Skip to comments.Hotmail Account Problem
Posted on 04/15/2008 8:33:02 PM PDT by Retired Chemist
My Hotmail account is being bombarded with undeliverable mail messages that I did not send. They are in a foreign language. Any ideas as to what is going on. I have sent a message to MSN support.
you should NOT have purchased the reduced price generik viagra. The stuff is rat poisoning and lead, AND you stay on their mailing list forever.
Someone is spamming using your account. You may have used your name and pw on a questionable website.
Someone is using your email address to send forged spam mail. The bounced mail comes to you because that’s where it looks like it came from.
This is known as ‘back-scatter’ mail.
Sounds to this poster, like a spammer has gotten ahold of your email address, and is spamming with your email, as the return address.
Not sure if they do this randomly, going through potential hotmail email accounts in sequence - or whether they somehow figured out it’s a real account. Could even be someone you correspond with, got a virus which sent your address somewhere.
That would be my guess. Not sure how you can “fix” it. Sorry I’m not more help.
If they're undeliverable, how are you getting them?
I have changed my password.
Where have you logged in?
Change your account password, available at “Account”
Also, run a virus scan on your hard drive.
That isn't unnecessarily true. Anyone can take an address and make it appear to be a sender of mail. Spammers do this all of the time. Straight Vermonter's information didn't have to be compromised for this to happen. When the spam hits a nonexistent mailbox, which can happen hundreds or even thousands of times in a single dictionary attack, all of the messages are bounced back to where the message APPEARED to be from, which in this case was a forged address.
Hopefully that will stop it. Never use your email pw for anything else.
Don't worry about it, see my posts and #5. Most likely some spammer got your email address and is using it to forge spam mail. About the only thing you can do to stop it is to change your email address. Even the best spam filtering systems can't do much to stop 'backscatter' messages, without blocking legit bounce messages, which are very important for troubleshooting and should almost never be blocked.
If someone had hijacked my account and was sending messages, shouldn’t they show up in my sent messages?
Most likely it’s an e-mail worm of the “spambot” variety. The worm is probably not on your system (although you should run a scan or two just to make sure). The worm is probably on someone else’s system. You’ll never find out whose. It could be anywhere in the world.
There are a lot of spambot worms out there that work surreptitiously on an infected PC, and just rummage through a person’s address book for FROM and TO addresses. In this case, it found your address to insert into the FROM field, and a bunch of other random addresses in the address list to insert into the TO field.
If TO field recipient’s address is invalid, then the mail server at the recipient’s domain sends back a non-delivery report to the sender. The sender, in this case, is you, since your name is in the FROM field.
You can’t really do much to stop this sort of thing if it’s someone ELSE’S infected machine (or a deliberately set-up spambot machine) that is doing it. The only thing you can do is delete the messages, or get a good spam filtering program. Although, I’m not sure what to recommend that would hook into a web mail account like Hotmail. I’m mostly familiar with POP3 and Exchange spam filters.
Same thing happened to me some time ago. EBay was the "questionable website" I believe.
You are being “spoofed.” Changing your password will NOT help.
Spoofing is a hacker practice of making one computer/user appear as if it is someone else. My hotmail account has been spoofed twice - both times for porn. The first time was “normal” porn. The second time was kiddie porn. I received many threatening messages when spoofed the second time around.
The first time I was spoofed, I looked at my message headers and saw a consistent source IP. I was able to traceroute the messages and whois the spoofer. I got the contact information for a guy in England and sent a firm email insisting he stop spoofing me. The next day he sent an apologetic email claiming it was an accident and the spoofing ended.
The second time I was spoofed, they were very sophisticated. I tried to track them down, but they were originating out of about a dozen different proxies and hopping through countless servers. Because it was kiddie porn, I turned over all the information I had to the FBI. The spoofing stopped on it’s own after about a two days.
Newer spoofers will typically only spoof you for a short period, then they move on to someone else. The problem should fix itself. But it *is* annoying.
Oh, and by the way, changing your password to your Hotmail account won’t have any effect on a spambot or worm. They are not aware of it and don’t even use it.
Yes, unless they cleared your sent messages, but I doubt they would do that to send spam or virii. As I said, don't be overly concerned. I see this happen all the time at work. People will call our department saying they go a bounce message from someone they don't even know saying a virus was blocked, and the people are freaking about whether they have a virus and the fact they didn't know the other person. A search of the maillog and showing them it isn't in their sent messages is what it takes to ease their minds.
LOL Sometimes even then they still don't believe it.
Är du inloggad?
“If someone had hijacked my account and was sending messages, shouldnt they show up in my sent messages?
Yes, unless they cleared your sent messages...”
The answer is no. You are not being hijacked. You are being spoofed. Big difference. See above.
With Hotmail the addresses do not reside on my computer, so wouldn’t that rule out my computer as the source.
Yes, that's exactly it. I wish I would have used the word "spoof" instead of forged, lol it gets the idea across much better when it comes to discussing happenings on the internet.
Typically used to gain illegal access, but also applies to “hijacks” of email identities.
Yes, most likely.
The same thign seems to be happening with my home account, with my ISP — not Yahoo or Hotmail in my case, but my regular account.
Read above. If the messages are bouncing from addresses you don’t know, it’s probably some spammer sending messages spoofing your address as a fake sender. If you are getting bounce notifications from people you DO know, you might have an infection sending to your contact list or address book.
I know that some people here are adamant about not using the left-leaning Google for anything, but I use Gmail for my web mail. I find the spam filter to be extremely effective. Besides, I’m not making Google any money by using their mail and search server resources. I’m costing them money by doing that. Now if clicked on any of the Adsense ads, that would be a different story...
He's getting the returns from the undeliverable addresses because his address was hijacked as the sending address.
They are forging your email address (and millions of other email addresses) in spam that they send out from the tens of millions of PC's that they have compromised (almost all Windows PC's). They send out spam, claiming to be from you (and me and probably everyone else on this thread.)
The intended target of the spam is more likely to read email if it looks to be from someone with a plausibly real email address, not from "email@example.com" or some such nonsense.
When some of that spam bounces (because it was sent to an invalid email address) the notice that the spam couldn't be delivered goes back to your email account, because the email claimed to be from you. But you had nothing to do with that bounced message; you just ended up seeing the bounce.
There is nothing you can do about this, other than improving your spam filters. You can keep trying to change your email address, but that's a pain in the backside if you actually expect anyone to ever send you something useful.
Those of us, such as myself, whose email address has been "firstname.lastname@example.org" for perhaps a decade now and which I have never attempted to hide, end up getting thousands of messages a day. My spam filtering skills have become expert over the last decade.
“There is nothing you can do about this, other than improving your spam filters.”
I disagree with this. You *can* attempt to read the header information off the original email and determine a consistent source IP. This has worked or me in the past with unsophisticated spoofers. Then you can whois them and get contact info.
Another option is to check what site they are referencing in the original email. It is possible you can whois that and get the administrative contact for the domain. There is a decent chance, however, that the info there will be bogus, too. When it was kiddie porn, it turned out to be some poor woman in Kentucky who didn’t have a clue what was happening when I called her. She had already called the FBI re: identity theft.
When a million spams go out some are “undeliverable” and bounce back to the return address. That is the surest way to discover that your address has been hijacked. It can also get you kicked off the email site for propagating spam.
Imagine someone wants to use "sweetie pie" for a name. It's easy to guess that more than one person on this planet would want it, hence the possibilities of "sweetiepie1" or "sweetiepie632", etc. For a long time the spammers have had programs that take common cutesy names such as in the example and send spam out from "sweetiepie1" up to perhaps "sweetiepie99999" and everything between and beyond.
If they've sent it with "web bugs", links in the body of the mail designed to access images on their servers, then they can accrue records of how many of their invented addresses turn out to actually exist, as distinguished from all the "account doesn't exist" kickbacks. Then they can of course hijack them.
To elaborate on what a web bug is, the image of the badge is taken from the Freep's front page. Actually, it's a direct link to the image. For discussion, let's assume that 999 people will view this page after I post, therefore (adding myself to the total) Jim and John can deduce from the server logs that the image was accessed a thousand times beyond the visits to the front page.
There's nothing "evil" about this, far from it. Any website owner likes to know how many visits the site, how many goes where, what features are popular and what isn't, etc. It's only that spammers take something routine and exploit it.
The web bug (picture) can be any size. Technically, the image can be only one pixel, and it can be "invisible", say if it's pure white on a white background. Spammers have web sites whose sole duty is to host those tiny images and add up the access hits when people open up the spam mail.
* * *
Hotmail has a setting where you can elect to not have images automatically show when you open mail, so use it, being aware that any strange mail can announce your account is active once you read it.
You can also let your active account status be known with Outlook or Outlook Express or Thunderbird, etc, if you don't have them set for plain text only. If you simply must open strange mail, disconnect from the internet first, so the web bug can't phone home. With Hotmail or Yahoo or other web based mail, you of course don't have that safety option.
Columcille acusdrostán mac cosgreg adálta tangator áhi marroalseg día doíb goníc abbordobóir acusbéde cruthnec robomormær bûchan aragínn acusessé rothídnaíg dóib ingathráig sáin insaere gobraíth ómormaer acusóthósec.tangator asááthle sen incathráig ele acusdoráten ricolumcille sì iàfallán dórath dé acusdorodloeg arinmormær .i.bédé gondas tabrád dó acusníthárat acusrogab mac dó galár iarnéré naglerêc acusrobomaréb act mádbec iarsén dochuíd inmormaer dattác naglerec gondendæs ernacde les inmac gondisád slánté dó acusdórat inedbaírt doíb uácloic intiprat goníce chlóic petti mic garnáit doronsat innernacde acustanic slante dó; Iarsén dorat collumcille dódrostán inchadráig sén acusrosbenact acusforacaib imbrether gebe tisaid ris nabad blienec buadacc tangator deara drostán arscartháin fri collumcille rolaboir columcille bedeár áním ó húnn ímác_......
I have the opposite problem (well, not a problem, really). Our ISP has a super spam blocker/filter, but I’ve been getting a LOT of messages from them lately telling me that the message from “xxx@xxx” has been blocked. Those senders were people I’ve never heard of. With our old ISP, I would get all kinds of spam, especially Russian stuff.
I was speaking from the perspective of someone who gets literally thousands of junk emails per day, on two email addresses (my personal one, and my work one) both of which I have widely exposed to public view for many years.
One can bail out ones fishing boat with a bucket. A single person cannot bail out a ship in tsunami. All one can do in that case is button down the hatches and stay below decks. If the ship is big and strong, and able to be operated without going topside, then it's full steam ahead.
That was sort of my thought, LOLOL!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.