Spam being sent from me?

Wezoin

Just checked my ISP provided email, it has over 100 failure/blocked by spam filter notices in the last 3 hours. I did not send a single one of these emails. Any idea whats happening? How do I stop it? looking at them they seem to be for everything from fake rolexes to fake louis viton purses.

VThornheart

Hmm... just to feed curiosity, I'd try changing your ISP EMail's password, and see if it stops.

If it doesn't stop, it may actually be SPAM that was cleverly crafted to look like a failure notice that came from you (but it actually came from someone else, who used various stealthy ways to make the E-Mail look like it came from your ISP so you'll read it)... I've seen that before. There's probably a lot of different possibilities, but that's one I've run across personally.

If it's something like that someone discovered your account info and is using it to send spam, I imagine changing the password to something secure would stop it.

Wezoin

Ok, password is changed. I guess I'll find out soon if that was it.

Wezoin

Ok, I changed the password, ad-aware found alot of spyware too and deleted all that. Doesn't appear to have sent any more. So at very least then it has slowed down. Not sure which it was, but I think it's solved.

DrFrylock

Two possibilities:

1. It is trivially easy to forge a return address on an email, and spammers do it pretty much consistently. They scrape the Web and other people's address books and their send-to lists for addresses, and then they just pick some at random and use them as the return address. When I say "trivially easy," I mean that you can open a command prompt, type "telnet some.server.com 25" and then type a few lines and you can have email look like it comes from whomever you want. Likely you were just another random victim of this.

2. It's possible that some spyware on your computer had legitimately sent a bunch of spam from your computer. However, this is about 1% as likely as the above scenario.

Wezoin

Yeah, this morning its started again. Any idea how to fix it?

Willeth

Wezoin wrote: »

Yeah, this morning its started again. Any idea how to fix it?

Run the spyware check again, remove it all, in safe mode. Then change your password. If it was spyware that was doing it and you changed your password while it was on your machine then they most likely have that one too.

PirateJon

Wezoin wrote: »

Yeah, this morning its started again. Any idea how to fix it?

You can't - it's got nothing to do with you.

http://en.wikipedia.org/wiki/Outscatter
Backscatter (also known as outscatter, misdirected bounces, blowback or collateral spam) is a side-effect of e-mail spam, viruses and worms, where email servers receiving spam and other mail send bounce messages to an innocent party. This occurs because the original message's envelope sender is forged to contain the e-mail address of the victim. A very large proportion of such e-mail is sent with a forged From: header, matching the envelope sender.

Typically, I've seen it go away after a week or so as the spambot hosts are blocked or taken off-line.

Ruckus

It's probably Backscatter. The mailserver I admin deals with 600,000+ unsolicited emails per day, and about 20% of those are Undeliverable reports for accounts which don't even exist here anymore.

AtomBomb

Yeah, I wish there was a fix for this. Most of the ones we get on our domain are for accounts that never exsisted, but we have a few users who get a lot of undeliverable notices because some dipshit picked their address out of a hat.

Wezoin

Shouldn't there really be something in place for this sort of thing? Like using the DNS servers to confirm that the server sending the email is actually connected to that domain name?

DrFrylock

Wezoin wrote: »

Shouldn't there really be something in place for this sort of thing? Like using the DNS servers to confirm that the server sending the email is actually connected to that domain name?

Every "easy" technical fix breaks some important aspect of e-mail that we rely on for important things. If it's not being able to send email on the road, it's mailing lists and stuff like that. There's nothing you can do about it. Try training your bayesian filter better, this usually catches 99% of my fake non-deliverable messages, and surprisingly it lets real ones through.

Jimmy King

Wezoin wrote: »

Shouldn't there really be something in place for this sort of thing? Like using the DNS servers to confirm that the server sending the email is actually connected to that domain name?

There are several technologies for that. The most common these days are Domain Keys and SPF records. The trouble is that they require configuration and effort by both the owner of the sending mail server and the receiving mail server. If the sending mail server has either of those configured (well, technically SPF is configured via DNS on the sender side, I'm not sure about Domain Keys) and the receiving mail server does not, then faked spam will go right on through. The same goes for the receiving mail server being configured (and this really is configured in the mail server itself) but not the sender's side - there's no way to verify, so the spam with the faked e-mail address will get through. I keep hoping that maybe one of these days mail servers will start coming with the default settings to be to check for SPF records.

VThornheart

Ahhh! I didn't know there was a technical term for what was happening here. Backscatter sounds like a perfect description of the scenario I was attempting to explain above. Indeed, that's 99% likely to be the problem. I've seen this kind of thing before, and it's annoying but just know that it's probably not coming *from* you.