Page 1 of 3 123 LastLast
Results 1 to 15 of 34
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Madison, WI
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Help! My junkmail folder is getting filled with "Message Not Deliverable" type of SMTP status messages from servers. My email address is in the "reply-to" of these message headers, although never in the "from" field. I've blocked port 25 on my local machine and they're still coming even after 3 hours. Is there anything I can do?

    Thanks,

    Eric

  2. #2
    Gold Lounger Roderunner's Avatar
    Join Date
    Dec 2009
    Location
    Scotland.
    Posts
    3,462
    Thanks
    16
    Thanked 216 Times in 183 Posts
    Hi Eric, welcome to the lounge.

    Set it up correctly, whatever one it is.
    O wad some Power the giftie gie us, to see oursels as ithers see us!

  3. #3
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,436
    Thanks
    372
    Thanked 1,457 Times in 1,326 Posts
    Eric,

    I'd disconnect from the internet. Run all your anti-virus and rootkit detectors and see if you find anything. If not I'd reconnect but don't open your email client. Go to the Anti-Virus vendor's sites and use their online scanners and see what they turn up. You can also download Malwarebytes and run it.

    It sounds like you have something that installed a mailer worm of some sort.

    Good Luck.
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Quote Originally Posted by Eric Selje View Post
    I've blocked port 25 on my local machine and they're still coming even after 3 hours. Is there anything I can do?
    If you can rule out the possibility that your machine is sending the messages, then I think you just have to let the storm run its course. Mostly likely you are retrieving the messages from a mailbox using POP3 or IMAP, neither of which uses port 25, so you will continue to get them along with your regular mail.

    On the other hand, if some malware on your machine is sending the messages, then you should disconnect, as noted above, until you can clean up.

    Analyzing the returned messages may or may not be safe or effective. False NDRs are a common way to distribute, you guessed it, malware.

  5. #5
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    South of the North Pole
    Posts
    919
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Sounds like your email address has been snatched by spammers. That can always happen if the email address you use is either public (you use it for login and signups at various sites) or if its not difficult to guess. Once in a great while my public address is taken and the spammers use it as the return address so it doesn't trace back to them so easily and because they mass email, there's bound to be a good percentage that are not valid deliverable email address so you get the kickback.

    You can set up rules to block them or let them continue into the spam folder but there isn't really anything else you can do except ride out the storm (usually a few days to a couple of weeks) as jscher2000 indicated.

  6. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    Madison, WI
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the advice, everyone. I've scanned three ways from Sunday and blocked ports and even shut my machine off and they're still happening, so it looks like I'll just have to ride it out.

    I do hope my email address doesn't get blacklisted. It'd be a real pain to have to switch.

    Thanks,

    Eric

  7. #7
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    South of the North Pole
    Posts
    919
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The problem with all the virus/spam bot theories is that that is the last thing a spam bot virus wants to do is throw up red flags all over itself. Any return address BUT the computer it resides on is used in order for it to NOT draw attention to itself.

    Granted it could be really really really stupid software....oh look, here I am, please remove me!

  8. #8
    3 Star Lounger
    Join Date
    Jan 2001
    Location
    Marietta, Georgia, USA
    Posts
    296
    Thanks
    9
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by Byron Tarbox View Post
    Granted it could be really really really stupid software....oh look, here I am, please remove me!
    Ah, this reminds me of the Polish virus ...
    Rick Groszkiewicz
    Life is too short to drink bad wine (or bad coffee!)

  9. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    NH
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    One way spammers get email addresses is by spambots. This is software that essentially crawls thousands of web pages per minute looking for email addresses published on the web pages.
    When it sees them, it saves them to a file, and then spams them and/or uses them as return addresses.
    Worse yet, they will sell those email addresses to other spammers and the nightmare continues.

    A simple way to minimize this for anyone who needs to have an email address on a web page is to encrypt the email.

    Easier than it sounds, you can do it in under a minute on a free site like http://spamdisappears.com

  10. #10
    Lounger jpl's Avatar
    Join Date
    Jun 2002
    Location
    England
    Posts
    45
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Jeff Mulligan View Post
    Thanks for that link. I have successfully used the Hivelogic Enkoder hivelogic.com/enkoder/form for some pages. This works well but uses JavaScript.

    JPL

  11. #11
    New Lounger
    Join Date
    Dec 2009
    Location
    Jacksonville, FL, USA
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I've had this happen to me. And my machine certainly wasn't compromised. It's a pain, but it will stop at some point. I've seen spam addressed to an address that I lost over a decade ago (because they didn't BCC, you could see the whole list it was sending to, it was in alpha order, and my user name was the same, just different domain), so once an email address is in the system, it's in the system.

  12. #12
    New Lounger
    Join Date
    Dec 2009
    Location
    Port Orchard, WA
    Posts
    14
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Roderunner View Post
    Set it up correctly, whatever one it is.
    1 thumb down (-1)

  13. #13
    New Lounger
    Join Date
    Dec 2009
    Location
    Bay City,Michigan, USA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Change your password

  14. #14
    New Lounger
    Join Date
    Dec 2009
    Location
    Madison, WI
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hey, good news everyone! This post made the latest edition of the Windows Secrets newsletter. I credit your awesome replies.

    The good news is that, as Byron Tarbox suggested, the storm has passed. I'm back down to my normal spam level (which GMail continues to catch at exemplary levels).

    Eric

  15. #15
    New Lounger jefryclair's Avatar
    Join Date
    Oct 2010
    Location
    cave junction, oregon, usa
    Posts
    5
    Thanks
    2
    Thanked 0 Times in 0 Posts
    that's great news Eric!
    glad to hear it, this thread particularly caught my eye because i just had my yahoo account hacked, similar situation, but different: the spams had me in the FROM entry, not only 'reply to'... luckily i caught it about an hour after it happened apparently, i checked the time stamps on the plethora of shize coming in the moment my mailwasher kept loading & loading that account, could see it was when my pc's were still turned off, i had just started up for the day after all.
    so went in & changed me password in the online account interface immediately & voila, message pops into the window saying i been logged out of a couple apps i had never, ever even logged into, duh.
    providing some gratification that i might have caught the pr*cks in there & pulled the plug, but i'm a dreamer.
    point is, how we've all heard it, know i did, i've even helped others out of this same mess yet ignored my own advice, at the expense now of embarrassment, & providing 200 people in my yahoo addy book yet another pain in the ass malicious spam:
    by changing the password to my webmail accounts on a regular basis!
    pain in the arse maybe, but well worth it, just had to chime in~

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •