It's me who's sending out the spam -- but not deliberately.

[Dick Chambers]

For the last six months, I have been annoyed by frequent spams to my e-mail
address by people who gratuitously want to give me "friendly" information
that the share price of, for example, XYZ Co Inc is going to markedly
increase, usually on the following Monday morning. Buy in now, it
encourages. Anybody with half a brain can see what their little game is.
Below contempt.

These spams are all addressed to a non-existent e-mail address such as (for
example):- gjpd@my_emailaddress.co.uk
whereas my true e-mail address is actually:-
dick.chambers@my_emailaddress.co.uk .
The gjpd in the spamming address is different each time. For example, dhar,
wrlf, etc.

The situation has now become even worse. I have started to receive genuine
e-mails, from genuine webmasters and MailerDaemons, saying that the message
I have sent them was undeliverable -- recipient unknown. Other e-mails
state bluntly that they do not accept spam from me. I have also had polite
replies saying (for example) "This is an automatically generated messgage.
John Smith is on leave and will be unable to deal with my e-mail until 2
December". The only trouble is that I do not know John Smith, and did not
knowingly send him an e-mail.

When I inspected the messages that are being returned as attachments to
webmasters' e-mails, they are all these same spams urging people to invest
in shares of XYZ Co Inc next Monday morning. Purportedly, the e-mails were
sent from fake addresses on my computer, such as:-
gjpd@my_emailaddress.co.uk

I want to put a stop to this, and I have paid $70 to have Symantech purge my
computer of whatever virus is causing the problem. It hasn't worked. The
problem persists.

Now to my questions:-

1. Is the problem definitely and provably on my own computer? Or could it
be that a virus on somebody else's computer is causing that computer to send
out spam, faking a return address attributable to my computer, such as:-
gjpd@my_emailaddress.co.uk
so that I get the returns of undeliverable e-mails?

2. How can I prove that the problem is on my computer, and not on another
unknown computer connected to the internet somewhere else in the world?

3. Is there any way to block my computer from sending out e-mails from a
fake address such as:-
gjpd@my_emailaddress.co.uk
so that the only allowable address that it will actually send out e-mails
from is the genuine one:-
dick.chambers@my_emailaddress.co.uk ?

4. Is there any way to arrange so that an e-mail addressed to a fake
recipient on my own computer, such as:-
gjpd@my_emailaddress.co.uk
is automatically blocked and does not waste my time by downloading into my
computer? I am getting a sufficient number of these spams that downloading
them all is wasting time in which I could be doing more productive work.

5. What is the name of the virus my computer has caught (if indeed it does
have a virus)?

I would be grateful to receive your comments and suggestions.

Dick Chambers Leeds UK

 

[C A Upsdell]

For the last six months, I have been annoyed by frequent spams to my e-mail
address by people who gratuitously want to give me "friendly" information
that the share price of, for example, XYZ Co Inc is going to markedly
increase, usually on the following Monday morning. Buy in now, it
encourages. Anybody with half a brain can see what their little game is.
Below contempt.

These spams are all addressed to a non-existent e-mail address such as (for
example):- gjpd@my_emailaddress.co.uk
whereas my true e-mail address is actually:-
dick.chambers@my_emailaddress.co.uk .
The gjpd in the spamming address is different each time. For example, dhar,
wrlf, etc.

The situation has now become even worse. I have started to receive genuine
e-mails, from genuine webmasters and MailerDaemons, saying that the message
I have sent them was undeliverable -- recipient unknown. Other e-mails
state bluntly that they do not accept spam from me. I have also had polite
replies saying (for example) "This is an automatically generated messgage.
John Smith is on leave and will be unable to deal with my e-mail until 2
December". The only trouble is that I do not know John Smith, and did not
knowingly send him an e-mail.

I assume that you have your own domain, www.my_emailaddress.co.uk .

If so, this is probably not caused by a virus or other malware in your
PC. Most likely what is happening is that spammers are sending spam
with the return address forged to email addresses in your domain. So if
for any reason the spam is bounced, it is bounced to you, not to the
spammer. This is a standard spammer tactic.

See if you can configure your email server so that email sent to invalid
addresses in your domain are discarded. This way you will not get the
bounced mail unless the spammer happens to be setting the return address
to a real email address in your domain.

Re people complaining to you about the spam: if you block the invalid
addresses, you should not get many complaints. Perhaps when you do get
complaints, you can simply politely reply that you are not sending the
spam, that you are the victim of someone who is sending spam and forging
your return address. Many people will understand this.

 

[Pop`]

Your Q is a little erratic, so I'll make some inline responses; maybe it'll
tick something for you.

Dick Chambers wrote:
....

These spams are all addressed to a non-existent e-mail address such
as (for example):- gjpd@my_emailaddress.co.uk
whereas my true e-mail address is actually:-
dick.chambers@my_emailaddress.co.uk .
The gjpd in the spamming address is different each time. For example,
dhar, wrlf, etc.

So far sound like typical spam mail forgeries. You don't mention having web
mail, so I'll assume this is your personal email accounts with your ISP.
Typically the kind of spam you indicate is considered "dictionary" spam;
made up names in the hopes of hitting a "real" address. Very common.

The situation has now become even worse. I have started to receive
genuine e-mails, from genuine webmasters and MailerDaemons, saying
that the message I have sent them was undeliverable -- recipient
unknown.

Still sounds like your info is being forged into spam runs. Easy to do, not
unusual.

Other e-mails state bluntly that they do not accept spam

from me.

That might indicate your ISP is showing up on block lists or blacklists,
which could impede your ability to send spam. dnsstuff.com is a good place
to check to see if your ISP has many people blocking it.

BTW, if your ISP is ntlworld.com (I pulled it from the headers),
dnsstuff.com says:
Status: Got back 269 of 272 requests.
Failed: None

and that's good.

I have also had polite replies saying (for example) "This

is an automatically generated messgage. John Smith is on leave and
will be unable to deal with my e-mail until 2 December". The only
trouble is that I do not know John Smith, and did not knowingly send
him an e-mail.

Another indication of forged spam headers. Nothing to do with you.

When I inspected the messages that are being returned as attachments
to webmasters' e-mails, they are all these same spams urging people
to invest in shares of XYZ Co Inc next Monday morning. Purportedly,
the e-mails were sent from fake addresses on my computer, such as:-
gjpd@my_emailaddress.co.uk

That seems to say that you are using "catch-all" email addressing: Any
username at your domain.tld will be accepted as valid email. That's a bad
setting, as you're discovering. Turn OFF the catch-all feature. Thanks to
spammers, it's just not a feasible feature any longer.

I want to put a stop to this, and I have paid $70 to have Symantech
purge my computer of whatever virus is causing the problem. It hasn't
worked. The problem persists.

DID Symantec find anything? That might be important, or it might be
meaningless; hard to say at this point. Personally I don't think any of
this was caused by you or anything your'e doing. I think your real email
address has simply been forged into the headers of several spam runs and
especially with a catch-all address, you're reaping the "benefits".

Now to my questions:-

1. Is the problem definitely and provably on my own computer?

I'm pretty sure it is NOT. There are monitors you can use to prove same;
come back and ask if you can't find them on your own.

Or

could it be that a virus on somebody else's computer is causing that
computer to send out spam, faking a return address attributable to my
computer, such as:- gjpd@my_emailaddress.co.uk
so that I get the returns of undeliverable e-mails?

It could be that, or something similar. Spammer sofware often just grabs
any old name from its address database and if it's say a million-spam run,
your info goes out on a million spams. I suspect this is what's happening.

On the offchance you have a web site, and have any forms on it, there is
also the possibilty that your forms have been hacked and the spammers are
using those to send out their spews. Your sever management should be able
to look at their logs and tell you if you've been sending out an inordinate
amount of emails. Spam is pretty easy to identify because of the huge
quantities of mails that go out.

2. How can I prove that the problem is on my computer, and not on
another unknown computer connected to the internet somewhere else in
the world?

There are many ways, some good, some not so good, some pretty useless. It'd
be better for you to digest this, and then come back with more clarifying
data. You've really given no informaiton to work with. For example, it's
not even apparent whether you're talking about dialup or DSL or cable, or
what? Each has their own sets of problems.

3. Is there any way to block my computer from sending out e-mails
from a fake address such as:-
gjpd@my_emailaddress.co.uk

Yes, depending on what browser/clients your'e using. Another thing you
haven't mentioned too, is whether this is all simply an annoyance or is it
causing some sort of problem/s?

so that the only allowable address that it will actually send out
e-mails from is the genuine one:-
dick.chambers@my_emailaddress.co.uk ?

Probabl not, but I'm not sure what you're thinking the way that's worded.

4. Is there any way to arrange so that an e-mail addressed to a fake
recipient on my own computer, such as:-
gjpd@my_emailaddress.co.uk
is automatically blocked and does not waste my time by downloading
into my computer?

Yes. Message rules on whatever you're using for a client.

I am getting a sufficient number of these spams

that downloading them all is wasting time in which I could be doing
more productive work.

Definitely message rules. Remember though that nothing is 100% accurate, so
whatever you do you'll still have to check the junk periodically to see if
it caught any good emails. ANYONE that tells you they have a 100% solution
is either very gullible or outright lying to you.

5. What is the name of the virus my computer has caught (if indeed
it does have a virus)?

There are probably thousands of them! But, based on what you said and your
experience with Symantec also, I don't think it's a virus.

I would be grateful to receive your comments and suggestions.

I'd write a book asking you the questions I would need answered, and the
various variants possible in each case. You'll need to either part with
some valid information or suffer through a lot of guessing.

Get your real email address OFF the newsgroup headers! Use a verified
fictitious non-existing impossible to exist address for an email address on
newsgroups. They are a spammer's paradise when they look for new email
addresses to spam or use otherwise.
For instance, I use (e-mail address removed) for my email address.
It's a real address, but it's never checked and the mail is deleted before
it even hits a hard drive; special setup. You can use it too, if you wish.
NEVER post any identifying information about yourself on a newsgroup. If
you must give an address, the mung it so software can't see it as an
address. For example:
nobody AT spamcop DOT net would work to convey what the address is; the user
simply replaces the AT with @ and DOT with period, and so on.

http://www.claymania.com/safe-hex.html
www.spamcop.net
www.cauce.org


HTH
Pop`

 

[Dick Chambers]

Your Q is a little erratic, so I'll make some inline responses; maybe
it'll tick something for you. [...]

Thank you, both to yourself and to Mr Upsdell. Between the two of you, you
have managed to clarify the situation and explain to me what is actually
going on. I have started to take steps to put this problem right, along the
lines you have suggested. Most helpful.

Regards Dick Chambers, Leeds UK.