original message, including all
>> headers. ------
>>
>> Return-Path: <>
>> Authentication-Results: cdptpa-omtalb.mail.rr.com
>> smtp.user=; auth=pass (PLAIN)
>> X-Authority-Analysis: v=1.1
>> cv=Inhw+Jdt7z1D3BivGPfn2aw54OvUEJw5lAn/booRZkE=
>> c=1 sm=0 a=8YLJaDplg2QA:10 a=IkcTkHD0fZMA:10
>> a=U6zP4io0eyXriI5kRbCzZQ==:17
>> a=d7R94OsRAAAA:20 a=gjV1xc0t9rE_m_cTh2YA:9 a=Z8v8luvMMntYOCPAby4A:7
>> a=dGo9NWTa6S_Fgz_JYQY6Zxa1k0oA:4 a=QEXdDO2ut3YA:10 a=F0BH2fg0mm0A:10
>> a=U6zP4io0eyXriI5kRbCzZQ==:117
>> X-Cloudmark-Score: 0
>> X-Originating-IP: 190.41.121.100
>> Received: from [190.41.121.100] ([190.41.121.100:17547] helo=Devin)
>> by cdptpa-oedge04.mail.rr.com (envelope-from <>)
>> (ecelerity 2.2.3.46 r()) with ESMTPA
>> id 12/1D-13137-F4627CC4; Tue, 26 Oct 2010 19:04:47 +0000
>> Message-ID: <>
>> Date: Tue, 26 Oct 2010 14:04:49 -0500
>> From: Devin Rheome <>
>> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.2.7)
>> Gecko/20100713 Thunderbird/3.1.1
>> MIME-Version: 1.0
>> To: "Webber00799" <>
>> Subject: D'o you id;entify m'e o:n that picture?
>> Content-Type: text/html; charset=UTF-8
>> Content-Transfer-Encoding: 7bit
>>
>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>> <html>
>> <head>
>>
>> <meta http-equiv="content-type" content="text/html; charset=UTF-8">
>> <title>D'o you id;entify m'e o:n that picture?</title>
>> </head>
>> <body bgcolor="#ffffff" text="#000000">
>> <a href="http://LNK.by/XXXXX">http://LNK.by/XXXXX</a>
>> Name was dark eyes and called<br>
>> Help thinking as much better. Whether he sat down beside the
>> matter<br>
>> Rejoined kate gently at length in short<br>
>> <br>
>> </body>
>> </html>
>>


 
Reply With Quote
 
N. Miller
Guest
Posts: n/a

 
      10-27-2010
On Tue, 26 Oct 2010 15:18:51 -0400, Walter Goldschmidt wrote:

> Keep getting these emails, about 20 to 30 a day. They say From:Mail Delivery
> System. Subject:Mail Delivery Failure. Then below I have pasted what they
> say. The also have an attached file which I scanned for a virus and found
> none. The attached file is called ATT00069.dat I've attached that file
> but I don't know if it will come through or not. Appreciate any help on
> this.


The attachment is failing to open in my client. The following header line
from your posted "original message" is interesting:

| Received: from [190.41.121.100] ([190.41.121.100:17547] helo=Devin)
| by cdptpa-oedge04.mail.rr.com (envelope-from <>)
| (ecelerity 2.2.3.46 r()) with ESMTPA
| id 12/1D-13137-F4627CC4; Tue, 26 Oct 2010 19:04:47 +0000

This is saying that a Road Runner mail server (operated by RR for their
customers) got the email from a host on the 'Telefonica del Peru' network;
probably an ISP customer because there is no rDNS on the IP address (typical
of dynamic hosts in Latin America (LACNIC) and Asia (APNIC).

The problem, that I can see, is that the Hotmail address of the recipient is
no good, or the mailbox is full (unlikely, I think, because Hotmail
mailboxes are pretty large). And this appears to be a Road Runner message
submission server, which is relaying from Peru. So the spammer appears to be
using your email account credentials (Username+Password) to induce the Road
Runner message submission servers to send this spam as you. This will not be
the first time that an ISP account has been compromised by spammers in order
to evade port 25 blocks.

It is unlikely that your computer is compromised. More likely just your Road
Runner email account has been compromised. When you change your account
password, consider using a password at least sixteen characters in length,
and a random mix of upper and lower case alpha characters, numerals, and at
least one "special character" (pound sign (#), caret (^), or whatever, if RR
allows.

This sort of compromise it the target of "phishing" attempts, where an ISP
email account holder is told that the ESP is revamping their email system,
and the user must validate their account by sending the account
Username+Password, or lose that account. I've seen Hotmail and AT&T email
account users asking if such a request is a valid request from those
respective services. I am sure that Road Runner users are not exempt from
such phishing attempts.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum
 
Reply With Quote
 
Walter Goldschmidt
Guest
Posts: n/a

 
      10-27-2010
OK, I changed my Road Runner email password. I ran a virus scan with both
malwarebytes antimalware & superantispyware in both regular mode and safe
mode. I found 59 adware's using superantispyware in regular mode and none
when I ran it in safe mode. After running malwarebytes I found 1 malware in
regular mode and none in safe mode. That was on my laptop. On my desktop I
found a lot more with superantispyware in regular mode and a lot less in
safe mode. Also same with malwarebytes. I don't know if 2 computers on same
link can effect each other or not. The laptop has a wireless connection and
the desk top a hard wired. The laptop is used 95% of the time. I do very
little porn searching but hey I'm a man and occasionally I do catch myself
checking the women out. I also do a little movie & music downloading using
BitTorrent. Since the changes last night I haven't received any of those
emails so far today. Give me another day and I'll let you know if I get
anymore. I may have a few questions for you guys too since you seem to be
knowledgeable on this. Thanks.

Walt

"N. Miller" wrote in message newsqmltcx23d7l$....

On Tue, 26 Oct 2010 15:18:51 -0400, Walter Goldschmidt wrote:

> Keep getting these emails, about 20 to 30 a day. They say From:Mail
> Delivery
> System. Subject:Mail Delivery Failure. Then below I have pasted what they
> say. The also have an attached file which I scanned for a virus and found
> none. The attached file is called ATT00069.dat I've attached that
> file
> but I don't know if it will come through or not. Appreciate any help on
> this.


The attachment is failing to open in my client. The following header line
from your posted "original message" is interesting:

| Received: from [190.41.121.100] ([190.41.121.100:17547] helo=Devin)
| by cdptpa-oedge04.mail.rr.com (envelope-from
<>)
| (ecelerity 2.2.3.46 r()) with ESMTPA
| id 12/1D-13137-F4627CC4; Tue, 26 Oct 2010 19:04:47 +0000

This is saying that a Road Runner mail server (operated by RR for their
customers) got the email from a host on the 'Telefonica del Peru' network;
probably an ISP customer because there is no rDNS on the IP address (typical
of dynamic hosts in Latin America (LACNIC) and Asia (APNIC).

The problem, that I can see, is that the Hotmail address of the recipient is
no good, or the mailbox is full (unlikely, I think, because Hotmail
mailboxes are pretty large). And this appears to be a Road Runner message
submission server, which is relaying from Peru. So the spammer appears to be
using your email account credentials (Username+Password) to induce the Road
Runner message submission servers to send this spam as you. This will not be
the first time that an ISP account has been compromised by spammers in order
to evade port 25 blocks.

It is unlikely that your computer is compromised. More likely just your Road
Runner email account has been compromised. When you change your account
password, consider using a password at least sixteen characters in length,
and a random mix of upper and lower case alpha characters, numerals, and at
least one "special character" (pound sign (#), caret (^), or whatever, if RR
allows.

This sort of compromise it the target of "phishing" attempts, where an ISP
email account holder is told that the ESP is revamping their email system,
and the user must validate their account by sending the account
Username+Password, or lose that account. I've seen Hotmail and AT&T email
account users asking if such a request is a valid request from those
respective services. I am sure that Road Runner users are not exempt from
such phishing attempts.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

 
Reply With Quote
 
Walter Goldschmidt
Guest
Posts: n/a

 
      10-27-2010
Also the attached file is a dat file, can you even open them types (dat)?

Walt

"Walter Goldschmidt" wrote in message
news:ia96cq$i4r$...

OK, I changed my Road Runner email password. I ran a virus scan with both
malwarebytes antimalware & superantispyware in both regular mode and safe
mode. I found 59 adware's using superantispyware in regular mode and none
when I ran it in safe mode. After running malwarebytes I found 1 malware in
regular mode and none in safe mode. That was on my laptop. On my desktop I
found a lot more with superantispyware in regular mode and a lot less in
safe mode. Also same with malwarebytes. I don't know if 2 computers on same
link can effect each other or not. The laptop has a wireless connection and
the desk top a hard wired. The laptop is used 95% of the time. I do very
little porn searching but hey I'm a man and occasionally I do catch myself
checking the women out. I also do a little movie & music downloading using
BitTorrent. Since the changes last night I haven't received any of those
emails so far today. Give me another day and I'll let you know if I get
anymore. I may have a few questions for you guys too since you seem to be
knowledgeable on this. Thanks.

Walt

"N. Miller" wrote in message newsqmltcx23d7l$....

On Tue, 26 Oct 2010 15:18:51 -0400, Walter Goldschmidt wrote:

> Keep getting these emails, about 20 to 30 a day. They say From:Mail
> Delivery
> System. Subject:Mail Delivery Failure. Then below I have pasted what they
> say. The also have an attached file which I scanned for a virus and found
> none. The attached file is called ATT00069.dat I've attached that
> file
> but I don't know if it will come through or not. Appreciate any help on
> this.


The attachment is failing to open in my client. The following header line
from your posted "original message" is interesting:

| Received: from [190.41.121.100] ([190.41.121.100:17547] helo=Devin)
| by cdptpa-oedge04.mail.rr.com (envelope-from
<>)
| (ecelerity 2.2.3.46 r()) with ESMTPA
| id 12/1D-13137-F4627CC4; Tue, 26 Oct 2010 19:04:47 +0000

This is saying that a Road Runner mail server (operated by RR for their
customers) got the email from a host on the 'Telefonica del Peru' network;
probably an ISP customer because there is no rDNS on the IP address (typical
of dynamic hosts in Latin America (LACNIC) and Asia (APNIC).

The problem, that I can see, is that the Hotmail address of the recipient is
no good, or the mailbox is full (unlikely, I think, because Hotmail
mailboxes are pretty large). And this appears to be a Road Runner message
submission server, which is relaying from Peru. So the spammer appears to be
using your email account credentials (Username+Password) to induce the Road
Runner message submission servers to send this spam as you. This will not be
the first time that an ISP account has been compromised by spammers in order
to evade port 25 blocks.

It is unlikely that your computer is compromised. More likely just your Road
Runner email account has been compromised. When you change your account
password, consider using a password at least sixteen characters in length,
and a random mix of upper and lower case alpha characters, numerals, and at
least one "special character" (pound sign (#), caret (^), or whatever, if RR
allows.

This sort of compromise it the target of "phishing" attempts, where an ISP
email account holder is told that the ESP is revamping their email system,
and the user must validate their account by sending the account
Username+Password, or lose that account. I've seen Hotmail and AT&T email
account users asking if such a request is a valid request from those
respective services. I am sure that Road Runner users are not exempt from
such phishing attempts.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

 
Reply With Quote
 
Ildhund
Guest
Posts: n/a

 
      10-27-2010
> Also the attached file is a dat file, can you even open them types (dat)?

It's only a text file:
================
Arrival-Date: Tue, 26 Oct 2010 19:04:48 +0000
Reporting-MTA: dns; cdptpa-oedge04.mail.rr.com

Last-Attempt-Date: Tue, 26 Oct 2010 19:04:48 +0000
Final-Recipient: rfc822;
Action: failed
Remote-MTA: dns; mx4.hotmail.com
Diagnostic-Code: smtp; 550 Requested action not taken: mailbox unavailable
Status: 5.0.0
==================
--
Noel
 
Reply With Quote
 
N. Miller
Guest
Posts: n/a

 
      10-27-2010
On Wed, 27 Oct 2010 15:24:12 -0400, Walter Goldschmidt wrote:

> Also the attached file is a dat file, can you even open them types (dat)?


My client throws an exception error when it tries. Probably doesn't have a
specified handler for the .dat extension. It is a problem on my end, and one
I don't normally encounter, so I don't really feel like trying to find a
solution.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum
 
Reply With Quote
 
Walter Goldschmidt
Guest
Posts: n/a

 
      10-28-2010
I've only received 1 more of these emails in the last 36 hours which is an
improvement. This one had 2 attached files. One is pasted below. Also the
original dat file I included in my original posting is included below. Maybe
I fixed the problem but I don't know if it's because I changed my Road
Runner password or because of the virus scan. I'll post again every day for
next few days to let you know if I get anymore. Thanks.

Walt

This is what the attachment I hac_ked in;to Cla;s said.

I hac*ked int;o Cla;ssmates. Do yo;u see your girlfriend pictures h_ere?
Neil Rolison
To: Waerhg<>;

http://spedr.com/4xyr2 Frank is none but also
Wait and say where is gone. Surely not yet for god help
Mr brass plate and looked out that

This is what attached dat file said.

al-Date: Tue, 26 Oct 2010 19:04:48 +0000
Reporting-MTA: dns; cdptpa-oedge04.mail.rr.com

Last-Attempt-Date: Tue, 26 Oct 2010 19:04:48 +0000
Final-Recipient: rfc822;
Action: failed
Remote-MTA: dns; mx4.hotmail.com
Diagnostic-Code: smtp; 550 Requested action not taken: mailbox unavailable
Status: 5.0.0

"N. Miller" wrote in message news:...

On Wed, 27 Oct 2010 15:24:12 -0400, Walter Goldschmidt wrote:

> Also the attached file is a dat file, can you even open them types (dat)?


My client throws an exception error when it tries. Probably doesn't have a
specified handler for the .dat extension. It is a problem on my end, and one
I don't normally encounter, so I don't really feel like trying to find a
solution.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

 
Reply With Quote
 
 
 
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
What? Can't Set up Live.com mail for delivery to Vista Windows Mail? Stacey Windows Vista Mail 2 09-22-2009 07:50 PM
mail delivery failure Nancy Windows Vista Mail 24 03-13-2008 06:51 PM
Windows mail read & delivery receipts jackett Windows Vista Mail 2 12-12-2007 04:20 AM
Outlook 2003 - inconsistent e-mail delivery Coby Windows Vista General Discussion 4 10-04-2007 06:41 PM
The message reached the recipient's e-mail system, but delivery wa Chris Windows Small Business Server 1 05-17-2005 10:41 PM