Hotmail Account Problem

Vanity

[Retired Chemist]

My Hotmail account is being bombarded with undeliverable mail messages that I did not send. They are in a foreign language. Any ideas as to what is going on. I have sent a message to MSN support.

[bolobaby]

“If someone had hijacked my account and was sending messages, shouldn’t they show up in my sent messages?

Yes, unless they cleared your sent messages...”

The answer is no. You are not being hijacked. You are being spoofed. Big difference. See above.

[Retired Chemist]

With Hotmail the addresses do not reside on my computer, so wouldn’t that rule out my computer as the source.

[KoRn]

"You are not being hijacked. You are being spoofed. Big difference."

Yes, that's exactly it. I wish I would have used the word "spoof" instead of forged, lol it gets the idea across much better when it comes to discussing happenings on the internet.

[bolobaby]

http://en.wikipedia.org/wiki/Spoofing_attack

Typically used to gain illegal access, but also applies to “hijacks” of email identities.

[RepublitarianRoger2]

Yes, most likely.

[TBP]

The same thign seems to be happening with my home account, with my ISP — not Yahoo or Hotmail in my case, but my regular account.

[KoRn]

Read above. If the messages are bouncing from addresses you don’t know, it’s probably some spammer sending messages spoofing your address as a fake sender. If you are getting bounce notifications from people you DO know, you might have an infection sending to your contact list or address book.

[RepublitarianRoger2]

I know that some people here are adamant about not using the left-leaning Google for anything, but I use Gmail for my web mail. I find the spam filter to be extremely effective. Besides, I’m not making Google any money by using their mail and search server resources. I’m costing them money by doing that. Now if clicked on any of the Adsense ads, that would be a different story...

[Wil H]

If they're undeliverable, how are you getting them?

He's getting the returns from the undeliverable addresses because his address was hijacked as the sending address.

[ThePythonicCow]

If someone had hijacked my account and was sending messages, shouldn’t they show up in my sent messages?

I see no reason to suspect that someone has hijacked your account. I see no reason to suspect that someone is using your account to send messages.

They are forging your email address (and millions of other email addresses) in spam that they send out from the tens of millions of PC's that they have compromised (almost all Windows PC's). They send out spam, claiming to be from you (and me and probably everyone else on this thread.)

The intended target of the spam is more likely to read email if it looks to be from someone with a plausibly real email address, not from "3ccf259cac0183@aol.com" or some such nonsense.

When some of that spam bounces (because it was sent to an invalid email address) the notice that the spam couldn't be delivered goes back to your email account, because the email claimed to be from you. But you had nothing to do with that bounced message; you just ended up seeing the bounce.

There is nothing you can do about this, other than improving your spam filters. You can keep trying to change your email address, but that's a pain in the backside if you actually expect anyone to ever send you something useful.

Those of us, such as myself, whose email address has been "pj@usa.net" for perhaps a decade now and which I have never attempted to hide, end up getting thousands of messages a day. My spam filtering skills have become expert over the last decade.

[bolobaby]

“There is nothing you can do about this, other than improving your spam filters.”

I disagree with this. You *can* attempt to read the header information off the original email and determine a consistent source IP. This has worked or me in the past with unsophisticated spoofers. Then you can whois them and get contact info.

Another option is to check what site they are referencing in the original email. It is possible you can whois that and get the administrative contact for the domain. There is a decent chance, however, that the info there will be bogus, too. When it was kiddie porn, it turned out to be some poor woman in Kentucky who didn’t have a clue what was happening when I called her. She had already called the FBI re: identity theft.

[arthurus]

When a million spams go out some are “undeliverable” and bounce back to the return address. That is the surest way to discover that your address has been hijacked. It can also get you kicked off the email site for propagating spam.

[JoJo Gunn]

There's another way your address can be hijacked, the same way you get spam even days after setting up an account you've never had a chance to use.

Imagine someone wants to use "sweetie pie" for a name. It's easy to guess that more than one person on this planet would want it, hence the possibilities of "sweetiepie1" or "sweetiepie632", etc. For a long time the spammers have had programs that take common cutesy names such as in the example and send spam out from "sweetiepie1" up to perhaps "sweetiepie99999" and everything between and beyond.

If they've sent it with "web bugs", links in the body of the mail designed to access images on their servers, then they can accrue records of how many of their invented addresses turn out to actually exist, as distinguished from all the "account doesn't exist" kickbacks. Then they can of course hijack them. 

To elaborate on what a web bug is, the image of the badge is taken from the Freep's front page. Actually, it's a direct link to the image. For discussion, let's assume that 999 people will view this page after I post, therefore (adding myself to the total) Jim and John can deduce from the server logs that the image was accessed a thousand times beyond the visits to the front page.

 

There's nothing "evil" about this, far from it. Any website owner likes to know how many visits the site, how many goes where, what features are popular and what isn't, etc. It's only that spammers take something routine and exploit it.  

The web bug (picture) can be any size. Technically, the image can be only one pixel, and it can be "invisible", say if it's pure white on a white background. Spammers have web sites whose sole duty is to host those tiny images and add up the access hits when people open up the spam mail.

* * * 

Hotmail has a setting where you can elect to not have images automatically show when you open mail, so use it, being aware that any strange mail can announce your account is active once you read it.

You can also let your active account status be known with Outlook or Outlook Express or Thunderbird, etc, if you don't have them set for plain text only. If you simply must open strange mail, disconnect from the internet first, so the web bug can't phone home. With Hotmail or Yahoo or other web based mail, you of course don't have that safety option.

[cowboyway]

Columcille acusdrostán mac cosgreg adálta tangator áhi marroalseg día doíb goníc abbordobóir acusbéde cruthnec robomormær bûchan aragínn acusessé rothídnaíg dóib ingathráig sáin insaere gobraíth ómormaer acusóthósec.tangator asááthle sen incathráig ele acusdoráten ricolumcille sì iàfallán dórath dé acusdorodloeg arinmormær .i.bédé gondas tabrád dó acusníthárat acusrogab mac dó galár iarnéré naglerêc acusrobomaréb act mádbec iarsén dochuíd inmormaer dattác naglerec gondendæs ernacde les inmac gondisád slánté dó acusdórat inedbaírt doíb uácloic intiprat goníce chlóic petti mic garnáit doronsat innernacde acustanic slante dó; Iarsén dorat collumcille dódrostán inchadráig sén acusrosbenact acusforacaib imbrether gebe tisaid ris nabad blienec buadacc tangator deara drostán arscartháin fri collumcille rolaboir columcille bedeár áním ó húnn ímác_......

[alwaysconservative]

I have the opposite problem (well, not a problem, really). Our ISP has a super spam blocker/filter, but I’ve been getting a LOT of messages from them lately telling me that the message from “xxx@xxx” has been blocked. Those senders were people I’ve never heard of. With our old ISP, I would get all kinds of spam, especially Russian stuff.

[ThePythonicCow]

I disagree with this. You *can* attempt to read the header information off the original email and determine a consistent source IP. This has worked or me in the past with unsophisticated spoofers. Then you can whois them and get contact info.

What you say is true enough. If one is being hit with spam or these bounces from just an occasional source, one can track it down, and have a decent chance of fixing it. This does require some understanding of email headers and whois, just as you describe.

I was speaking from the perspective of someone who gets literally thousands of junk emails per day, on two email addresses (my personal one, and my work one) both of which I have widely exposed to public view for many years.

One can bail out ones fishing boat with a bucket. A single person cannot bail out a ship in tsunami. All one can do in that case is button down the hatches and stay below decks. If the ship is big and strong, and able to be operated without going topside, then it's full steam ahead.

[ThePythonicCow]

telling me that the message from “xxx@xxx” has been blocked

Well well, isn't that helpful. Trading one kind of spam for another ;).

[alwaysconservative]

That was sort of my thought, LOLOL!