Jump to content
Sign in to follow this  
esteban

Hijacked Spamcop Email Address

Recommended Posts

Greetings,

Today I got a big pile of undeliverable mail returned... it was all spam sent to addresses at .ru (Russia?) using my spamcop address as the return address. I have never sent mail using this address, and the only two places it's listed anywhere on the web are in my Spamcop account and in a secure control panel at my server, as an address to forward all the mail that comes to my regular email address. I assume, I hope rightly, that my information is secure at Spamcop, and I believe it's secure where I forward from, and I've never used the address for anything else, so how did these guys get it to use it?

Also, can I now change my Spamcop email address?

Thanks.

Steve

Share this post


Link to post
Share on other sites

That's called a forgery of your address, and yes, it's all way too common these days. How they picked you? Probably the same way they picked up a couple of my HotMail addresses last month, a Yahoo address the month before, and from all the complaints of others that this has hapened to, it's hard to say. Dictionary, random character generator, one of your complaints was passed on directly to a spammer, your SpamCop "name" is the same as some user over on PacBell and that's the "name" that was chosen with "spamcop.net" added on as the domain name .....

changing your account name, yes, I've seen it asked, usually answered as "yes", but you'll have to take the steps to contact service at spamcop.net to get that started.

But, if you'll re-read the first paragragh, changing the name may help this specific flood of bounces, but won't do a thing for the next time "your name" gets selected as the victim of the day/week/month ..... in most cases, the flow eventually stops, as they move on to another selection of name/domain sets ...

Share this post


Link to post
Share on other sites

Steve,,

You are not alone. I also have been dealing with this for the last 48 hours. Already I've had over 100 bounces to my spamcop.net email address. Looks like some enterprising spammer is having a go at spamcop (again!).

I've had the same spamcop email address for several years now, and there's no way I'm changing. I will tell you what I've done with this particular instance. I have set up a rule in my outlook that looks in the subject header for 'undeliverable' or 'undelivered' or 'returned email' etc. When the rule finds these messages, it automatically deletes them.

Since I use IMAP to communicate with Spamcop, they aren't actually 'deleted' at that stage; in Outlook they just get the line drawn through them and are marked for deletion (and taken out of my way). Once a day I've been scrolling through the list which takes me all of 30 seconds. Then once I've made sure nothing looks like it's been incorrectly caught automatically I purge the deleted items from the edit menu.

It's really sorted this mess out for me - you might want to give that a try.

Good Luck!

Scott (Spamcop user since 2000)

Edited by fromcali

Share this post


Link to post
Share on other sites

As Mike Easter would write:

It is normal for spam to have a forged or bogus From: If the From is

your addy, and the spam item bounces 'belatedly' after it has been

'accepted' at the would-be recipient's server, then the server my 'send'

or mail you the belatedly bounced spamitem. It isn't

'spamcop-qualified' spam because it wasn't actually mailed from the

spamsource to you - it was mailed from the spamsource to someone else,

your addy just happened to be in the From:, so you happened to get the

bounce.

Thus you receive a bounced spamitem not actually From you or To you.

Like several other undesirable and unsolicited emails described in the

spamcop rules, that is unsolicited and unwanted and spam 'underneath',

but not 'reportable'.

In addition to that, in the type of item I described above, in a spamcop

parse, the headers 'on top' would show the 'source' to be the recipient

server, not the spam item's source, because those topmost headers

'started' at the recipient server and then the mail traveled to you.

SpamCop doesn't want that, either. Only the 'underneath' headers, those

'attached' to the original spambody, would show the actual spamsource.

Share this post


Link to post
Share on other sites

I've been seeing an occasional odd thing - bounces of spam delivered to an address I have never used for any purpose (it was established by my ISP, Spamcast (er, Comcast), and I have SpamCop pick it up so I can get service announcements). The headers of the message that bounced do not show my address anywhere. The username is not one that is subject to dictionary attacks, and the ISP, of course, denies leaking it (I have opted out of their "directory" service.) I get only 2-3 of these a month, so it is just mildly annoying.

What I can't quite figure out is whether the bounces themselves are forgeries, or if there is some hidden envelope address to which the spam gets bounced. Strange...

Share this post


Link to post
Share on other sites
Steve,,

You are not alone. I also have been dealing with this for the last 48 hours. Already I've had over 100 bounces to my spamcop.net email address. Looks like some enterprising spammer is having a go at spamcop (again!).

You're lucky. The users with single-character email addresses have received thousands of bounces.

See http://mail.spamcop.net/news.php for a news announcement about this (although it really doesn't say much).

JT

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×