I’ve been getting a lot of (what I hope is just) weird spam lately from senders like postmaster, MAILER DAEMON, and Mail Delivery Subsystem with subjects about mail delivery failure or mail return.
Actually this evening in particular I’m getting hundreds. It really makes me nervous. There’s nothing in my Sent folder except from the emails I’ve written myself.
Are spammers somehow using my email address to forward spam messages? Is there anything I can do besides getting a new email account?
I tried changing my password and I’ll see if that does any good.
Update: changing my password didn’t do any good. I’m still getting those messages.
I haven’t received any help from Google forums. I haven’t received a single email since November 9th. Honestly, you might have a better chance getting an answer here.
No harm in leaving this open, in case someone does have something helpful to add – or in case someone else is having this problem. I’ll leave it open, it can sink or swim on its own.
Do you use a mail client or do you check your email on the www.gmail.com website?
I’d also like to know the results and how you end up diagnosing/fixing this. I am POSITIVE your email account is being spammed from. But I don’t know how it wouldn’t show in your sent folder, unless the spammers have a utility to delete the sent items immediately (which wouldn’t surprise me a bit).
You’re probably part of a botnet. Changing your password should work but it won’t if you have a virus or keylogger. You need to do as many virus scans as possible (if you weren’t already), and clean it out.
I’m sure you’re still being used as a spam sender as well. Change your password again and make it tougher this time. You could indeed have a keylogger so change it on another PC if you have one. I had the same thing happen with my two gmail accounts. First one, than the other. The password I was using used leetspeak so two letters were numbers, but it was too simple apparently. Now I use something way more complex and the issue’s gone.
Look in the email headers, is it people you’ve emailed before, or is it random email addresses you’ve never seen?
If there’s nothing in your sent folder your account hasn’t been hacked. Hacked account spam usually go to your address book contacts anyway, not random bad addresses.
Your address is probably being spoofed - used as the from address. You can send email using any address from most any smtp server on any computer. When email is sent to a bad address at a real domain, the mail server sends a bounce message to the from address. Your address.
Change your password just in case, but otherwise there is nothing you can do to stop spoofing. It happens to everyone at some point.
Think of it as someone sending thousands of pieces of postal mail with your address in the return address spot. Anyone can do it, and any returned mail will be sent to you.
There is a useful thing on Gmail that lets you see a little summary of your account activity.
If you log into your account online then scroll all the way down to the bottom of the screen there is a little link that says “Last Account Activity Details” or something like that. If you click it, it’ll show you IP addresses that have logged into your acount. If you only use one or two computers to log into Gmail, any anomaly is really obvious there.
This is the most likely the cause. I’ve had this happen with a couple of email addresses. In one case it was one I had used to subscribe a university listserv and I guess those types of email lists aren’t hard to get.
If you look at the email headers, bounced email should have the originating IP address on it. If you see that all the daemon messages are originating with the same address, you can google “whois” to get a list of sites that will let you see who has registered that IP address. Probably won’t help, but it might be interesting.
If they are all different, then the spoofing emails are probably being generated by a botnet (zombie computers that are infected but owners are not aware of the infection) so that they are coming from computers all over the world.
I just had this happen to me. If the addresses the spam was sent to are in your contacts, doesn’t that indicate that your email was hacked, not spoofed? Were your recipients unknown to you?
I wouldn’t expect to get bounced messages from addresses in my contact list since presumably these are valid, current addresses. If you have a huge number of contacts that may or may not be current, then that would be possible. And if all of the bounced messages are actually in your contact list then yes, that would look like your account has been hacked.
edit - I’m not a hacker, but the only reason I can think of to hack an email account is for identity theft. I can’t see having someone’s email address being of any use to spammers. Maybe it helps them get around anti-spam counter measures of an ISP, but I’m sure there have to be other ways around that.
This is not always the case–as a good hacker would delete messages from your sent mail.
A more foolproof option is the list of IPs that have logged into your account. If you have not been hacked, it should only have the IPs of places where you have checked your email. You can find the IP of any computer you use by going to WhatIsMyIPAddress.com, and check ones you don’t recognize at IPLocation.net.
Reboot into safe mode, run your virus scanner and spyware scanner. You’ll probably find things. Kill them.
Also, you’ll probably notice that your virus scanner won’t update and is running weird. You may just have to reinstall your virus scanner and reinstall it, because it may not get the most recent virus definitions.
Thanks. Personally, I posted my problem on the Google forums on around November 12th, and the only responses I’ve received were by me bumping up the question. Sad, really. I’ve had my Gmail account for a long time, and had to close it and open another because Google was absolutely no help at all.
I have no answer for the OP’s question, but I respect you guys, and I figured y’all would be much more helpful.
Isn’t the actual mail in the returns you are getting? Read some of it, is it spam? Or is it just a notice an email failed, if so how close together are the failures in time? A bunch real close in time has to be spam if you can’t see the bounced mail.