Spurious mail seemingly sent from one of my accounts.

Discussion in 'Windows Live Mail' started by George Bell, Jul 30, 2012.

  1. George Bell

    George Bell Guest

    For the last month I have been receiving emails from various mail servers saying that a mail I have sent cannot be delivered. There are hundreds of them and it is getting to be dificult to handle them all. They are not being sent by me and do not appear in my sent mail box, however they do all have the correct address of a website I own. Normally this would be - e.g. but the prefix is all sorts of peculiar names, none of which have anything to do with me.

    If I did not need this website and the traffic and mail it generates I would shut it down, but I do!

    I cannot see how these are being sent, as the website provider does not seem to be able to do anything about it. How can email be sent from a websiteaddress that I own without the service provider being aware of it or able to stop it.

    Does anyone know what I can do about this, as I am losing patience with thewebsite provider?

    Thanks George.
     
    George Bell, Jul 30, 2012
    #1
    1. Advertisements

  2. George Bell

    R. C. White Guest

    Hi, George.

    Short version: You've been hacked! :>{

    Longer, more-accurate version: Someone has been sending emails to all those
    recipients, using YOUR email address.

    I don't know why the emails are undeliverable to those addressees; perhaps
    your address book has incorrect information for those contacts. But, when
    one of them "bounces", it would come back to the address from which it
    apparently was sent: your address. Can you tell if the original bad
    messages were actually sent from your website, or only used your "From:"
    address while being sent from some other website?

    Since I've never had a website of my own, I'm not sure how this works in
    that context. But I understand that mail servers often blacklist websites
    that habitually send spam, such as many messages in a short time, especially
    if they are to many different addresses. Perhaps the recipient mail servers
    have flagged your ??@website.com as one of those "known" spam sources.

    My understanding is that many mail servers will not allow mail to be sent
    from their site via the typical Port 25, but insist that users who dial in
    or connect from some other server use a different port (587?) for such mail.
    Perhaps your website or its host has - or needs - such a policy so that a
    stranger cannot send email "from" your website.

    Now we're into this subject so far that I can't even tiptoe that deep.
    Winston and other posters here understand the inner workings of email much
    better than I do. So I'll bow out and let them help you while I read and
    learn along with you. Good luck!

    RC
    --
    R. C. White, CPA
    San Marcos, TX

    Microsoft Windows MVP (2002-2010)
    Windows Live Mail 2011 (Build 15.4.3555.0308) in Win7 Ultimate x64 SP1


    "George Bell" wrote in message

    For the last month I have been receiving emails from various mail servers
    saying that a mail I have sent cannot be delivered. There are hundreds of
    them and it is getting to be dificult to handle them all. They are not
    being sent by me and do not appear in my sent mail box, however they do all
    have the correct address of a website I own. Normally this would be - e.g.
    but the prefix is all sorts of peculiar names, none of
    which have anything to do with me.

    If I did not need this website and the traffic and mail it generates I would
    shut it down, but I do!

    I cannot see how these are being sent, as the website provider does not seem
    to be able to do anything about it. How can email be sent from a website
    address that I own without the service provider being aware of it or able to
    stop it.

    Does anyone know what I can do about this, as I am losing patience with the
    website provider?

    Thanks George.
     
    R. C. White, Jul 30, 2012
    #2
    1. Advertisements

  3. George Bell

    ...winston Guest

    RC provided a very thorough explanation of what probably happened.
    -i.e. you web site email address is being used to send mail to a variety of
    other valid or invalid email addresses by another source (usually with spam,
    phishing or malicious intent)

    In most cases, the sender has forged the headers of the email by replacing
    the originating source with your email address as if it was sent from your
    web site email address when it was actually sent from another
    address/location.

    The reason why you are getting 'undeliverable' replies.
    - the destination email address hosting server rejected the email and
    replied to the forged email address (i.e yours)
    - the destination email address hosting server has blocked emails from your
    address due to a previous history (volume, content of emails, known
    spam/phishing links within the email) of emails that caused the hosting
    server to flag your email address as suspicious thus 'blocking' it thereby
    rejecting all emails with a undeliverable reply.
    - the destination email address hosting server doesn't recognize the
    recipient email address as a valid email address/account on their server an
    replies with an undeliverable response.

    Once an address is being used by spammers it may be shared, distributed, or
    sold to other sources.

    Attempting to stop the forging/use of the address is usually futile. Time
    may be the only solution.

    If your address or domain has been blacklisted by a recipient server and one
    where you need to send legitimate emails, then its incumbent upon you to
    convince the postmaster at the recipient server to remove your address from
    their blacklist but doing so may or may not be achievable.


    --
    ....winston
    msft mvp mail


    "George Bell" wrote in message

    For the last month I have been receiving emails from various mail servers
    saying that a mail I have sent cannot be delivered. There are hundreds of
    them and it is getting to be dificult to handle them all. They are not
    being sent by me and do not appear in my sent mail box, however they do all
    have the correct address of a website I own. Normally this would be - e.g.
    but the prefix is all sorts of peculiar names, none of
    which have anything to do with me.

    If I did not need this website and the traffic and mail it generates I would
    shut it down, but I do!

    I cannot see how these are being sent, as the website provider does not seem
    to be able to do anything about it. How can email be sent from a website
    address that I own without the service provider being aware of it or able to
    stop it.

    Does anyone know what I can do about this, as I am losing patience with the
    website provider?

    Thanks George.
     
    ...winston, Jul 30, 2012
    #3
  4. George Bell

    Panic Guest

    Winston. If he went to his email site and changed his password would that
    stop future spamming using his email address?

    "...winston" wrote in message
    RC provided a very thorough explanation of what probably happened.
    -i.e. you web site email address is being used to send mail to a variety of
    other valid or invalid email addresses by another source (usually with spam,
    phishing or malicious intent)

    In most cases, the sender has forged the headers of the email by replacing
    the originating source with your email address as if it was sent from your
    web site email address when it was actually sent from another
    address/location.

    The reason why you are getting 'undeliverable' replies.
    - the destination email address hosting server rejected the email and
    replied to the forged email address (i.e yours)
    - the destination email address hosting server has blocked emails from your
    address due to a previous history (volume, content of emails, known
    spam/phishing links within the email) of emails that caused the hosting
    server to flag your email address as suspicious thus 'blocking' it thereby
    rejecting all emails with a undeliverable reply.
    - the destination email address hosting server doesn't recognize the
    recipient email address as a valid email address/account on their server an
    replies with an undeliverable response.

    Once an address is being used by spammers it may be shared, distributed, or
    sold to other sources.

    Attempting to stop the forging/use of the address is usually futile. Time
    may be the only solution.

    If your address or domain has been blacklisted by a recipient server and one
    where you need to send legitimate emails, then its incumbent upon you to
    convince the postmaster at the recipient server to remove your address from
    their blacklist but doing so may or may not be achievable.


    --
    ....winston
    msft mvp mail


    "George Bell" wrote in message

    For the last month I have been receiving emails from various mail servers
    saying that a mail I have sent cannot be delivered. There are hundreds of
    them and it is getting to be dificult to handle them all. They are not
    being sent by me and do not appear in my sent mail box, however they do all
    have the correct address of a website I own. Normally this would be - e.g.
    but the prefix is all sorts of peculiar names, none of
    which have anything to do with me.

    If I did not need this website and the traffic and mail it generates I would
    shut it down, but I do!

    I cannot see how these are being sent, as the website provider does not seem
    to be able to do anything about it. How can email be sent from a website
    address that I own without the service provider being aware of it or able to
    stop it.

    Does anyone know what I can do about this, as I am losing patience with the
    website provider?

    Thanks George.
     
    Panic, Jul 31, 2012
    #4
  5. George Bell

    Good Guy Guest

    I would go for the longer, more-accurate version here. Spammers are
    pretty good at making up names and emails to send messages. Hacking is
    a very remote possibility.

    Spammers don't need to hack these days because all they want is to send
    their crap which they can easily by using some public free wi-fi
    connection. For example, in London you get completely free Wi-fi
    because of London2012 Olympics so why would anybody bother to hack
    anybody's email account.

    Also, most ISPs these days have a limit on how many messages can be sent
    per day. I can't send more than 100 messages a day so spammers won't
    benefit from using my username and my ISP's servers.

    --
    Good Guy
    Website: http://mytaxsite.co.uk
    Website: http://html-css.co.uk
    Forums: http://mytaxsite.boardhost.com
    Email: http://mytaxsite.co.uk/contact-us
     
    Good Guy, Jul 31, 2012
    #5
  6. George Bell

    ...winston Guest

    The op should change his password (in fact a good idea to do it regularly
    even in the absence of any suspicious activity).

    The answer to your question (based on the info the op provided) is....No
    The op already stated:
    <qp>
    They are not being sent by me and do not appear in my sent mail box, however
    they do all have the correct address of a website I own.
    </qp>

    i.e. his address is being used (most likely falsified in the sent messages
    headers) but his account is not being used.

    You can easily see how this type of spamming or phishing works..look at the
    properties/message source of some junk mail received in an email account.
    Investigation more often than will show a fake sending address and an ip
    from a different country or location.
    Take a look at this piece of spam/phishing example
    http://liveunplugged.wordpress.com/2012/05/21/phishing-in-the-microsoft-windows-live-hotmail-pond/

    The email attempts to obtain info from a hotmail account user. Not
    identically the same as the op's problem but illustrative of false headers,
    fake source, fake domain, fake ip location.
    The email message source provides a variety of clues:
    Received from an ip address in Australia and Macedonia from
    musicalternatives.com with an unsubscribe option to a www.twitter listserver
    and a fake domain return path address (curoteca.net ) and with an active
    link (in the email) that directs one to a French travel site.


    --
    ....winston
    msft mvp mail


    "Panic" wrote in message
    Winston. If he went to his email site and changed his password would that
    stop future spamming using his email address?

    "...winston" wrote in message
    RC provided a very thorough explanation of what probably happened.
    -i.e. you web site email address is being used to send mail to a variety of
    other valid or invalid email addresses by another source (usually with spam,
    phishing or malicious intent)

    In most cases, the sender has forged the headers of the email by replacing
    the originating source with your email address as if it was sent from your
    web site email address when it was actually sent from another
    address/location.

    The reason why you are getting 'undeliverable' replies.
    - the destination email address hosting server rejected the email and
    replied to the forged email address (i.e yours)
    - the destination email address hosting server has blocked emails from your
    address due to a previous history (volume, content of emails, known
    spam/phishing links within the email) of emails that caused the hosting
    server to flag your email address as suspicious thus 'blocking' it thereby
    rejecting all emails with a undeliverable reply.
    - the destination email address hosting server doesn't recognize the
    recipient email address as a valid email address/account on their server an
    replies with an undeliverable response.

    Once an address is being used by spammers it may be shared, distributed, or
    sold to other sources.

    Attempting to stop the forging/use of the address is usually futile. Time
    may be the only solution.

    If your address or domain has been blacklisted by a recipient server and one
    where you need to send legitimate emails, then its incumbent upon you to
    convince the postmaster at the recipient server to remove your address from
    their blacklist but doing so may or may not be achievable.


    --
    ....winston
    msft mvp mail


    "George Bell" wrote in message

    For the last month I have been receiving emails from various mail servers
    saying that a mail I have sent cannot be delivered. There are hundreds of
    them and it is getting to be dificult to handle them all. They are not
    being sent by me and do not appear in my sent mail box, however they do all
    have the correct address of a website I own. Normally this would be - e.g.
    but the prefix is all sorts of peculiar names, none of
    which have anything to do with me.

    If I did not need this website and the traffic and mail it generates I would
    shut it down, but I do!

    I cannot see how these are being sent, as the website provider does not seem
    to be able to do anything about it. How can email be sent from a website
    address that I own without the service provider being aware of it or able to
    stop it.

    Does anyone know what I can do about this, as I am losing patience with the
    website provider?

    Thanks George.
     
    ...winston, Jul 31, 2012
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.