Someone Is Using My Email Address...

[TizMe]

I keep getting returned mail in my inbox that I didn't send.

I run AVG anti virus and use Zone Alarm Firewall software. Neither of these report any type of infection on my machine.

Is it possible that someone has hi-jacked my email address and is using it to spread spam, but not using my PC to propergate it?

Is there anything that I can do to stop it?

This message was created automatically by mail delivery software (Exim).

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

  [email protected]

    Disc quota exceeded:

    mailbox is full: retry timeout exceeded

------ This is a copy of the message, including all the headers. ------

Return-path: <my email address>

Received: from (mx2.primushost.com) [209.58.220.72]

by nautilus.shore.net with esmtp (Exim)

id 1CWahR-0001pq-00; Tue, 23 Nov 2004 08:27:17 -0500

Received: from h0040f40a4c6a.ne.client2.attbi.com [24.62.193.240]

by mx2.primushost.com with smtp (Exim)

id 1CWahF-0000y0-Eh; Tue, 23 Nov 2004 08:27:05 -0500

Date: Mon, 22 Nov 2004 20:35:08 +0000

From: my address again

Subject: Napster for Billings

To: Billings <[email protected]>

References: <[email protected]>

In-Reply-To: <[email protected]>

Message-ID: <FFI1E82E6DEI8DD4@my domain name>

Reply-To: Adem77 <[email protected]>

MIME-Version: 1.0

Content-Type: text/html; charset=Windows-1251

Content-Transfer-Encoding: 8bit

<body><html>

NASPTER is back !!<BR>

And it is even better than before!<BR>

Download ALL the newest:<BR>

- videos<BR><a href="http://www.pinkcasefile.com/ref62.html">

<img src="http://www.pinkcasefile.com/images/index_40.jpg" border=0></a> <BR><BR>

- games<BR>

<a href="http://www.pinkcasefile.com/ref62.html">

<img src="http://www.pinkcasefile.com/images/index_56.jpg" border=0></a> <BR><BR>

- music ... and <font color=990000>MUCH MORE !</font>

<BR><BR>

<a href="http://www.pinkcasefile.com/ref62.html"><font color=990000>Enter And Get The Full Membership With <BR> Unlimited Access To All The Stuff...</font></a> </body></html>

[lingling]

This is caused by a fundamental flaw in SMTP, the protocol used to distribute email. Anyone can send an email with a "from" address of their choice.

The example you pasted originates from 24.62.193.240 which belongs to Comcast. According to arin (www.arin.net) the abuse address you should complain to in this case is [email protected]

Or just use www.spamcop.net...

[TizMe]

Thanks for the info. I was confident that my machine was not infected.

[caughtintheact]

It's also possible that the sending computer got a virus that fakes (spoofs) the email address of the originator in emails that it sends out. This would mean that your email address was in the address book of the person who got the virus.

It is also possible that the Comcast IP number was faked.

It is not quite true that "anyone can send an email with a "from" address of their choice". It depends on whether the ISP operates an open (accepts any email address from the sender) or closed relay (only accepts email from senders whose email address is registered with that ISP. An example of an open relay is CSLoxinfo, an example of a closed relay is peak.org. So it is not so much an SMTP flaw, but the reluctance of the ISP to put safeguards in place that would prevent sending email with an unregistered address.

[stumonster]

This would mean that your email address was in the address book of the person who got the virus.

I also suspect the virus' are stripping out the cc lists from the emails in the persons inbox also.

teach people to use BCC , it can save a lot of bandwidth in the long run.