Solved

Returned emails that I didn't send

Posted on 2006-11-14
5
312 Views
Last Modified: 2009-07-29
I am receiving returned emails that I never sent.  None of my sent boxes have this email so I'm not sure if this is a virus, my email account compromized, or if someone is taking on my identity.  I know that you can programmically use any from address that you want.  Any ideas?

Thanks.
0
Comment
Question by:azyet24
  • 2
  • 2
5 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 17943542
When you hear hoofbeats, think horses, not zebras.

Most likely, some spammer is sending out E-Mail and forging your address in the From: line. And gullible E-Mail systems are returning the bounces to you. It's called joe-jobbing.

Detailed examination of the headers of the returned E-Mails would be necessary to support the other possibilities.
0
 

Author Comment

by:azyet24
ID: 17943702
MAILER-DAEMON@smtp04-01.prod.mesa1.secureserver.net

We're sorry. There's a problem with the e-mail address(es) you're trying to send to. Please verify the address(es) and try again. If you continue to have problems, please contact Customer Support at (480) 624-2500.

<byrne@first-funding.com>:
The e-mail message could not be delivered because there are no users here by that name.

--- Below this line is a copy of the message.

Return-Path: <My Email Address>
Received: (qmail 24742 invoked from network); 15 Nov 2006 02:18:26 -0000
Received: from pre-smtp21-02.prod.mesa1.secureserver.net ([64.202.166.37])
          (envelope-sender <My Email Address>)
          by smtp04-01.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP
          for <byrne@first-funding.com>; 15 Nov 2006 02:18:26 -0000
Received: (qmail 10063 invoked from network); 15 Nov 2006 02:18:26 -0000
Received: from c-71-235-82-195.hsd1.ct.comcast.net ([71.235.82.195])
          (envelope-sender <My Email Address>)
          by pre-smtp21-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP
          for <byrne@first-funding.com>; 15 Nov 2006 02:18:24 -0000
Received: from ([10.152.239.99]) (HELO AQVRE)
      by c-71-235-82-195.hsd1.ct.comcast.net (8.13.4/8.13.4) with SMTP id h032954006538a3Ir115112
      for <bsmith2cq@uplink.net>; Mon, 13 Nov 2006 09:18:28 -0800 (CDT)
      (envelope-from My Email Address)
Message-ID: <02e501c70747$bc8e66f0$c352eb47@AQVRE>
From: "bsmith" <My Email Address>
To: "bsmith2cq" <bsmith2cq@uplink.net>
Subject: Herbs, Grains, Vegetables, Fiber all in one pill, TRY FREE!
Date: Mon, 13 Nov 2006 19:12:15 +0200
MIME-Version: 1.0
Content-Type: text/plain;
      format=flowed;
      charset="us-ascii";
      reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962



The spam email then is below this.

Looks like what you said..a spammer, right?
0
 
LVL 97

Accepted Solution

by:
war1 earned 250 total points
ID: 17943764
Greetings, azyet24 !

The header shows the last Recieve From IP address is 10.152.239.99.  The reverse IP address lookup shows Marina Del Rey, California.
http://ws.arin.net/cgi-bin/whois.pl

Yes, a spammer sent the email.


Best wishes!
0
 

Author Comment

by:azyet24
ID: 17943769
Is there anything that I can do on my end to not receive these emails?
0
 
LVL 97

Expert Comment

by:war1
ID: 17943891
Since it is a bounce back from your email address, there is not much you can do.  

If you are getting a lot of such emails, if there is a pattern to the Subject field, set a mail rule to filter it out.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
An analysis of the phishing scam that has been affecting Google users, along with steps to take for protection, as well as what to do if you receive one of the emails.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question