Jump to content

Hijacked Spamcop Email Address


esteban

Recommended Posts

Greetings,

Today I got a big pile of undeliverable mail returned... it was all spam sent to addresses at .ru (Russia?) using my spamcop address as the return address. I have never sent mail using this address, and the only two places it's listed anywhere on the web are in my Spamcop account and in a secure control panel at my server, as an address to forward all the mail that comes to my regular email address. I assume, I hope rightly, that my information is secure at Spamcop, and I believe it's secure where I forward from, and I've never used the address for anything else, so how did these guys get it to use it?

Also, can I now change my Spamcop email address?

Thanks.

Steve

Link to comment
Share on other sites

That's called a forgery of your address, and yes, it's all way too common these days. How they picked you? Probably the same way they picked up a couple of my HotMail addresses last month, a Yahoo address the month before, and from all the complaints of others that this has hapened to, it's hard to say. Dictionary, random character generator, one of your complaints was passed on directly to a spammer, your SpamCop "name" is the same as some user over on PacBell and that's the "name" that was chosen with "spamcop.net" added on as the domain name .....

changing your account name, yes, I've seen it asked, usually answered as "yes", but you'll have to take the steps to contact service at spamcop.net to get that started.

But, if you'll re-read the first paragragh, changing the name may help this specific flood of bounces, but won't do a thing for the next time "your name" gets selected as the victim of the day/week/month ..... in most cases, the flow eventually stops, as they move on to another selection of name/domain sets ...

Link to comment
Share on other sites

Steve,,

You are not alone. I also have been dealing with this for the last 48 hours. Already I've had over 100 bounces to my spamcop.net email address. Looks like some enterprising spammer is having a go at spamcop (again!).

I've had the same spamcop email address for several years now, and there's no way I'm changing. I will tell you what I've done with this particular instance. I have set up a rule in my outlook that looks in the subject header for 'undeliverable' or 'undelivered' or 'returned email' etc. When the rule finds these messages, it automatically deletes them.

Since I use IMAP to communicate with Spamcop, they aren't actually 'deleted' at that stage; in Outlook they just get the line drawn through them and are marked for deletion (and taken out of my way). Once a day I've been scrolling through the list which takes me all of 30 seconds. Then once I've made sure nothing looks like it's been incorrectly caught automatically I purge the deleted items from the edit menu.

It's really sorted this mess out for me - you might want to give that a try.

Good Luck!

Scott (Spamcop user since 2000)

Link to comment
Share on other sites

As Mike Easter would write:

It is normal for spam to have a forged or bogus From: If the From is

your addy, and the spam item bounces 'belatedly' after it has been

'accepted' at the would-be recipient's server, then the server my 'send'

or mail you the belatedly bounced spamitem. It isn't

'spamcop-qualified' spam because it wasn't actually mailed from the

spamsource to you - it was mailed from the spamsource to someone else,

your addy just happened to be in the From:, so you happened to get the

bounce.

Thus you receive a bounced spamitem not actually From you or To you.

Like several other undesirable and unsolicited emails described in the

spamcop rules, that is unsolicited and unwanted and spam 'underneath',

but not 'reportable'.

In addition to that, in the type of item I described above, in a spamcop

parse, the headers 'on top' would show the 'source' to be the recipient

server, not the spam item's source, because those topmost headers

'started' at the recipient server and then the mail traveled to you.

SpamCop doesn't want that, either. Only the 'underneath' headers, those

'attached' to the original spambody, would show the actual spamsource.

Link to comment
Share on other sites

I've been seeing an occasional odd thing - bounces of spam delivered to an address I have never used for any purpose (it was established by my ISP, Spamcast (er, Comcast), and I have SpamCop pick it up so I can get service announcements). The headers of the message that bounced do not show my address anywhere. The username is not one that is subject to dictionary attacks, and the ISP, of course, denies leaking it (I have opted out of their "directory" service.) I get only 2-3 of these a month, so it is just mildly annoying.

What I can't quite figure out is whether the bounces themselves are forgeries, or if there is some hidden envelope address to which the spam gets bounced. Strange...

Link to comment
Share on other sites

Steve,,

You are not alone. I also have been dealing with this for the last 48 hours. Already I've had over 100 bounces to my spamcop.net email address. Looks like some enterprising spammer is having a go at spamcop (again!).

You're lucky. The users with single-character email addresses have received thousands of bounces.

See http://mail.spamcop.net/news.php for a news announcement about this (although it really doesn't say much).

JT

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...