2010-05-03, 14:03 | Link #1 |
Senior Member
Join Date: Nov 2006
Location: Virginia, USA
Age: 62
|
My web-based email account sends out spam
I used a web-based email account. (AOL to be precise.) I don't have an email address book on my laptop. It's hosted exclusively on the web server. Three times now, my email has sent a spam email to everyone in my address book. I assume some program on my laptop is kicking off the spam. I have run McAfee virus, Ad-Aware, and Malwarebytes. None have reported any infections.
I'm hoping that someone can offer advice on what I can do to prevent yet another spam outbreak. I've run out of ideas to try. Help, please?
__________________
|
2010-05-03, 17:15 | Link #4 |
Obey the Darkly Cute ...
Author
Join Date: Dec 2005
Location: On the whole, I'd rather be in Kyoto ...
Age: 66
|
It may not even be "coming from your account". Someone simply harvested your email address and used it to *forge* email from their own system.
An examination of the email header lines would show whether that was the case or not. I recently got a dozen "admin bounce" emails for "spamming" from a russian ISP. The email headers indicated the actual origination was in an east european country. I replied to the russian ISP with headers highlighted and they sent a nice thank you. However, harvesting emails to use as phony "origination" points is epidemic - made worse because many email readers "pretty up" the headers and hide all that scary email relay information from the average user. In addition to changing your password.... you might also run some 'rootkit' detectors and see if something is lurking that the usual adware/AV stuff won't spot.
__________________
|
2010-05-03, 23:27 | Link #6 | |
AS Oji-kun
Join Date: Nov 2006
Age: 74
|
Quote:
Here's a sample of what you're looking for from one of the thousands of spams I filter each day: Received: from sh79.grapeanswer.info(66.197.229.227) via SMTP by mail.example.com, id smtpdt6X87v; Fri Apr 30 06:21:10 2010 The exact text of the message will vary depending on the server software the recipient's ISP uses. Regardless of the format, you should see both the hostname and the IP address of the originating host. This one looks to be coming from a server in a hosting facility rather than the usual army of compromised spambots in homes and offices.
__________________
|
|
2010-05-03, 23:36 | Link #7 |
Obey the Darkly Cute ...
Author
Join Date: Dec 2005
Location: On the whole, I'd rather be in Kyoto ...
Age: 66
|
Aye... several of the Return to Sender messages I've received have been worthless because the ISP bouncing the forged mail stupidly snips off the smtp headers. They usually get a snarky F.U. letter and suggest their autobot not cut off the headers or don't bother sending the auto-whine. (my own BOFH moments)
__________________
|
2010-05-04, 07:36 | Link #8 | |
Senior Member
|
Quote:
The best way to check is to look at those delivery failure notices and see if it has any information on the source of the sender (if it actually got sent through the AOL web mail system) also it should tell you the reason why the delivery has failed and the IP address of the sender (if the IP address is from a known spammer then the reason for delivery failure would be for a untrusted IP address). |
|
2010-05-04, 07:58 | Link #9 |
Senior Member
Join Date: Nov 2006
Location: Virginia, USA
Age: 62
|
Thanks for all the advice, everyone. I'm going to research the headers more thoroughly. I don't think I know anyone who still has some of the spam that they could forward back to me to examine. But if it happens again (Heaven forbid!), I'll ask a friend to send me back the email.
__________________
|
|
|