Community Newsletter: Q&A: Spam e-mail received, but it’s coming from me?!
- 10/2/08 4:45 PM
Could have been spoofed?
by Final Fantasy Fanatic - 9/26/08 9:22 PM In reply to: Spam e-mail received, but it’s coming from me?! by Lee Koo (ADMIN)
If your computer is truly in a clean state as you say then I want to tell you a story I had earlier this year.
Me and two friends have been going to Tafe most of this year. However between me and one other we kept receiving mean E-mails from each other and in a large volume as well. After arguing about it with him for over a week, my third friend revealed that he had spoofed our E-mail addresses so it seemed that we received E-mails for each other when in fact neither of us had sent them.
E-mail addresses are fairly easy to spoof and these E-mails might not of originated from you in the first place. But to spoof it someone would need to know you address in the first place. Perhaps you had signed up/subscribed to a site you shouldn't have? Or maybe a friend has used your E-mail address on a questionable site? I don't think you can do anything about stopping them from spoofing you E-mail address as far as I'm aware but to prevent it in future I would keep a junk E-mail address for sites you might think are questionable. E.g. religious sites, sites offering free stuff, pyramid or get rich quick schemes, Quizzes, games, questionable software are some examples I can think of and would reserve a junk E-mail address for and use the other one for more reputable sites.
Additionally I would make sure you computer is truely clean (e.g. run anti-virus, adware/spyware programs) to ensure that something like a keylogger has not sent your E-mail address to someone.
spoofing
by lchien - 9/26/08 10:35 PM In reply to: Spam e-mail received, but it’s coming from me?! by Lee Koo (ADMIN)
The return address is just a field entry in the mail message. Most mail programs like Outlook get this information when you first set it up and use it thereever after.
When sending spam, most senders don't want to give their real address less you respond to them and they get mail they don't want (ha) or someone tracks them down.
So, they fill the return address field with made up names and addresses. Spam filters block thos with no return address and learn common names used for spam return addresses. So sometimes spammers use real addresses they find so that mail filters won't reject them. What better name than to use yours, you won't have blocked it and youmay open it out of curiousity or whatever.
With automated spam sending programs its easy to customize it to use random names from a list or the same name as the TO address.
RE: Spam
by robsablah - 9/26/08 10:48 PM In reply to: Spam e-mail received, but it’s coming from me?! by Lee Koo (ADMIN)
Sorry to be blunt but i don't like to mess around, you may have a nice virus or Trojan attached to your system, embedding itself in your email (yummy!). Before sending any more pointless emails and changing settings that will possibly mess up your email program, do a complete scan of your system with the following (all free):
AVG free
Spybot: search and destroy
Ad-aware
These 'should' pick up almost any nastiness lurking in your system (possibly causing your email to fail). Good Luck :>
--love, Robsablah
Whoa...that happened to me as well once...
by dexter_birdbrain - 9/26/08 11:42 PM In reply to: Spam e-mail received, but it’s coming from me?! by Lee Koo (ADMIN)
I just did a password change immediately...(though I do it every month).
In my case, it was my GMail account and the email was a obscene one. I was worried that the same should not have went to all the recipients on my contact list...
From what I heard from a friend, its a Java Script issue which can replicate the email addresses and send emails. Your account might now have been compromised...
Thanks,
"Dexter".
Spam e-mail received from my own account?
by shiviolet - 9/26/08 11:45 PM In reply to: Spam e-mail received, but it’s coming from me?! by Lee Koo (ADMIN)
This happened to me as well, Ted. I went directly to my ISP, and was told "not to worry about it, they just go through a random list of names, but the underlying address is not yours". This answer, as you can imagine, was not satisfactory to me, and when I finally threatened to go to a different ISP, they now strip my name from any spam email that does not match my address. Not sure how it works, but it did...perhaps you could go that route? Good luck!
Same problem
by starterry - 9/26/08 11:52 PM In reply to: Spam e-mail received, but it’s coming from me?! by Lee Koo (ADMIN)
I have had the exact same problem as Ted and am also extremely concerned about who else these spam messages are going to under my name. I repeatedly change my password - but to no avail.
I have kept a great many of these spam messages in a special file to find out how to trace the originator and would be happy to send them to anyone who can help me - and I am sure Ted - trace the criminal who is using my good name.
Terry M
Spam coming from my account
by shiviolet - 9/26/08 11:58 PM In reply to: Same problem by starterryMy ISP (Yahoo) requested I send FULL headers to them so they could track down the culprit, since then I have not seen any email with my address in them. There is another post earlier that stated pretty much the same thing...if you don't take the time to work with your ISP to block the issue, nothing can be done to correct it. Just contact the security department of your ISP, and they can walk you through exactly what to do...good luck!
Spam email received from me?
by DennisMcCK - 9/27/08 12:25 AM In reply to: Spam e-mail received, but it’s coming from me?! by Lee Koo (ADMIN)
Ted,
I've had this happen periodically, too. Since I'm running Mac OS X, I'm virtually certain that my computer isn't sending out spam. I suspect that the spammers are fudging the headers to make the email look like it's being sent by the same account they're sending it to. My guess is that this is just one more way to sneak past email filters.
Dennis
Spamming Yourself...
by Wolfie2k5 - 9/27/08 1:57 AM In reply to: Spam e-mail received, but it’s coming from me?! by Lee Koo (ADMIN)
Ted,
It's not really hard to fake an email sender. This is actually an old trick.
Most likely, the email(s) in question are coming from an infected computer somewhere else. The virus (no way to tell which one) downloads a number of things from it's "master controller" located wherever the virus author happens to be. The first bit these buggers grab would be the template for the spam to be sent out. The second thing would be a list of target email address' to send the spam to.
The virus then sets about generating the spam and broadcasting it to the world. Most of these buggers have their own SMTP (Simple Mail Transfer Protocol) server routines built in.
An SMTP server is a computer normally located at your ISP or your company that sends or forwards email from you to it's intended destination's email server. Most of the time, when you use an email client - like Lookout (er..Outlook) or Outlook Express, Thunderbird, or any of a plethora of others; the email client connects to the predefined SMTP server, tells it who to send the email to and then sends the body of the email to the server. The server then determines where to send the email to and then it forwards that email to wherever it's going. The target then can retrieve the email using their own email client.
A virus like the one in question has it's own SMTP capability built in so it can then bypass your ISP's (or company's) email server and send the message onto it's intended target.
So... In cases like this the virus in question is likely using your email address for both the TO: as well as the FROM: fields in the email template.
The object of doing this is obvious. It's a trick that makes it very difficult, if not impossible to track where the email originated from. Odds are excellent that the email did NOT originate on your own computer. It likely came from a computer belonging to someone you never heard of. There's also the benefit (for the spammer) of not having the email blocked should you be using a spam blocking tool/service. After all, you're not likely to be blocking your own email address!
NOT clicking on the link is probably the smartest possible move. Most likely email such as the one you described is designed to get your computer infected. A recent wave of spam promised Obama porn - but in reality, it was nothing more than a ruse to get you to download a "codec" needed to see the video that included a virus.
How to prevent such things from happening. Sadly, there isn't any surefire way of doing that except to NOT give out your email to anyone. Ever. This, of course, defeats the purpose of email on the one hand - communicating with people, friends, etc... and is NO guarantee that you won't ever get spammed. As you mentioned, you're probably pretty good at keeping up with the latest updates and such. But your friends or family may not be. Some viruses harvest email address' from Outlook or other contact databases. Most of these "phone home" with the address' they've gathered.
Case in point: I opened up a "throwaway" email address on Hotmail. Within 2 minutes of opening the account and completing the form, I had spam waiting for me in the inbox. DOH!
Speaking of Hotmail and throwaway email accounts... That's an excellent way to limit your exposure. Throwaway email accounts on web based servers are generally useful when you NEED to give out an email address but aren't sure of their privacy policy or who they might hand your email address out to.
Also, ALWAYS remove the check when subscribing to an email that says that it's OK for you to get email from the site's affiliates. Even if you trust the primary site, you never quite know who those friends and partners may happen to be. And you don't know what their privacy policies are. You might wind up on one site and blam - you're getting spam from all over the place.
And by all means, NEVER put your real email address on your web page. That's one sure fire way of attracting a ton of spam. There are harvesters that collect mailto: links and the email address' the follow them. If you must put a contact address, make sure it's a throwaway address. One that if things get too overloaded, you can simply cancel at a moment's notice. Your best bet would be to include a web based feedback system that doesn't show your email address to anyone. It just features a subject line and a box for the message and automatically emails you with the contents without giving up anything crucial.
The bottom line: Spam is a fact of life. And most spammers will do anything they can go avoid detection. They don't want to go to jail, after all. Delete it and move on with your life. You can get a spam blocker or subscribe to a spam blocking service, but in the end, spammers are clever buggers. They'll find a way around the blocks.
spam from your own address
by lolly madonna - 9/27/08 2:31 AM In reply to: Spam e-mail received, but it’s coming from me?! by Lee Koo (ADMIN)
This is not an answer, but I had the same thing happen to me. It happened once only. It does shake your sense of security.
Everything you never wanted to know about email
by AngryRaisin - 9/27/08 3:06 AM In reply to: Spam e-mail received, but it’s coming from me?! by Lee Koo (ADMIN)
If you are somewhat careful with your computer and email account (meaning that you do not sign into your email account at any old place like "Ned's Free Wifi," have an updated antivirus solution if you are using a windows computer, and your password is not a common dictionary word such as 'cat' or the same as your email address) it is unlikely that they are sending spam mail from your account or worse from your computer. What is much more common is that a spammer is using a common technique of faking the return address to defeat the spam rules so that your email client (hotmail, yahoo, outlook) will put the message into your inbox instead of your junk mail. The way you would know the difference is that you look at the "email header" or "internet header." If you use hotmail: you would right click on an email and select view source - in gmail: open the mail, mouse over to the downward arrow and select view original - and in outlook i'd right click on a message and select properties. In all them I'd get this goboldeegook:
X-Message-Delivery: Vj0zLjQuMDt1cz0wO2w9MTthPTE=
X-Message-Status: n:0
X-SID-PRA: CNET Membership <newsletters@cnet.online.com>
X-SID-Result: Pass
....
Received: from alias7.c17-ave-mta4.cnet.com ([216.239.114.228]) by bay0-mc11-f23.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668);
Fri, 26 Sep 2008 18:01:04 -0700
Received: from c17-ave-nemoe3.cnet.com ([10.15.8.38])
by alias7.c17-ave-mta4.cnet.com with ESMTP; 27 Sep 2008 01:01:04 +0000
Message-ID: <1878948259.1222477263993.JavaMail.app@c17-ave-nemoe3.cnet.com>
Date: Fri, 26 Sep 2008 18:01:03 -0700 (PDT)
From: CNET Membership <newsletters@cnet.online.com>
Reply-To: newsletters@cnet.online.com
To: xxxxxxxxxxxx
Subject: What's the fastest and best method to scan photos into a computer?......
Think of this as a very complicated address envelope; And just like an envelope the return address can be faked but the place where it was mailed for can not (well it can, but it's difficult). In this case I am interested in the 'Received: from alias7.c17-ave-mta4.cnet.com ([216.239.114.228])' this gives me an idea of where the email is original from - I take the 216.239.114.228 and use a service like www.arin.net/whois/ to find out where the email is likely to have originated from. In this case: OrgName: CNET Networks Inc.
Now for fun I'll take one of many phishing emails I receive:
Received: by 10.65.133.13 with SMTP id k13cs13669qbn;
Thu, 25 Sep 2008 07:17:00 -0700 (PDT)
Received: by 10.142.212.19 with SMTP id k19mr3148714wfg.155.1222352219513;
Thu, 25 Sep 2008 07:16:59 -0700 (PDT)
Return-Path: <account-support@scfederal.digitalinsight.com>
Received: from 68-30-112-92.pool.ukrtel.net ([92.112.30.68])
by mx.google.com with ESMTP id 30si1231411wfa.10.2008.09.25.07.16.53;
Thu, 25 Sep 2008 07:16:59 -0700 (PDT)
Received-SPF: neutral (google.com: 92.112.30.68 is neither permitted nor denied by domain of account-support@scfederal.digitalinsight.com) client-ip=92.112.30.68;
Authentication-Results: mx.google.com; spf=neutral (google.com: 92.112.30.68 is neither permitted nor denied by domain of account-support@scfederal.digitalinsight.com) smtp.mail=account-support@scfederal.digitalinsight.com
Message-ID: <000a01c91f11$0507e885$5b6be0ba@ubygr>
From: <account-support@scfederal.digitalinsight.com>
To: xxxxxxxxxxxxxxxxx
Subject: Attention - Update your account!
The IP address of the person who sent this was most likely in:
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
So now you go back to that email that you received and find out where it actually came from. If like mine - it come from Amsterdam or Nigeria it is probably not worth your while to pursue it. Just delete it and chalk it up to the relevance that you give junk mail that arrives in your post office box. If it came from your internet service provider you contact them immediately and let them know your account may have been compromised and either close the account or at the very least change the password (unless some actual monetary fraud has taken place then you contact the police as well). Also you would need to find out out if there is any malware on your computer (probably a slightly different topic).
spam apparent coming from yourself f.eks. "me" or "youradr@y
by frontierscientist - 11/15/08 4:33 AM In reply to: Everything you never wanted to know about email by AngryRaisinI think your explanation is correct. I have been spammed many times by this method, but I found no evidence that someone had spoofed my email and sent spam to others (thank god!!) ...hovewever, as you explianed, this is a way to avoid the spam filters of most mailboxes, and get into the inbox...I have experienced this problem on Gmail, Yahoo mail, and hotmail..and it seems to work very well.
Any suggestions on how to stop this one? I never click on any embedded links, answer them, or try to unsubscribe, I just erase them immediately...
frontierscientist
Copenhagen
Self inflicted Spam
by sterling mehring - 9/27/08 4:15 AM In reply to: Spam e-mail received, but it’s coming from me?! by Lee Koo (ADMIN)
When this happened to me I found that the sleeze doing this from the land of chop sticks was using my 'contact me' tab on my web site and cc:ing and bcc:ing the rest of the world.
Spam e-mail received, but it came from me
by mowilliams - 9/27/08 4:21 AM In reply to: Spam e-mail received, but it’s coming from me?! by Lee Koo (ADMIN)
I had a Freeserve account (good old freeserve...those were the days!, later Wanado then Orange. Orange were as helpfull as a cracked hard disc and finally I deleted the account and set up with Tiscali. A pain I know notifying everyone but that seemed expedient at the time. I also had my pc "deep cleaned" where I suspected the real problem was.
thank you
by speliotis - 9/27/08 4:33 AM In reply to: Spam e-mail received, but it’s coming from me?! by Lee Koo (ADMIN)
thank you for asking this question
The exact same thing happened to me yesterday..
Please if anyone knows how to prevent this, or to
rectify this... please advise...
thank you
Steven
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
