PDA

View Full Version : Spammer are using my email address



najopito
12-10-2003, 08:43 PM
I have a website with email accounts. I am getting [b]Returned mail: User unknown[\b] for email accounts that don't exist at the site. Help!

csinclair83
12-10-2003, 08:54 PM
can we have more details?

are u saying that ppl try email u and it gets sent back to them as "no such addresS"

godfather
12-10-2003, 09:00 PM
Many viruses and trojans harvest e-mail addresses from infected computers.

They use one address taken at random, and spoof the e-mail to look like it was sent from that domain, when in reality it came from someone else that just happened to have your e-mail address domain in their address book.

Presumably your e-mail server is secure from relaying?

whiskeytangofoxtrot
12-10-2003, 09:01 PM
10 to 1 you've got the Swen virus.

Get this (http://www.norman.com/public/swenfix.exe)

And then download a virus scanner and check your machine.

najopito
12-10-2003, 09:04 PM
Ok. I got 2 email like this. I remove the email address "Noe Scott" <jkofod@XXXXX.com>I the person hijacked the address. MY site is not XXXXX.com btw I removed the address

The original message was received at Sat, 11 Oct 2003 19:15:15 -0400 (EDT)
from cbl199-203-52-159.bb.netvision.net.il [199.203.52.159]


*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with its
delivery. The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".

The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".

The line beginning with "<<<" describes the specific reason your e-mail could
not be delivered. The next line contains a second error message which is a
general translation for other e-mail servers.

Please direct further questions regarding this message to your e-mail
administrator.

--AOL Postmaster



----- The following addresses had permanent fatal errors -----

----- Transcript of session follows -----
... while talking to air-xi03.mail.aol.com.:
>>> RCPT To:<kwreilly@aol.com>
<<< 550 MAILBOX NOT FOUND
550 <@aol.com>... User unknown



--------------------------------------------------------------------------------


Received: from CBL199-203-52-159.bb.netvision.net.il (cbl199-203-52-159.bb.netvision.net.il [199.203.52.159]) by rly-xi01.mx.aol.com (v96.8) with ESMTP id MAILRELAYINXI13-4bd3f888ef43c; Sat, 11 Oct 2003 19:15:10 -0400
Message-ID: <j947-et7x1365kg596$kxpbg69d@q9j.95av.2x>
From: "Noe Scott" <jkofod@.com>
Reply-To: "Noe Scott" <jkofod@.com>
To: chrys135@aol.com
Cc: <@aol.com>, <@aol.com>, <@aol.com>,
<@aol.com>
Subject: monrerey brtuminous
Date: Sat, 11 Oct 2003 19:35:42 -0300
X-Mailer: MIME-tools 5.503 (Entity 5.501)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="0FAB_15D.C3D_905_"
X-Priority: 3
X-AOL-IP: 199.203.52.159
X-AOL-SCOLL-SCORE: 0:XXX:XX
X-AOL-SCOLL-URL_COUNT: 0

najopito
12-10-2003, 09:11 PM
I am using ZoneAlarm and Nortons. Norton just updated a few days ago and ran a full scan on Friday.

Email orginated at http://home.netvision.net.il/

mark.p
12-10-2003, 09:18 PM
Possibly not. I know my mates OE address book was highjacked with my address in in and I get these
no swen here at all...........

mark.p
12-10-2003, 09:21 PM
Forgot to add I just use Mozilla to filter the crap out.

najopito
12-10-2003, 09:26 PM
With email I us Mail Washer version 1.33 and bounce loads of spam each day. I don't use secure authentication for that or when I download ones thought Outlook Express.

I will run Norton overnight. Disconected the computer from the net first.

beama
12-10-2003, 11:06 PM
> 10 to 1 you've got the Swen virus.
I agree, I have had this email and it had a attachment with it guess what Swen.A. Swen hides itself in many ways, this is one way.

My advice update your anti virus, then run a full scan.


I think Symantic has a swen removal tool on their site.

My version came quix.com a american ISP. I was unable to identify the sender just the ISP. (I just love header information).

BTW Swen I think disables most well known security measurers so if your firewall is not working ..........need I say more (scan your machine)

najopito
13-10-2003, 06:15 PM
I did a norton update then a scan. It was clean

FrankS
13-10-2003, 07:18 PM
Had a 143kb similar message from AOL mail, just deleted it and forgot about it. Did'nt receive anything further from AOL. Any returned mail is deleted in Mailwasher Pro and not bounced. Norton and firewall are always kept running and up to date. When the AOL mail arrived did a check and got a clean bill of health. Suggest grudgingly accept that this is one of the risks of using E mail and until all Governments get involved in tracking and hammering spammers will be one of the curses of Internet

stu140103
13-10-2003, 09:46 PM
I also got the same (I think, need to check (I saved the header information)) message from AOL mail; I just deleted it and forgot about it. & I have not got anything further from AOL.

I think a Spamers got a virus & then it (the virus) has faked the sender details (from the Spamers address book or list) then that is how you get that message...

beama
13-10-2003, 09:58 PM
najopito
as long as you did not open/exercute the attachment you should be fine.
If you are using outlook express do not use preveiw( you can change the way outlokk displays your emails by going to veiw......layout) as this is the same as double clicking on the attachment

najopito
13-10-2003, 10:10 PM
I will no longer preview any messages. I sometimes do this using mail washer. I am going to change to a new program soon.

I wont worry about it further less I get further messages.

I get mostly spam on my site email account

I think being a spammer should waiver their rights not to be subject to any cruel and unusual punishment.

Pheonix
13-10-2003, 10:37 PM
Preview in Mailwasher is best actually as it only lets text come down. You can actually see HTML coding by previewing, so it cannot infect you. What was mentioned was the preview in OE that is bad, because it can run code such as HTML, which may be harmful.