I just looked into an old Yahoo address that I had stopped paying attention to long ago. The longer I leave it the more it accumulates spam. Well, now it’s gotten something worse than spam. Someone hacked it and apparently used it like the proverbial monkey’s paw to mail spam, if the hundreds of returned undeliverable mail notifications are any indication.
How do I fix this, or is that old address fucked up for good? I wasn’t going to use it any more anyway. I’d like to just put it out of its misery. Its enslavement.
Nobody had to hack into it. The e-mail protocols are inherently insecure. All it takes to cause that is for a spammer to send out lots of e-mails and spoof your address as the return address. The ones that get returned will then be directed to you. It is a common problem and there is no real way to fix it.
I seriously doubt that you got hacked. Not because they can’t so much as they have no need to.
Tell me your email address and I’ll send you an email FROM YOU (really from me but I can make the FROM header appear any way I want it to). It’s not high-tech; lots of folks use one account to send email as if from their other account, e.g., sending personal email from work using their home email address, or vice versa.
The spammers do the same thing except that they randomly select a victim from among the target email addresses they’ve harvested, so if anyone gets in trouble for spamming (as a consequence of the From header) it will be the patsy, not them.
Don’t worry, all the system administrators have been aware of it for a long time and aren’t going to come after you for spamming simply because your name is on the From header.
The return address in an email is a lot like the return address on an envelope. It is put on there by the sender of the email. It is not checked anymore than the return address on an envelope is checked by the postman.
The fact you’re getting ‘returned mail’ doesn’t indicate that anyone is using the account, only that they’re tagging that address onto their own spam. The way email works allows anyone to put anything, real or ficticious, as their ‘return address’. So there’s nothing you can do.
FWIW, if it was actually hacked, don’t hold out much hope for getting it fixed.
My secondary Yahoo mail account, which I used as an anonymous account for signing up to stuff, did get hacked. I suspect, but I am not 100% sure, that the method was for someone to somehow spoof a “sign in to Yahoo” link on their Yahoo profile page. (Some profiles are flagged as “Adult” and you have to sign in to Yahoo to view them.) If this was the case, it was done very well, although I must say I was less scrupulously careful than usual about signing in as it was only a secondary account.
Anyhow, one time when I tried to log in, I got “Incorrect password”. Viewing the profile, I found that all the personal info etc, which I hadn’t bothered to fill in, had been changed to stuff like “L4M3R!!!oneone” and “U GOT H@CKED”.
I emailed Yahoo about half a dozen times using the feedback forms on their website and various other email addresses, asking them to give me my account back. I never once got a reply.