SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Member
    Join Date
    Oct 2004
    Location
    Rochester
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    my email was hijacked

    I am getting "mail returned" messages for emails that I have never sent. I contacted my ISP and they said that I have adware in my computer. I religiously run Adaware and Spybot and use Norton AV. I have no record of any of the returned emails being sent from my computer. I was wondering two things - could it be possible that someone has found a way to use my email address by getting into the ISP's server? and 2) if it is coming from my computer, how can I get it to stop without deleting my email addresses?
    My email address in the following "returned" message is jblap@wideopenwest.com.

    Here is a sample of what I'm getting...

    ---------------------------------------------------

    The original message was received at Fri, 4 Feb 2005 22:21:16 -0500 (EST)
    from d149-67-153-135.col.wideopenwest.com [67.149.135.153]

    ----- The following addresses had permanent fatal errors -----
    <plancho@columbus.rr.com>
    (reason: 550 5.1.1 unknown or illegal alias: plancho@columbus.rr.com)

    ----- Transcript of session follows -----
    ... while talking to ms-mta-02-fn.columbus.rr.com.:

    >>>>>> DATA

    <<< 550 5.1.1 unknown or illegal alias: plancho@columbus.rr.com
    550 5.1.1 <plancho@columbus.rr.com>... User unknown
    <<< 554 5.5.0 No recipients have been specified.



    Reporting-MTA: dns; txmx04.mgw.rr.com
    Received-From-MTA: DNS; d149-67-153-135.col.wideopenwest.com
    Arrival-Date: Fri, 4 Feb 2005 22:21:16 -0500 (EST)

    Final-Recipient: RFC822; plancho@columbus.rr.com
    Action: failed
    Status: 5.1.1
    Remote-MTA: DNS; ms-mta-02-fn.columbus.rr.com
    Diagnostic-Code: SMTP; 550 5.1.1 unknown or illegal alias: plancho@columbus.rr.com
    Last-Attempt-Date: Fri, 4 Feb 2005 22:21:26 -0500 (EST)



    Received: from columbus.rr.com (d149-67-153-135.col.wideopenwest.com [67.149.135.153])
    by txmx04.mgw.rr.com (8.12.10/8.12.8) with ESMTP id j153LFT0026980
    for <plancho@columbus.rr.com>; Fri, 4 Feb 2005 22:21:16 -0500 (EST)
    Message-Id: <200502050321.j153LFT0026980@txmx04.mgw.rr.com>
    From: jblap@wideopenwest.com
    To: plancho@columbus.rr.com
    Subject: Re: Error in document
    Date: Fri, 4 Feb 2005 19:49:33 -0500
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Virus-Scanned: Symantec AntiVirus Scan Engine
    X-Virus-Scan-Result: Repaired 36326 W32.Netsky.P@mm
    jb Web
    Share what you know and be honest about what you don't know.

  2. #2
    SitePoint Evangelist gollux's Avatar
    Join Date
    Feb 2005
    Location
    Oregon, USA
    Posts
    414
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Hijacked only in name...

    As a business, I at times get hundreds of these a day. Some spammer somewhere has merely used your email address and/or domain as a spoofed point of origin and from address. It has been sent by some email zombie somewhere else on the planet and then you get bombarded with all the dropped or invalid recipient return messages. Just delete them, or if in enough volume from the same source, set up a filter for them.

  3. #3
    SitePoint Wizard gold trophysilver trophybronze trophy dc dalton's Avatar
    Join Date
    Nov 2004
    Location
    Right behind you, watching, always watching.
    Posts
    5,431
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    gollux is absolutely right ..... I get them all the time where I am the sender and the receiver ..... just another nasty spammer trick. Unless you get on someones "black list" I wouldnt worry too much about it. Most good companies can see a spoofed email address in a piece of spam a mile away!

  4. #4
    SitePoint Addict Troy1960's Avatar
    Join Date
    Jan 2003
    Location
    GA
    Posts
    320
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah I also believe it's what the above two reponsers suggested. Change your e-mail frequently... keep running the spyware. It's a tricky spam thing.
    Gunwallet.com- Digitally backup vital gun information.

  5. #5
    SitePoint Member
    Join Date
    Oct 2004
    Location
    Rochester
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thanks all..

    Thanks for all the replies -
    I thought as much, but why would my ISP suggest that I reformat my hard drive? That is exactly why I've learned to count on tech forums!
    jb Web
    Share what you know and be honest about what you don't know.

  6. #6
    SitePoint Evangelist gollux's Avatar
    Join Date
    Feb 2005
    Location
    Oregon, USA
    Posts
    414
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Because you learn that depending on the time of day and phase of the moon, your ISP helpdesk tech may only know what he's read on the back of a Rice Crispies box and not much more. www.spywareinfo.com is one of many sites that can point you to info about eliminating the zombie effect. Turn there first always.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •