'Returned' emails which haven't been sent!

[Guest]

I've recently started receiving masses of notifications that emails I've
sent (which I haven't sent) haven't been delivered.

The 'returned' emails are often 'From':
Mail Delivery Subsystem
or
Mail Administrator
or variations on these names, and have attachments.

When an email is using a 'From' name (John, or Sally, or whatever) which I
don't know I can (after a glance at the title) unquestioningly delete it.
However, I'm fearful that buried amongst these 'returned' emails may be
notification of an email which I >have< sent and which has been returned to
me undelivered. So I'm spending masses of time checking through these
'returned' emails - that's the problem.

(Let me try to get this straight in my head: sometimes the emails are
returned from addresses which look like the postmaster at legitimate email
addresses; can someone be using my domain name to send spam emails which,
when they're not delivered, are returned to me?)

I'm using Outlook and Norton and have set up an AntiSpam folder. However,
I've discovered that some addresses seem to be persistently delivered into
the wrong folders; I'm therefore reluctant to unquestioningly (ie, without
scanning the contents for emails in case there's one that should have been
delivered into my 'Inbox') delete the contents of my 'Deleted Items' and
'Norton AntiSpam Folders'.

I'd be grateful for any thoughts.

 

[Beauregard T. Shagnasty]

I've recently started receiving masses of notifications that emails
I've sent (which I haven't sent) haven't been delivered.

Typical and common spammer tactic. Spammers do not wish to be bothered
with thousands - millions - of bounces, so they use a victim's address
in the FROM field. That victim gets the bounces. You may be the victim
for a run of .. 500? .. 5,000? spams.

The 'returned' emails are often 'From':
Mail Delivery Subsystem
or
Mail Administrator
or variations on these names, and have attachments.

When an email is using a 'From' name (John, or Sally, or whatever)
which I don't know I can (after a glance at the title)
unquestioningly delete it. However, I'm fearful that buried amongst
these 'returned' emails may be notification of an email which I
spending masses of time checking through these 'returned' emails -
that's the problem.

If you regularly send email to possible bad addresses, then .. well,
you will have this problem. The spammer will eventually (probably
already has) move on to another victim address, and those bounces will
stop.

(Let me try to get this straight in my head: sometimes the emails
are returned from addresses which look like the postmaster at
legitimate email addresses; can someone be using my domain name to
send spam emails which, when they're not delivered, are returned to
me?)

Exactly. The FROM address is easily forged.

I'm using Outlook and Norton and have set up an AntiSpam folder.

I don't use either of those, so can't advise.

 

[Art]

On Tue, 05 Jul 2005 14:48:42 GMT, "Beauregard T. Shagnasty"

So hows it going with your Netsky emails? Problem resolved?
Or what?

Art

http://home.epix.net/~artnpeg

 

[Beauregard T. Shagnasty]

On Tue, 05 Jul 2005 14:48:42 GMT, "Beauregard T. Shagnasty"

So hows it going with your Netsky emails? Problem resolved? Or
what?

The original thread is still active ... <g> It was Worm.Mytob.T-2 and
they started up again this morning, after none over the weekend.
Apparently, Mr. Clueless went away for a few days. I'm going to call
Shaw Cable today.

 

[Art]

The original thread is still active ... <g> It was Worm.Mytob.T-2

Sorry 'bout that

and
they started up again this morning, after none over the weekend.

Sorry to hear that too.

Apparently, Mr. Clueless went away for a few days. I'm going to call
Shaw Cable today.

I'm still kinda curious about the possible effectiveness in some cases
of sending a WMS message. That little first step experiment I proposed
would at least establish (or not) that a message will indeed get
through on the WAN to a "wide open" or unsecured machine.

I would not be able to follow up and do any real effectiveness testing
though since my ISP is blocking most all email borne malware. I very
rarely see any get through. And I have no control over their blocking.
Even though I'm not signed up for it, they are obviously blocking
anyway.

So to hell with it

Art

http://home.epix.net/~artnpeg

 

[Beauregard T. Shagnasty]

On Tue, 05 Jul 2005 15:39:56 GMT, "Beauregard T. Shagnasty"


I'm still kinda curious about the possible effectiveness in some
cases of sending a WMS message. That little first step experiment I
proposed would at least establish (or not) that a message will
indeed get through on the WAN to a "wide open" or unsecured
machine.

I would not be able to follow up and do any real effectiveness
testing though since my ISP is blocking most all email borne
malware. I very rarely see any get through. And I have no control
over their blocking. Even though I'm not signed up for it, they are
obviously blocking anyway.

This applies to mine as well. The attachment is not getting through
and the worm's message is wrapped in a notification from my web site's
mail host. The headers also have appended lines about the nterception.
There is no worry about any infection on my end. (Wouldn't matter if
they didn't strip it; I'm smarter than that.)

So to hell with it

Well ... ok! I might try the messaging stuff later with my son-in-law
- also on cable - if I can shake him free, and convince him it would
be a worthy test. <g>

 

[Guest]

Sadly, it feels more like three zeros than two.

But now that the miscreant has found me, or at least found my domain name,
why would he/she bother to move on to another? Why not stay with me forever?

With reference to the 'bad' email addresses, I'm not aware that I ever send
to addresses which may be bad; but I am only a man and can therefore make
typing mistakes when typing addresses.

 

[Duane Arnold]

Sadly, it feels more like three zeros than two.

But now that the miscreant has found me, or at least found my domain name,
why would he/she bother to move on to another? Why not stay with me
forever?

With reference to the 'bad' email addresses, I'm not aware that I ever
send to addresses which may be bad; but I am only a man and can therefore
make typing mistakes when typing addresses.

Why do you even care?

You can use Mailwasher and delete the emails at the ISP POP3 server and
never pull them to Outlook.

You take Outlook out of its sending and receiving emails at start-up and on
a timed basis. By doing that, it makes one use the SEND/RECV button and
that allows you to take control as to when emails are puuled to your
machine or are sent.

You replace all Outlook short-cuts with Mailwasher short-cuts and you start
Mailwasher first. That give you a chance to filter the emails and delete
them from the ISP's POP3 server and not pull them to the machine. Through
Mailwasher, you can start Outlook and use the SEND/RECV button to pull to
Outlook the ones you have not deleted.

Mailwasher has a full version 30 day trial you can test. You can view the
email with MW at the POP3 server and MW has a virus checker too.

Duane

 

[Lew/+Silat]

In

Why do you even care?

You can use Mailwasher and delete the emails at the ISP POP3 server
and never pull them to Outlook.

Duane

Can I delete from the server with K9?

 

[Frank Booth Snr]

I've recently started receiving masses of notifications that emails I've
sent (which I haven't sent) haven't been delivered.

The 'returned' emails are often 'From':
Mail Delivery Subsystem
or
Mail Administrator
or variations on these names, and have attachments.

When an email is using a 'From' name (John, or Sally, or whatever) which I
don't know I can (after a glance at the title) unquestioningly delete it.
However, I'm fearful that buried amongst these 'returned' emails may be
notification of an email which I >have< sent and which has been returned to
me undelivered. So I'm spending masses of time checking through these
'returned' emails - that's the problem.

(Let me try to get this straight in my head: sometimes the emails are
returned from addresses which look like the postmaster at legitimate email
addresses; can someone be using my domain name to send spam emails which,
when they're not delivered, are returned to me?)

I'm using Outlook and Norton and have set up an AntiSpam folder. However,
I've discovered that some addresses seem to be persistently delivered into
the wrong folders; I'm therefore reluctant to unquestioningly (ie, without
scanning the contents for emails in case there's one that should have been
delivered into my 'Inbox') delete the contents of my 'Deleted Items' and
'Norton AntiSpam Folders'.

I'd be grateful for any thoughts.

Possible infection from a MyDoom worm variant or W32/Mimail.c@MM worm.
Have you tried running a Symantec online scan

 

[Duane Arnold]

In

Can I delete from the server with K9?

What is K9?

Duane

 

[Beauregard T. Shagnasty]

Sadly, it feels more like three zeros than two.

But now that the miscreant has found me, or at least found my
domain name, why would he/she bother to move on to another? Why not
stay with me forever?

Going by what I have read in various groups, spammers use a victim
address to mark their place in their million-address list. For
example, they will call up a zombied home computer, feed it the text
of a spam and a list of 5,000 names with the first as the FROM. Then,
their software will move on to the .. 5,001st, use that one as a FROM
and do it all over again on some other zombie.

 

[legg]

I've recently started receiving masses of notifications that emails I've
sent (which I haven't sent) haven't been delivered.

The 'returned' emails are often 'From':
Mail Delivery Subsystem
or
Mail Administrator
or variations on these names, and have attachments.

a) Your mail address may have simply been harvested, and is being used
as filler in the 'sent' field by a robot or trojan in some remote
unidentifiable machine to send spam or other less benign messages to
others. Automated systems then return the mail automatically under the
circumstances outlined in the text portion of the 'return' notice, to
the harvested address.

b) Alternately, this could be a remote trojan looking for info or
access to the machine with your harvested address ie your machine.

As usual, don't open the attachment or allow your mail handler to
automatically respond in any way. Unless the volume of activity is
preventing normal access or use, you should just ignore/delete it and
maybe add the 'sender' of the actual notice to your blocking list, if
its not an address of a regular contact.

RL

 

[Guest]

(S)He's right you know - they've stopped!

Must fly - those Viagra Soft tablets work really quickly.

Thanks all!

 

[Jack Underwood]

I've recently started receiving masses of notifications that emails I've
sent (which I haven't sent) haven't been delivered.

The 'returned' emails are often 'From':
Mail Delivery Subsystem
or
Mail Administrator
or variations on these names, and have attachments.

When an email is using a 'From' name (John, or Sally, or whatever) which I
don't know I can (after a glance at the title) unquestioningly delete it.
However, I'm fearful that buried amongst these 'returned' emails may be
notification of an email which I >have< sent and which has been returned to
me undelivered. So I'm spending masses of time checking through these
'returned' emails - that's the problem.

(Let me try to get this straight in my head: sometimes the emails are
returned from addresses which look like the postmaster at legitimate email
addresses; can someone be using my domain name to send spam emails which,
when they're not delivered, are returned to me?)

I'm using Outlook and Norton and have set up an AntiSpam folder. However,
I've discovered that some addresses seem to be persistently delivered into
the wrong folders; I'm therefore reluctant to unquestioningly (ie, without
scanning the contents for emails in case there's one that should have been
delivered into my 'Inbox') delete the contents of my 'Deleted Items' and
'Norton AntiSpam Folders'.

I'd be grateful for any thoughts.

This is a classic spammer move. They figure that if your spam filters
will get rid of incoming spam, then they'll send spam to a nonexistent
address, with your address in the From: header, which then bounces back
as a Non-Delivery Receipt. The filter doesn't catch it because of all
the technical jargon inserted by your ISP's mail server. You then
receive the spam because the server embeds the original message in the
NDR. I would try switching addresses, because your address has been
harvested by a spammer.

 

[Guest]

OKkkkkk... so how do I "switch addresses"?

This is a classic spammer move. They figure that if your spam filters will
get rid of incoming spam, then they'll send spam to a nonexistent address,
with your address in the From: header, which then bounces back as a
Non-Delivery Receipt. The filter doesn't catch it because of all the
technical jargon inserted by your ISP's mail server. You then receive the
spam because the server embeds the original message in the NDR. I would
try switching addresses, because your address has been harvested by a
spammer.