Page 1 of 1


Posted: Sun Sep 21, 2008 11:42 pm
by Security_Wiz

Recently I started getting spam messages from postmasters in Russia, Georgia, and the U.S. They have said stuff like "failed message sent to ________ (gibberish, or something in Russian). It makes me look like I'm sending these messages, even though I'm not. My ISP blocked those three domains from mailing me. However, that means that the postmasters aren't mailing me the errors, which is good for me, but that I'm somehow mailing out spam to others, it just can't affect me anymore.....?

Some of the domains are actually ESP (email service providers) like:


and other Russian/Ukrainian domains. I've recently heard of email address spoofing in the "from" bar. However, how do I stop it, and ow did this happen? I did not give my email address to anyone. Also, it has been noted that the domains listed above give spam (especially, according to WOT user comments), and that Earthlink used to send spam. Also, after each message, there is a random Earthlink address.....

Could somebody please help?

Might be a joe-job. You are

Posted: Mon Sep 22, 2008 8:46 am
by lordpake
Might be a joe-job or backscatter. You are just marked as sender, for some reason, instead of you actually sending these msgs.

Therefore you would get the bounce backs etc. as you are marked as sender :)

Not sure there is much you can actually do, besides weathering the storm so to speak, switching email addresses, using spam filters to get rid of these msgs you receive.

"Men make good pets."

Or maybe not...

Posted: Mon Sep 22, 2008 11:32 am
by phantazm
Security_Wiz: "I'm somehow mailing out spam to others"

Or maybe people think you are? This reminds me of an incident few years ago: I received a spam mail, and as I didn't know so much, I contemplated simply sending it back where it came from. Then I discovered my email address two places: both as receiverand sender. If I had returned it, it would have bounced back at once right in my face. Of course this spam had annoyed others too, some of them did return it, and for several days my inbox was flooded with returned and rejected spam...

PS: Why is lordpakes second link not live..?

PS: Why is lordpakes second

Posted: Mon Sep 22, 2008 1:38 pm
by lordpake
PS: Why is lordpakes second link not live..?

I wondered that too myself when posting :D

"Men make good pets."

URL not 'live'.

Posted: Mon Sep 22, 2008 1:55 pm
by logicman
It must be the round brackets: =

. . . . . . . . . . . . . . . .
Protect and Surf.


Posted: Mon Sep 22, 2008 4:19 pm
by Sami
It must be the round brackets:

You're right, it looks like they're not allowed, probably to make links in parenthesis ( work. You can encode them though:

Another option is to use HTML, the forum seems to accept a limited set of tags.


Posted: Mon Sep 22, 2008 10:55 pm
by Security_Wiz
Yes, it is a backscatter. I just wonder how it happened.

Also, should I provide a copy of the message? It has no files in it, and no malware, so I'm not sure why any spammer would want to sent it. It's just random numbers and letters. Also, I'm only receiving the messages that were sent that the email address didn't exist? So, how do I see how many messages I'm really sending? I've only gotten like ten bounce backs, including about 100 email addresses.

I'm not able to switch email addresses. Is there anyway I can stop this? I've heard of people who get 1000 of these a week, and people who waited 5-6 days and it stopped. I'm guessing a bot randomly found my email address on an infected PC friend.

Oh the joys ....

Posted: Mon Sep 22, 2008 11:49 pm
by MysteryFCM
I get hundreds of these per day, and not surprisingly, the vast majority aren't actually failed messages (as they claim), but rather clever attempts at spamming you.

Can you stop them? Nope ...... can you report them? Yep, but it's likely useless. The best you can do is to have your e-mail client filter them out.

Feel free to forward them to me too ....... I love checking these things out ;o) (get a rather strange pleasure out of tracking them hehe).

Steven Burn
Ur I.T. Mate Group / hpHosts /