Jump to content

spammer using my e-mail


dra007

Recommended Posts

It is not a good idea to "bounce" emails after accepting them because the bounce then goes to the return path which is generally forged by the spammer.

Perhaps someone else is also using "spamblock" (I don't know what that is) and you are getting the bounces from him because the spammer used your email address in the return path. Or sometimes, spammers put the forged email address in both the "To" and "From" so you are actually bouncing the spam back to yourself.

Do not "bounce" spam is the moral of the story.

If you are interested in *doing* something about spam, look into the spamcop.net site. (be careful not to go to the spamcop.COM site which is entirely different and not very effective).

Miss Betsy

Link to comment
Share on other sites

I have removed the boncing program, I am using cloudmark spamnet instead. It simply delets the spam and reports it to their own spam list. It doesn't work well with my imap folder leaving the spam marked for deletion on the server. I find that anoying, I really don't want to deal with every spam repeat anymore. It seems that I got in a hacker enemy list and keep getting repeats of same 'viagra' aand 'enlargement' spam no matter, where and how often I report it. On top of it, when I do report it to spamcop, I get virus infectred files or spam thanking me for purchasing the product. Obviously, this is a clever hacker who decided on stalking all my e-mail addresses to give me grief. The latest tactic was to send sam to other people in my name, with my e-mail addresses but a different name.

Link to comment
Share on other sites

It is not only you who is being victimized by the spammers using spam victim's email addresses in the "From" section. Anyone on a spammer list is also getting them.

There is little you can do to stop spammers from emailing you, at the present moment, once you get on their lists. Spamcop hopes to stop spammers by getting ISP's to stop them from sending from their networks and by blocking those ISP's who are irresponsible. That is a long term solution.

If you can, you can change your email address (preferably to one that has alphanumeric characters to discourage dictionary spammers - ie d00r7) and then be careful where you use your new address on the internet. Some people have a hotmail account for ordering merchandise; others prefer to use a service like sneakemail).

If you don't want to change your email address, then using a filter such as cloudmark or the spamcop email service (where you can help by reporting spam - which does shut them down and make it harder for them to operate) are the only options available. yourbuddy claims K9 filtering works really well; however, all content filters are just automatic ways of "just hitting delete."

HTH

Miss Betsy

Link to comment
Share on other sites

the spams I reported to spamcop were not forged with my e-mails in the return path, these are newly and independently generated e-mails by the spammer who is sending them in my name, changing the actual name but using my e-mail. This is another form of abuse.

Initially I bounced the spam back to the spammer, keeping my identity secret (automaticallly by the spam filter program).

Link to comment
Share on other sites

If the spammer is using your email address (and the code bounces are coming back to you), then it sounds to me as though your computer was infected by one of those viruses you mentioned. IOW, the spammer is using your machine to send spam. You need to run a virus checker.

I am not technically fluent, but I don't believe that there is any way that a spammer can send email from your email account unless he has taken over your computer by the means of a virus or obtained your password somehow.

let's hope that a technically fluent person comes along soon and can point out what is happening.

Miss Betsy

Link to comment
Share on other sites

not forged with my e-mails in the return path

Not sure why you felt that this detail was critical .. the referenced link I suggested only mentions the From: line ..???

in my name, changing the actual name but using my e-mail

I think, but I'm not sure, that you're saying the same thing .. "my name" = "my e-mail" ??? As above, also will have to assume that you are talking about the From: line ..??

bounced the spam back to the spammer, keeping my identity secret

I can't even guess how you could think that if you "bounced the e-mail" that your identity could be "secret" ... it may be that you are using a non-standard definition of the word "bounce" ...??

again, headers would have to be seen to figure out what's really going on.

Link to comment
Share on other sites

again, headers would have to be seen to figure out what's really going on.

dr007 has posted the entire spam in his other thread

I can't even guess how you could think that if you "bounced the e-mail" that your identity could be "secret" ... it may be that you are using a non-standard definition of the word "bounce" ...??

He was using "spamblock" which used an email message disguised as a bounce, I believe.

QUOTE 

not forged with my e-mails in the return path

Not sure why you felt that this detail was critical .. the referenced link I suggested only mentions the From: line ..???

Because I mentioned the return path in my reply. He is looking at headers as well.

QUOTE 

in my name, changing the actual name but using my e-mail

I think, but I'm not sure, that you're saying the same thing .. "my name" = "my e-mail" ??? As above, also will have to assume that you are talking about the From: line ..??

That's my guess. And that both the bounces he sent and the bounces he is getting from emails sent with his email address are being code rejected, not email bounced. IOW, when he sees the "bounce" message, he sees that a message from his email address (not the forged From and return path) has been bounced.

Now let him tell us who guessed the best!

Miss Betsy

Link to comment
Share on other sites

you Ms Bet, my name=real name, my e-mail=e-mail address. Bounces only show my e-mail, but the attched e-mail header show my e-mail with a made up name, not my real name. Obviously spammer is using my e-mail address but changing the name that goes with it. It is another form of abuse since most servers have spam filtering which blocks and bounces spam.

Link to comment
Share on other sites

Both spams seemed to be going through an open proxies, but at different IP addresses.

If I understand you correctly: Your email address IS ads5 at imap.pitt.edu. However in the examples you posted the names were different names: Luisa and Cecile.

Your email address (if it is ads5 at imap.pitt.edu) is in the return path line by itself without a name attached. However, in the From and Reply to lines it has a different name as well as the email address. The From line is what people would see if they opened the spam.

If I understand how email works is that if the receiving ISP accepts the email, then he can't return it to the real sender (in this case the open proxies) unless he does a spamcop-like parse of the headers. Therefore, the receiving ISP returns it to the "return path" which is your email address.

This problem is a common one because the spammers use email addresses on their spamming lists in the return path so they do not get complaints. And yes, many people do consider that the receiving ISP who accepts the spam email and then "bounces" it to the forged return path are abusive as well as spammers. This is also what you were doing originally when you were "bouncing" spam.

However, servers that have spam filtering that block and bounce (by using a code - they do not accept the spam, but reject it) do not even see the forged return path. Their rejection is based on the IP address from where the spam came (in this case the open proxies). That is why blocklists like spamcop are so effective in stopping spam in getting to customers. All content filters have to accept the spam before they can identify it and then they cannot report it accurately without using the same methods that spamcop does to find the IP address. spam caught by content filters has to be deleted unless the receiver either looks at the headers and finds the correct IP address or, if he doesn't care, sends an undeliverable message to the forged return path.

You may have received your own "bounces" back since the same email address is in both the return path and the TO field, but the other "bounces" are coming from other people who do not understand that sending emails called bounces is a form of abuse.

It would have nothing to do with spamcop since spamcop sends reports to the IP addresses. In this case, both were open proxies and the person with the open proxy is not sending the spam. They were allowing spammers to use their open proxy to send the spam. The spamcop report told them to shut the open proxy. If they did, no more spam would come from there. If they didn't, the spammer will use it again. He will probably not use it right away since the spammer knows that people who know will be blocking/rejecting email from that IP address.

HTH

Miss Betsy

Link to comment
Share on other sites

This is not a random spammer, he targets me with a malicious intent. I just recieved to viruses from him posing as my IP administrator, luckyly my IP removed the attachment. I also have virus protection which quarantined viruses send by him in the past. Whoever this is, is using all the methods in the book to stalk and abuse me, even posing as my own bank and asking for private information. Unfortunately, reporting to spamcop only gives me a brief respite, next time I get the abusive spam, whic are just repeats with illegitimate web addresses, using different routing and servers. I am surprised that spamcop fails to identify the true IP of this spammer after that many reports.

Link to comment
Share on other sites

Everything you are describing is happening to many of out here. It is not necessarily the same person doing this. Are you tracing the headers back to the same source each time?

I just recieved to viruses from him posing as my IP administrator

Results of one of the recent viruses. I received 3 today and I am the system adminitrator.

even posing as my own bank and asking for private information

Phishing expedition. I have received 2 Ebay account confirmations in the last 2 days to the addresses for my 3 and 6 year olds.

Link to comment
Share on other sites

I am surprised that spamcop fails to identify the true IP of this spammer after that many reports.

Unfortunately, no one can trace where the email really came from if the spammer uses an open proxy (or computer infected with a virus). All anyone can do is to tell the operator of the computer with an open proxy or computer infected with a virus that they are letting spammers use their computers.

Also, unfortunately some operators do not close the open proxy or fix the infected computer. comcast (the IP address for one of your samples) is notorious about not doing anything.

Reporting spam via spamcop is a long term solution. It does not stop you from getting spam (unless you happen to hit a responsible ISP who has had a spammer slip through his defences).

What is happening to you is happening to anyone whose email address has been picked up by the spammers. Some people think that most spammers are people who have bought a program showing them how to spam and telling them that they will get rich quick. Most of them do not last very long, but there are always others who want to buy. The programs come with a way to get the "products" - the Viagra, the eBay books, the herbal medicines - that the emails are selling. That's why there are so many that look alike.

The bank, credit card, and other account information spam are by real crooks who want to get your information so that they can use it illegally. They make it look so real that some people fall for it.

If you really want to stop getting the spam, change your email address and do not use it for internet use except when you can really trust them. I think I already told you how to do this.

Miss Betsy

Link to comment
Share on other sites

You have never bounced a spam back to the spammer.

It is not possible for an end user program to do so. It can only do one of three things, all of them are a violation of every ISP's terms of service that I am aware of as they spoof an ISP role e-mail account name that you are probably not authorized to use.

  • Send a new mail message as a fake bounce to an innocent user like you, forging the account name from your ISP. (TOS violation)
  • Send a new mail message as a fake bounce to a non-existant user, which will be rejected back to what ever mail server that you used to send the mail message, which is likely your ISP. And if your ISP bothers to find out that you did this, they can suspend your service for the blatent TOS violation, or return the bounce to your inbox.
  • Send a new mail message back to the spammer, if the spammer happens to be one of the few that actually spam from their own domains. In this case, the spammer's software confirms that your e-mail address is live, as a real bounce would have come from the spammer's server, and nowhere else.

If you are getting spams that claim to come from your e-mail address, that is a common spammer technique to get around ISP content filters. They assume that an ISP will always let through e-mail that appears to come from one of their own users.

Getting such spam is common and does not mean that you are being specially targeted. It is just a ploy to get around stupid and virtually useless filtering methods.

It is also a common tactic to get viruses that appear to be from your system administrator. It does not mean that you are being specifically targeted. The virus author just thinks that their are enough people that would believe it.

If you are getting bounces from such spams, it is likely that they are not coming from spammers, but either from mail server administrators that are not using SMTP rejects, and thus allowing their servers to be exploited, or by clueless users of alleged anti-spam products that think they can bounce spam.

The spamcop.net parser can not be used to report such bounces, but it can tell you where they really came from, and what e-mail addresses to send a manual request to for it to stop. Try to be polite because some mail server operators are clueless and do not realize that they should be using SMTP rejects instead of generating bounces.

And as an end user, it can be hard for you to determine if it is a clueless mail administrator that does not understand that bouncing to forged addresses is abusive, or that they have a clueless user that thinks they can bounce spam.

Sometimes spammers will pick an address they think will not be blocked for the from address and use it. In which case you will get flooded from the clueless until it stops.

But if you are only getting the bounces from a few sources, a polite e-mail to their abuse desks will usually stop that. It may not convince them to change their e-mail system to use SMTP rejects instead of abusive bounces, but it may convince them to specifically stop bouncing e-mail to you.

I have had an apparent 100% success in getting abusive bounces and misdirected virus scanners stopped. I do not know the exact success, because in most cases the postmasters on my end would also have taken action had the abuse continued.

  yes, I have complained to my IP administrator many times, he re-directs me to spamcop, they just don't want to do a thing about preventing this open proxy business.

See the pinned topic about the cost of spam. Accepting e-mail from known open proxies just needlessly increases the cost of operating the mail server, and the increased load needlessly decreases it's reliability.

These costs and problems are passed on to you the paying customer, one way or another. Either by increased rates, or by reduced support services.

As does the cost of an open proxy on your ISP. Your ISP calculates a profit based on that each user on average will only use a small percentage of the ISP's total capacity.

An open proxy is either a misconfigured computer (old method) or planted by a virus (new method).

A spammer using an open proxy on your ISP can use as much capacity in a day as the ISP has budgeted to make a profit off of the owner of the compromised machine for a month. Leaving the open proxy connected for a week can cost more than the profit for that customer for the entire year.

And it seems that the ISPs are willing to let this compromize machine stay on their network for a week or more after they have been notified.

You see ISPs claiming all the time they are having trouble making money. By not shutting down these open proxies, it is costing the ISP's operating cash. And the only way they can compensate for this is to either cut back on services to their paying customers or raise rates.

Media reports put the value of the bandwiith that a single spammer steals from an ISP through a compromised computer at over $1,300 per week, if the spammer had to pay market rates for the same bandwidth.

That is the "retail" rate. the costs to the ISP are the "wholesale" rate, but it is likely still higher than what profit they expect to make for the year from leaving the infected machine on their network.

-John

Personal Opinion Only

Link to comment
Share on other sites

As pointed out by others, you have yet to make a convincing arguement that you've been "singled out" by a single specific spammer. It's rare these days to find people that have not yet had the joy of receiving spam, virii, bounced e-mail, etc., that allegedly "they" sent. If you want to feel targeted, wait for the 5,000 e-mails a minute type attack, the multi-meg sized files constantly sent to your 2Meg Hotmail account, crap like that. Untill there's some kind of obvious sign of this type of activity, sorry, you're just like everyone else. Your addresses have just ben found, scrpaed, discovered, whatever, and per your original postings, you definitely verified that they were active, so, as suggested by others already, it's way past time for you to get over this personal paranoia thing you've got going on and get back to the basics of simply fighting spam, if that's your desire.

Link to comment
Share on other sites

Exactly the same happened to me. A spammer was using my e-mail address as the "from" address (but with a different "name"). I was getting thousands of bounces a day. I had to disable that address.

I did a lot of checking; the first few thousand bounces came from an ISP in the UK with an open relay. Their abuse department did nothing, but a formal, legal letter to the MD got the spam stopped. The abuse department claimed it was all from a virus on one of their customers' computers, which I don't believe since the spams continued for about three weeks, with different content every day.

It restarted a few hours later from an open relay in Austria. It then continued through several other open relays. As far as I know, it's still going on - I don't see it any more.

There's nothing you can do when this happens to you, apart from abandon that e-mail address.

I got some slight revenge: most of the spams included an address for enquiries - this was commercial advertising, probably contracted out by reputable firms who didn't realise what was happening. So I set the domain server to forward all the bounces to the enquiry addresses in the spams. The advertisers, if legit, will have realised something is horribly wrong and hopefully will do something about it.

Link to comment
Share on other sites

I got some slight revenge: most of the spams included an address for enquiries - this was commercial advertising, probably contracted out by reputable firms who didn't realise what was happening. So I set the domain server to forward all the bounces to the enquiry addresses in the spams. The advertisers, if legit, will have realised something is horribly wrong and hopefully will do something about it.

And those addresses may also have been innocent people who's links the spammer put in to make their spew look legitimate.

The thing to so with abusive bounces/broken virus scanners, is if you control the mail server is to issue SMTP rejects to them when you detect them. Either by the I.P. address of the clueless mail operator, or by a MILTER that detects them.

This causes the junk to end up anoying the postmaster of the system that is being abusive. Eventually they may get a clue.

I have multiple e-mail addresses including hotmail and yahoo. What seems odd is that the latest spam attack has targeted all my e-mail addresses, including some I have not used in a long time.

If your mail servers are accepting e-mail from known spam sources, that is not surprising at all. Right now, one of my providers uses a comercial content filter. It is being carpet bombed by two spammers.

My public e-mail accounts are run by competent postmasters, so I do not see the spew..

-John

Personal Opinion Only

Link to comment
Share on other sites

Now I feel more like being in a support group. It's hard not do get paranoic when overnight you get abusive spam repeats every time you check the e-mail. My own relief comes from one e-mai which gets filtered on the server and I don't see it unless I log on to the web site. Unfortunately, setting the filter high also resulted in a number of false positives, so I have to check the spam box on the site regularly.

It's hard for me to understand what joy these lowlife spammers get out of spamming. Since they are misrepresenting the websites in spams, I don't see them gaining anything but a peverse satisfaction of malice. Thank you all for helping me understand this bizare phenomenon.

Link to comment
Share on other sites

I am glad that you are feeling less paranoic about spam. It's bad enough to have to deal with it without feeling that you are being targeted.

Spammers only get 1% replies from the millions of spam they send. Some people think that few of the spam you get is profitable to anyone except the person who sold the spam software to wannberich folks who are suckered in. I would not be surprised if the same people who write viruses also write spam to get around content filters just for the challenge of it.

recently I also had some peculiar spam to addresses that do not normally get spam. It seemed like someone really dug deep to find new addresses or, though I don't have any reason to think this, that somehow one of those recent viruses gathered a lot of addresses to use for spam.

My ISP is also entirely uninterested in blocking open proxies or, indeed, of using any kind of blocklist so I sympathize.

Hope reporting goes smoother for you. There is a certain satisfaction in hitting that "send" button!

Miss Betsy

Link to comment
Share on other sites

Agree. It has been slow though, as long as 3 days delay, even when I post at odd hours when the reporting is low. I go to check the website and end up posting manually, if I don't make the mistake and delete the reported spam.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...