My in-box is being flooded with bounce-backs like the one below on emails I never sent. Any ideas?
From: Mail Delivery Subsystem
Sent: Sun, May 23, 2010 12:37 pm
Subject: Returned mail: see transcript for details
*** ATTENTION ***
Your e-mail is being returned to you because there was a problem with its
delivery. The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".
The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".
The line beginning with "<<<" describes the specific reason your e-mail could
not be delivered. The next line contains a second error message which is a
general translation for other e-mail servers.
Please direct further questions regarding this message to the e-mail
administrator or Postmaster at that destination.
----- The following addresses had permanent fatal errors -----
(reason: 554 DT:SPM mx31, UcCowKDrPa7BWflLau93AA--.3476S2 1274632646
----- Transcript of session follows -----
... while talking to 163mx04.mxmail.netease.com.:
<<< 554 DT:SPM mx31, UcCowKDrPa7BWflLau93AA--.3476S2 1274632646
554 5.0.0 Service unavailable
Final-Recipient: RFC822; firstname.lastname@example.org
Remote-MTA: DNS; 163mx04.mxmail.netease.com
Diagnostic-Code: SMTP; 554 DT:SPM mx31, UcCowKDrPa7BWflLau93AA--.3476S2
Last-Attempt-Date: Sun, 23 May 2010 12:37:27 -0400
Received: from mtaout-db05.r1000.mx.aol.com (mtaout-db05.r1000.mx.aol.com
by imr-ma01.mx.aol.com (8.14.1/8.14.1) with ESMTP id o4NGbDU9001260
; Sun, 23 May 2010 12:37:13 -0400
Received: from PC-201002280947 (unknown [126.96.36.199])
by mtaout-db05.r1000.mx.aol.com (MUA/Third Party Client Interface) with
ESMTPA id 68326E000088
; Sun, 23 May 2010 12:37:12 -0400 (EDT)
Subject: =?GB2312?B?tPq/qrXYt72wbMaxvt0xMzU=?= 342 44126 =?GB2312?B?wfW+rcDt?=
Date: Mon, 24 May 2010 00:37:10 +0800
Someone who has your address in their addressbook has gotten a rather common virus that mines that person's address book for addresses and then mails itself out with those mined addresses as the sender.
The receiving system detects the threat and bounces a message back to the spoofed sender. You in this case.
The person with the infected computer needs to run something like McAfee Stinger to kill the active bug: http://vil.nai.com/vil/stinger/
And then get some quality anti-virus installed. I like Avast because it's effective, has a free version and has an easy to use boot-time scan (the only way to truly clean viruses): http://www.avast.com/index
Sounds like a virus to me.
I´m no geek but I would do a virus check,delete the file and do a system restore. I think you have been attacked by a virus.
Someone is probing your mailbox to see if it's real. This is one method commercial mailing lists use to verify their lists. Make sure your inbox filters are strict enough and eventually (after five or ten years) they will stop.
Dismal, I know. Such is life in cyberspace.
Your email address is being used as a bogus-but-plausible source address for spam. It's been happening to me sporadically since 1994.
Scott J is correct but it would be a good idea to check out your system as well. Another free online scan that seems to work pretty well can be found at trendmicro.com.
Every once in a while I get a massive number of these things to my "editor@" address at The Price of Liberty. At one point I was getting nearly 500 spam emails a day, much of it porn.
My on line spam/varmint filter catches them ALL. Your ISP should be catching these for you as well. Talk to your ISP provider.
Do that or get some sort of heavy duty anti=spam/virus software before you clean your machine. Otherwise, you'll just get reinfected.
Technology, never more than half a step ahead of the vandals and psychopaths, unfortunately.
Your address book has been hacked... Your best bet is to change your email addy to a new one, otherwise it will only get worse.
You've been Joe Jobbed
"A joe job is a spamming technique that sends out unsolicited e-mails using spoofed sender data. Early joe jobs aimed at tarnishing the reputation of the apparent sender or inducing the recipients to take action against him ..."
Could also be a spambot on your ISP's servers using your valid address to send spam to others in your email list and they're bouncing. Happens to my older hotmail account once in a while. Forward the whole thing (without any additional comment)to your provider's abuse address and they'll usually ferret out and block the bot after a day or so. It'll come back from time to time, probing and hijacking as often as it's programmed to check for availability. It may also be due to your (now) higher profile in the world. Sometimes the little darlings who spread these will get on a political panties in a bunch and go after those they don't agree with.
This is another good reason for all of us to only send text and not html in mail. Makes it easier to keep the viruses down.
I concur with Scott J. Avast is a great anti-virus and once installed you can pretty much forget about it. Make sure that you use the McAffe scan first though,(avast sees the scan as a virus and blocks it)
This is actually pretty simple and not as suspicious as you might believe.(basically saying, this more than likely isn't some .GOV attack on you.)
Well, I typed this in the address bar:
Of course, you'll have to type that in yourself to see the Chinese page.
Then, I typed this in the search bar:
And came up with ... type it in the search bar to get to the page:
Sipsey Street Irregulars: Why am I getting bounce-backs on emails ...
May 23, 2010 ... Original-Recipient: rfc822;email@example.com. Final-Recipient: RFC822; firstname.lastname@example.org. Action: failed. Status: 5.0.0 ...
sipseystreetirregulars.blogspot.com/.../why-am-i-getting-bounce-backs-on-emails.html - 4 hours ago
news aggregator | End the War on Freedom
comFinal-Recipient: RFC822; email@example.comAction: failedStatus: 5.0.0Remote-MTA: DNS; 163mx04.mxmail.netease.comDiagnostic-Code: SMTP; 554 DT:SPM mx31, ...
billstclair.com/blog/aggregator - 2 hours ago
I haven't done them all, but I would say you have been hi-jacked.
For those who are not "program savvy" ... Iolo System Mechanic Professional comes in handy of keeping the pirates at bay.
Another vote for Avast free version, also suggest spywareblaster and spyware terminator, all available @ majorgeeks.com.
That's an NDR from someone with a poorly configured MX. Ignore it.
It could be one of a few things. First thing that comes to mind is "worm sign" from someone else's email address book that is being used by the worm/virus. Could also be some internet criminal who owns a "botnet or spambot" and your email address is being used. Finally there could be some email routing issue(s) at AOL or some other ISP, ie their DNS server may be compromised.
I used to get hundreds of these a day - I have one particular email address that is 14 years old. You may notice that the email that was supposedly from you was sent by a program you do not use. This is a sure sign that somebody else's addressbook was hacked.
I ended up changing my ISP for that address. I still get those spam-bounces, but they stay at the new ISP's spam dumpster and out of my inbox.
Your current ISP may be able to help you with this.
20 years in IT - I know of which I speak.
Scott J nailed it.
Somewhere out there, someone (or someTHING) is sending mail (probably a worm mailing copies of itself) claiming to be from you.
Don't feel bad - it's also sending mail claiming to be FROM every other person in the victim's address-book.
Since the receiving system doesn't know who the real sender is, it sends the response to YOU.
These worms SUCK - especially because it makes it impossible to know who is infected.
What can YOU do?
Well, on second thought the one thing you CAN do is be prepared to explain when people start complaining about mail "you" are sending...
Otherwise, ignore it.
There's an IP address in the header information.
Google "IP trace" whenever you see and input that address as follows:
That's in Wichita.
You can also google "traceroute" and do the same to see the "hops", and trace the IP at each location along the route. When it hits Timeout, the last IP is the end of the trace.
What does all this do for you? Nothing really, except reduce the feeling of total helplessness a little.
The China IP is:
Trend Micro's Online Housecall. Free.
Entering "firstname.lastname@example.org" into a Firefox browser elicits a message that you are trying to log into a server that does NOT require authorization, and says that it "may be an attempt to trick you."
Entering 163.com into the Whois search feature returns this, "The IP address from which you have visited the Network Solutions Registrar WHOIS database is contained within a list of IP addresses that may have failed
to abide by Network Solutions' WHOIS policy."
You might have an e-mail redirector on your box, or a worm.
I'd run the Trend Micro tool.
Also, "Ad Aware" http://www.lavasoft.com/single/trialpay.php
One other thing.....
My e-mail /ISP has an online sign-on option. I can use my web browser to "login" to my mail and view the subjects and senders without actually having to download them. I can delete anything I don't want without having to open them.... then I pull them down. If you have that option, it can save heartache. Does create a couple extra steps, but it's been worth it for me. I haven't had anything like that since instituting this policy.
The previous posts have it in the bag, either someone is deliberately attemtping to spoof you or an infection has aquired their address book.
Avast5 is a really good virus scanner with a bootime feature that is quite effective. Additionally, to keep safe from other types of malware, consider installing and running MalwareBytes (from Malwarebytes.org) for a very effective malware scan.
Post a Comment