I got a couple of e-mails returned as undeliverable, thing is I never sent them in the first place.
Now I’m getting upwards of 20-30 every bloody day along with other crap from some Athens Group offering me the chance of a lifetime (shades of Nigerian scam?)
Try as I may I can’t stop these buggers getting past my spam filters.
Anyone out there got any ideas why I’m getting the returned mails and how can I stop them.
Someone is using your email address as the return address for spam. The notifications saying the email is not deliverable are being sent to you instead of the person that sent the spam.
The way the mail system works (sendmail) is that you can create any sort of mail headers that you like. There is no verification of anything. So right now, I could create an email that appeared to come from chowder@sdmb.com and send it to whomever I like.
When spammers send out mail they often include a fake From value to make it look like a real email. Sometimes they use a random address, sometimes they use a real address.
You’re currently experiencing what’s known as a “Joe Job”. The spammers happened to use a real email address in the from field, and you’re now getting all the bounces and other responses from their spam broadcast. There’s nothing you can do at the moment to prevent the email from being sent to you, although you might be able to filter some of it out once your mail system receives it. Usually the spammers pick a different address for the next spam broadcast, so hopefully this will be the only one you’ll get hit with. I got hit once and had hundreds of bounce messages for about a week.
I wanted to address something said earlier:
The fact that he’s getting hit with the bounces does not mean he’s infected. It’s true that zombie computers are used to send out spam, but I would expect they use fake addresses as opposed to using the email address of the computer. Most likely some random zombie sent the spam broadcast with chowder’s email address in the From field.
The most likely scenario is that someone you know was infected by a virus/spyware that harvested their address book, and used those addresses in the “from” field for spam messages.
It’s most likely that there’s no virus involved at all, anywhere. Harvesters have a rich crop of email addresses available to them on the internet, they have no need to access anybody’s computer. It’s simplicity itself to fake the From: part of the email header and substitute a random address.
Can you tell us what filtering rules you have tried? And what email software you are using?
For example, it’d be fairly simple to redirect everything with the word “undeliverable” in the header to trash. But that would get any actual bounces from email you sent, too. You could send them to a special mailbox instead of trash – then check occasionally for real bounces.
You can’t stop it. As mentioned before, anybody can forge e-mails that appear to come from your address.
The only absolute fix (at least for a while) is to switch e-mail addresses if that’s not too much of a pain. Otherwise you’ll pretty much have to live with the bounces, that’s just the way Internet e-mail works.
Just in case you’re worried at all, this has happened to me on my work account, which runs on Sun equipment using Solaris, which is as close to virus free as you’re ever going to get.
Is your email address on a website somewhere? Websites get harvested also.
Have you tried, for fun, to track down the website involved? I tried, but it had already been shut down.
My e-mail is OE, filtering rules I’ve applied are to delete anything with the words “Undeliverable or failure or failed” None of this works.
I have no doubt my e-mail is on a website, possibly more than one.
Amazon/e-bay to name just a couple.
I’ve switched my e-mail address for the time being but this is not really practical as most of the stuff I receive goes to my “proper” account. My other address is one which I use for anti-scamming the Nigerian chappies and on that I go under The Rev, C.Litoris.
As an aside it seems that the Nigerian chaps don’t know what a clitoris is, oh the fun I’ve had
I had the same thing - sometimes it will be “anything@e-logic.co.uk” - and my ISP have set up a black-hole to delete these before I download them.
On the rare occasions someone uses my genuine address I just filter everything with “failed delivery” into a separate folder and purge it. Worth a check now and again to make sure there’s no genuine bounces in there, but it’s a pain rather than a concern.
Your e-mail address doesn’t have to be on a web site, and you don’t have to be infected with any virus or spyware. If you have sent e-mail to anyone using OutLook whose computer becomes infected by an e-mail harvesting virus, then your address is added to the Big Master Spam List ™. And so it will be forever.
Having opened about a dozen or so it appears that most of them are from some scanning company but unfortunately I can’t find out which one because all is hidden.
So far today I’ve had 18 which is down on previous days.
On the downside my spam from the Athens Group is on the up.
You might consider, if you haven’t done so already, using a Hotmail or Yahoo email address for things like these. I use one Hotmail address for any site from which I order or use often.