HELP! My email's been nicked

From: Manthorp29 Jul 2011 06:59

To: ALL1 of 25

Overnight I've received a bunch of bounced email messages suggesting that somebody is spamming from my email address.

How are they doing it? And how do I stop them?

Reply

0/0

From: Serg (NUKKLEAR)29 Jul 2011 07:23

To: Manthorp 2 of 25

38740.2 In reply to 38740.1

You need to look at the full headers to see the originating IP...

Reply

0/0

From: Manthorp29 Jul 2011 07:48

To: Serg (NUKKLEAR) 3 of 25

38740.3 In reply to 38740.2

Attached are a couple of typical bounced spam messages. They don't seem to have anything in common.

Attachments:

Reply

0/0

From: 99% of gargoyles look like (MR_BASTARD)29 Jul 2011 08:01

To: Manthorp 4 of 25

38740.4 In reply to 38740.1

quote: Manthorp

How are they doing it?

Anyone can spoof another's address by putting it in the 'from' header, either in a script or mailer app. Using a simple PHP script like this would work:

code:

mail($to, $subject, $message, 'From:throb@bumpoke.com');

quote: Manthorp

And how do I stop them?

TBH, I don't think you can, they're probably not routing via your (host's) server.

EDITED: 29 Jul 2011 08:02 by MR_BASTARD

Reply

0/0

From: Manthorp29 Jul 2011 08:04

To: 99% of gargoyles look like (MR_BASTARD) 5 of 25

38740.5 In reply to 38740.4

If it's just spoofing then I'm irritated but not too arsed. It was the thought that it might have been through my domain mail via a keylogger or summat thast was worrying me. I am running a zillion antimalware progs as I type, all of which will probably accuse each other of badness.

Reply

0/0

From: 99% of gargoyles look like (MR_BASTARD)29 Jul 2011 08:05

To: Manthorp 6 of 25

38740.6 In reply to 38740.5

shit shit shit.... :(

Reply

0/0

From: Serg (NUKKLEAR)29 Jul 2011 08:24

To: Manthorp 7 of 25

38740.7 In reply to 38740.3

Yeah, you won't be able to do much about that... Wot MrB said above, you can pretend to have any email address when you send an email if the server accepts it, so why they picked yours is irrelevant. The initial source IP is different, so it's most likely a botnet that's using your email as a random source. I don't really understand why they use real source addresses tbh...

EDITED: 29 Jul 2011 08:25 by NUKKLEAR

Reply

0/0

From: Manthorp29 Jul 2011 08:34

To: Serg (NUKKLEAR) 8 of 25

38740.8 In reply to 38740.7

quote:

I don't really understand why they use real source addresses tbh...

Obviously trading on my internationally renowned good name.

As long as it's just spoofed I'm not too fussed. My escutcheon may have been blotted in the block list of some Russian spambuster nannyware, but I can live with that.

Reply

0/0

From: steve29 Jul 2011 13:56

To: Manthorp 9 of 25

38740.9 In reply to 38740.8

If you have an email address visible online then chances are it will happen. I was once worried it may end up with my address black listed but apparently the black listing people are smarter than that!

Reply

0/0

From: Manthorp29 Jul 2011 14:15

To: steve 10 of 25

38740.10 In reply to 38740.9

Is that the listing people who is black?

Reply

0/0

From: steve29 Jul 2011 14:22

To: Manthorp 11 of 25

38740.11 In reply to 38740.10

It's like the opposite of being on that BNP membership list that was leaked.