T3X4S Posted November 28, 2014 Share Posted November 28, 2014 I started receiving a ton of undeliverable emails. Only thing is I never sent them.All of the emails claim to be from someone else, but my email is the return email for this guy. I dont recognize any of the names.Am I just a random email address that was used, or do I need to take any actions ?My computers are not infected. Link to comment Share on other sites More sharing options...
Max Norris Posted November 28, 2014 Share Posted November 28, 2014 Compromised mail server credentials? Unsecured mail relay? Looks like a spambot is having its way. Link to comment Share on other sites More sharing options...
T3X4S Posted November 28, 2014 Author Share Posted November 28, 2014 Compromised mail server credentials? Unsecured mail relay? Looks like a spambot is having its way. Yeah, I thought spambot obviously - but I didn't know if my email address was just a random one used, or if there is something I need to pay attention to, or take care of. I will reset my email password through GoDaddy just to be safe, but other than that ?? Link to comment Share on other sites More sharing options...
Max Norris Posted November 28, 2014 Share Posted November 28, 2014 I will reset my email password through GoDaddy just to be safe, but other than that ?? Ah GoDaddy, may want to make sure the site(s) you're hosting weren't compromised too. (Can send mail via PHP, etc too.) Link to comment Share on other sites More sharing options...
T3X4S Posted November 28, 2014 Author Share Posted November 28, 2014 Ah GoDaddy, may want to make sure the site(s) you're hosting weren't compromised too. (Can send mail via PHP, etc too.) I dont have any sites. I just use it for a domain for email -- so Im OK there. I just changed my email PW - so we'll see. Thanks for the tips though, I appreciate it. Link to comment Share on other sites More sharing options...
Haggis Veteran Posted November 28, 2014 Veteran Share Posted November 28, 2014 do you have it set to catch all, i.e any emails that are sent you *@yourdomain.com If so then this is why Link to comment Share on other sites More sharing options...
+BudMan MVC Posted November 29, 2014 MVC Share Posted November 29, 2014 Here is the thing, you can use whatever return address you want.. If I know or guess your email address I can use it as my return email - if server is set to send back, Hey I can not send to billy#somedomain.com then you could get flooded with this crap.. Say I am sending 1 million emails to domainx.com just making up names, billy, karen, kevin, thomas@domainx.com.. And I use your return address, if there is no billy, and email server is set to send notification then you see stuff like what your seeing. Most domains don't send notification any more because of this, or because it can be used to send backscatter spam, etc. If it still happening, I would look to see if you can find something in them that common or even keywords in them that you could use to filter them right to your trash, etc. Link to comment Share on other sites More sharing options...
TMYW Posted November 29, 2014 Share Posted November 29, 2014 Some spambot is using your email address as the "reply to" email address. Mail servers are kicking the mail back to you if the recipient's email address (i.e. intended receiver of the spam) is invalid. Link to comment Share on other sites More sharing options...
xendrome Posted November 29, 2014 Share Posted November 29, 2014 What mail server is generating the NDR's can you post a header of one of the e-mails. Link to comment Share on other sites More sharing options...
T3X4S Posted November 29, 2014 Author Share Posted November 29, 2014 do you have it set to catch all, i.e any emails that are sent you *@yourdomain.com If so then this is why Nope, never use the catch all option. Here is the thing, you can use whatever return address you want.. If I know or guess your email address I can use it as my return email - if server is set to send back, Hey I can not send to billy#somedomain.com then you could get flooded with this crap.. Say I am sending 1 million emails to domainx.com just making up names, billy, karen, kevin, thomas@domainx.com.. And I use your return address, if there is no billy, and email server is set to send notification then you see stuff like what your seeing. Most domains don't send notification any more because of this, or because it can be used to send backscatter spam, etc. If it still happening, I would look to see if you can find something in them that common or even keywords in them that you could use to filter them right to your trash, etc. Thats what I was wondering, was it just using a random email address for the return, or was it more intrusive... come to find out - it was more than just that - they were actually leaving from my account. I talked to GoDaddy's support and 144 had been sent out. Some spambot is using your email address as the "reply to" email address. Mail servers are kicking the mail back to you if the recipient's email address (i.e. intended receiver of the spam) is invalid. They actually compromised my account - it stopped after I changed the PW What mail server is generating the NDR's can you post a header of one of the e-mails. Out of the Philippines Link to comment Share on other sites More sharing options...
+BudMan MVC Posted November 29, 2014 MVC Share Posted November 29, 2014 So clearly you will be turning on 2 factor for gmail I would think ;) What was your password before, some dictionary? I find it highly unlikely someone would gain access to my gmail account. You have to be from a trusted computer or validate with 2factor. And password is like this B$JJufHJ6yQ2MmD#XdTB With a compromised account, I would really check that they don't have rules setup to forward email to another account, also I would change any passwords that might have ties to this email address. Link to comment Share on other sites More sharing options...
Recommended Posts