Am I sending out spam?

In My Humble Opinion
1

This morning I got this email on a seldom used account: (spoiled so it doesn’t take up so much space)



Failure Notice
1 recipients
CC: recipientsYou More
BCC: recipientsYou
Hide Details

FROM:

        * MAILER-DAEMON@yahoo.com  

TO:

        * myemailaddress@yahoo.com

Message flagged
Tuesday, November 29, 2011 7:08 AM
Message body
Sorry, we were unable to deliver your message to the following address.

<*email address for person it claimed to have bounced off of*>:
Remote host said: 554 Service unavailable; Client host [98.138.229.57] blocked using dnsbl.sorbs.net; Currently Sending Spam See: http://www.sorbs.net/lookup.shtml?98.138.229.57 [RCPT_TO]

--- Below this line is a copy of the message.

Received: from [98.138.90.51] by nm32.bullet.mail.ne1.yahoo.com with NNFMP; 29 Nov 2011 13:07:53 -0000
Received: from [98.138.88.233] by tm4.bullet.mail.ne1.yahoo.com with NNFMP; 29 Nov 2011 13:07:53 -0000
Received: from [127.0.0.1] by omp1033.mail.ne1.yahoo.com with NNFMP; 29 Nov 2011 13:07:53 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 714114.53211.bm@omp1033.mail.ne1.yahoo.com
Received: (qmail 78016 invoked by uid 60001); 29 Nov 2011 13:07:53 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1322572073; bh=nC/k3Ki3FVmeZH5FehrMvx37FeSzvsIyohkp70xsH6k=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=Qg0ZmfTbg26wCPOroQVSooi+fLgWOgCrHfQC1tbrrTDu7uHfaoaNGYcAtFp9zXLFuFAAcFB6myINxZkgeQ0iMq91IuIeGPEHAGGgdaQeDZKN7g26bbBC4q21CBvW8hU41gP17sFBLtmrnrk4QyNO8o9TKujC7s5GSwQuFOqrTsk=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
  b=P9luSnWuCRB5L1XjL+Dul5MOjfQ5wKO7M2i0cIXSOZ3rTzcubBFHLEf+DLsHRuYDO1ca0aSRAm65CoDeaW+BpPksyaSuTBHyLtHcD+BhiRzDqRgdQrWOOTwi3s4b/W+vOTXn3w9KiB+i9nf3KLzrodZHcGto2Gecodv6Vtu8M1w=;
X-YMail-OSG: J4mQV_gVM1nM4WzBBmZgyV7rSbdQOebT9nkp8dDQ8oMOcGX
2QaKkVPuF1uiAV9nWNmo1qbc6gss64Ja449AVCaGiRRs2boy2gFzKilObVSE
u_QyeGUELXs8EIZZUNGT9PrA41X_U8nFMkc2qWxaROGJQHJSGVWkkwTI6Czn
3ZOdw5YxIyYR4PQCte8ETq9iLONa6D0epYMqRi9TaatewXOLD9W3D7.8ZNIK
PsCUy6bavQSzV7pklIVfBnlKNGCtP7CdjQ.1KFbSV7vk2.JEsW_lGw4H3fNH
Z4ZTkfeIHdkKNHnTqLzImp_LaruqAEBo4BsRktYQHcmLB4UAHvquT4WVBwuh
4BC_VcibvOHXwITnD1MCzGyB7Q2j5Q3s3lLebN9y_wXj_oNmmKPclS_DsZA0
1HYkqU6TvCRBWAHH5nOZ5uDvk3whkL3L1kmKyJ1CCgsFoP7nCES.CjwdEnoN
ATdhKOHSAv3SYzy.zh1Y8
Received: from [194.231.197.68] by web114517.mail.gq1.yahoo.com via HTTP; Tue, 29 Nov 2011 05:07:53 PST
X-Mailer: YahooMailWebService/0.8.115.325013
Message-ID: <1322572073.17959.androidMobile@web114517.mail.gq1.yahoo.com>
Date: Tue, 29 Nov 2011 05:07:53 -0800 (PST)
From: Joey P <myemailaddress>
Subject: Take a look at this.
To: **List of email address that I had previously sent email to using this address**
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1524552598-1023926305-1322572073=:17959"

---1524552598-1023926305-1322572073=:17959
Content-Type: text/plain; charset=us-ascii

<p>Hello<br>I was in need of an alternative this helped me back to my feet this is proof that miracles do exist imagine what you could do<br><a href="http://www.sydjyskfoto.dk/profile/44NicholasBrown/">http://www.sydjyskfoto.dk/profile/44NicholasBrown/</a><br>bye.</p>

---1524552598-1023926305-1322572073=:17959
Content-Type: text/html; charset=us-ascii

<table cellspacing="0" cellpadding="0" border="0"><tr><td valign="top" style="font: inherit;"><p>Hello<br>I was in need of an alternative this helped me back to my feet this is proof that miracles do exist imagine what you could do<br><a href="http://www.sydjyskfoto.dk/profile/44NicholasBrown/">http://www.sydjyskfoto.dk/profile/44NicholasBrown/</a><br>bye.</p>
</td></tr></table>
---1524552598-1023926305-1322572073=:17959--
 
Reply to:
Reply to MAILER-DAEMON@yahoo.com
Reply to MAILER-DAEMON@yahoo.com
Send

That’s exactly how it looked.
My first thought was that my account got hacked and someone was sending out spam, but for a few reasons I’m not sure that’s the case.
1)I’m ridiculously careful about that kind of stuff and I’m not sure I could be tricked into it.
2)This is a seldom used account. It’s not used for any social networking sites, I never would have typed in the username/password anywhere other then on the webmail page and my phone (it’s a POP3 account).
3)There’s nothing in my sent box.
4)Lastly, and this is what really confuses me, one of the emails listed in the TO: section is one of my other personal email address and I didn’t get anything.

So, I’m trying to figure out if I’m sending out spam or if this email IS the spam and it somehow managed to get a hold of the names of people I’ve sent mail to and put them in the letter to make it look like something I sent.

2

I’m going to guess that your address has been spoofed. Somebody put your name and e-mail as the “From” for their outgoing messages. Ridiculously simple, anyone can do it, takes 30 seconds. Doesn’t require access to your account at all. So then all the bounce messages from the spams they sent come back to you.

As far as I know, there’s not much if anything that you can do about. (I’d be happy to be wrong about this, because I’ve been having the same problem.)

3

The fact that it sent the email to people in your contacts list is a sure sign that the account has been compromised. The process that did this simply deleted them from your sent box after sending them, to help keep you from knowing. The reason your other account didn’t get them is because your email provider blocked it as probable spam.

Change the password, and run a virus scan on every computer that has accessed that account recently. If it’s not a virus, then it was probably a manipulation of the “forgot your password?” feature or possibly a breach on the part of the email provider.

4

That was my first impression (wrote up a long post about it before I carefully re-read), but the fact that it was sent to people he knows means the account was certainly compromised.

5

I have the same problem, also with yahoo, which att.net uses for its webmail, and which is the account that got hijacked. My regular home Outlook email wasn’t touched, but my yahoo webmail password was changed and tons of spam was sent out, but only to people to whom I’d sent mail to via the yahoo webmail service.

Now, even though I took back my webmail account, and deleted all the contacts out of it, whoever originally took it still has those contact names because I still occasionally get a bounce, and many of the people my email is still spamming are friends and family, even ex co-workers.

6

The password you used on your email account, was it used anywhere else?

What probably happened is that hackers compromised some website you used where you used the same password as your email address. They steal the database and then use your password for that website and try to log into your email account. For example, say you bought something from sony.com and created an account where you specified your email address. Hackers would try to login to your email account with the password you specified on sony.com. If it’s the same, they’re in and they start sending spam like this.

The password you use for your email address should never be used anywhere else for this reason.

Change all your passwords for important accounts to make sure hackers don’t have access to those too.

Change all passwords to sites which use that email address as a login name (e.g. facebook).

7

Ok, so I found the spam in my Gmail spam box which is why I never saw it. I also remembered I recently signed on to this seldomly used account from my parent’s computer…the computer that my mom uses. She had her AOL account hijacked a few months ago.
I was just there and and pulled a handful of Trojan Horses and some other random stuff off of it. Hopefully that should take care of everything.

I did (before I even started this thread) change the password to this email account, but it’s not used for anything. It’s an account that I use to email people when want to be able to send an email without it being connected to me. So it’s not hooked in with Facebook or Pandora or Photobucket etc. In fact, they only managed to harvest 5 email address out of it and from what I can tell they only sent out two emails.