Getting bounced emails that I did not send.

  • Thread starter Thread starter Stan Hilliard
  • Start date Start date
S

Stan Hilliard

For the past few weeks I have been getting a lot of bounced emails
that I did not send. They come to both my address and my wife's. They
come in spurts. Today I received about 70 in one hour. Then it
stopped. It will probably happen again tomorrow.

What is happening. Is there a page where this problem is described?

Stan Hilliard
 
On Sat, 17 May 2008 00:05:59 -0500, Stan Hilliard wrote:

> For the past few weeks I have been getting a lot of bounced emails
> that I did not send. They come to both my address and my wife's. They
> come in spurts. Today I received about 70 in one hour. Then it
> stopped. It will probably happen again tomorrow.
>
> What is happening. Is there a page where this problem is described?

Someone who has you and your wife in their address book is infected.
There's really not much you can do about it.

--
Paul Adare
http://www.identit.ca
CPU: A juvenile way of telling your dog he missed the paper.
 
"Stan Hilliard" wrote in
<news:abps24lt8n59152h1k8ch9pdaun34241l0@4ax.com>:

> For the past few weeks I have been getting a lot of bounced emails
> that I did not send. They come to both my address and my wife's. They
> come in spurts. Today I received about 70 in one hour. Then it
> stopped. It will probably happen again tomorrow.
>
> What is happening. Is there a page where this problem is described?
>
> Stan Hilliard

How do you stop someone from claiming your e-mail address is theirs?
You can't.

How to you stop admins from misconfiguring their mail hosts to reject
undeliverable e-mails DURING their mail session with the sending mail
host instead of accepting the e-mail, ending the mail session, and then
assuming the return-path (sender's e-mail address) is valid that the
sender entered there?
You can't.

Until whomever usurped your e-mail address gets tired of using it or
until e-mail admins figure out how to properly configure their mail
hosts, you will continue getting these misdirected bounces.

Misdirected bounces are spam and can be reported to blacklists, like
SpamCop. Maybe if a mail service gets blacklisted then they might
decide to fix their misconfigured server. A reporting account at
SpamCop is free. You can use their web form to submit these misdirected
bounces (also called backscatter) to their blacklist. They will send an
abuse report to the e-mail provider, too.
 
On Sat, 17 May 2008 13:24:22 -0500, VanguardLH <V@nguard.LH> wrote:

>"Stan Hilliard" wrote in
><news:abps24lt8n59152h1k8ch9pdaun34241l0@4ax.com>:
>
>> For the past few weeks I have been getting a lot of bounced emails
>> that I did not send. They come to both my address and my wife's. They
>> come in spurts. Today I received about 70 in one hour. Then it
>> stopped. It will probably happen again tomorrow.
>>
>> What is happening. Is there a page where this problem is described?
>>
>> Stan Hilliard
>
>How do you stop someone from claiming your e-mail address is theirs?
>You can't.
>
>How to you stop admins from misconfiguring their mail hosts to reject
>undeliverable e-mails DURING their mail session with the sending mail
>host instead of accepting the e-mail, ending the mail session, and then
>assuming the return-path (sender's e-mail address) is valid that the
>sender entered there?
>You can't.
>
>Until whomever usurped your e-mail address gets tired of using it or
>until e-mail admins figure out how to properly configure their mail
>hosts, you will continue getting these misdirected bounces.

Are you saying that there is a correct way for admins to configure
their email hosts that can prevent thieves from steeling my address
from there? I ask this because I have a website and 7 or 8 pop3 mail
addresses with a hosting service. The bounce-backs seem to cover all
of my addresses - which makes me suspect that the thief got the
addresses from that server -- others would not have the whole set in
their address books.

If there is such a configuration could you please explain the specific
steps that an admin would go through to implement it? I want to be
able to ask the right questions of my provider. My website and pop3
are hosted on a server with a Windows OS.
Stan Hilliard

>Misdirected bounces are spam and can be reported to blacklists, like
>SpamCop. Maybe if a mail service gets blacklisted then they might
>decide to fix their misconfigured server. A reporting account at
>SpamCop is free. You can use their web form to submit these misdirected
>bounces (also called backscatter) to their blacklist. They will send an
>abuse report to the e-mail provider, too.
 
Stan Hilliard wrote:
> For the past few weeks I have been getting a lot of bounced emails
> that I did not send. They come to both my address and my wife's. They
> come in spurts. Today I received about 70 in one hour. Then it
> stopped. It will probably happen again tomorrow.
>
> What is happening. Is there a page where this problem is described?
>
> Stan Hilliard

Typically what happens is that someone somewhere has your email address on
their system. Then this someone gets careless and allows their system to
become infected with malware which then appropriates your email address to
use as a false return address for sending their spam or malware messages to
a list of recipients. Their list is seldom accurate and a percentage of the
messages get bounced back. But guess what -- when they bounce they go to
the falsified return address. _Your_ return address. This explains why the
bounced messages come in spurts -- the malware sends a thousand messages
and the bad addresses are detected in pretty short order at the receiving
end and _you_ receive a slug of messages.

John McGaw
http://johnmcgaw.com
 
"Stan Hilliard" wrote in
<news:ln9134dg9ut6m6mrld349kvdi9ca5r8gf2@4ax.com>:

> On Sat, 17 May 2008 13:24:22 -0500, VanguardLH <V@nguard.LH> wrote:
>
>>"Stan Hilliard" wrote in
>><news:abps24lt8n59152h1k8ch9pdaun34241l0@4ax.com>:
>>
>>> For the past few weeks I have been getting a lot of bounced emails
>>> that I did not send. They come to both my address and my wife's. They
>>> come in spurts. Today I received about 70 in one hour. Then it
>>> stopped. It will probably happen again tomorrow.
>>>
>>> What is happening. Is there a page where this problem is described?
>>>
>>> Stan Hilliard
>>
>>How do you stop someone from claiming your e-mail address is theirs?
>>You can't.
>>
>>How to you stop admins from misconfiguring their mail hosts to reject
>>undeliverable e-mails DURING their mail session with the sending mail
>>host instead of accepting the e-mail, ending the mail session, and then
>>assuming the return-path (sender's e-mail address) is valid that the
>>sender entered there?
>>You can't.
>>
>>Until whomever usurped your e-mail address gets tired of using it or
>>until e-mail admins figure out how to properly configure their mail
>>hosts, you will continue getting these misdirected bounces.
>
> Are you saying that there is a correct way for admins to configure
> their email hosts that can prevent thieves from steeling my address
> from there? I ask this because I have a website and 7 or 8 pop3 mail
> addresses with a hosting service. The bounce-backs seem to cover all
> of my addresses - which makes me suspect that the thief got the
> addresses from that server -- others would not have the whole set in
> their address books.

No, what I said is that no one, not even a mail server, knows who sends
an e-mail unless they are connected to the sending mail host. Every
host knows the IP address of who connected to it. During a mail session
between sending and receiving mail hosts, the receiving mail host only
knows at that time who is sending the e-mail message. It is during that
mail session that the receiving mail server should reject an e-mail if
it is undeliverable. Why? Because the rejection goes to the sending
mail host currently connected to the receiving mail host. If the
receiving mail host accepts an e-mail, the mail session is over. Then
when the receiving mail host discovers that the e-mail is not
deliverable, what does it have to go by? It isn't connected to the
sending mail host anymore. It has to use the return-path headers in the
e-mail - but those headers are added by the sender. That means the
sender can specify whatever they want in the header section of the
e-mail. It is *data* that is part of the message sent during the DATA
command. They are NOT added by the sending mail host. So the receiving
mail host only has the sender-specified headers to send back the
non-delivery e-mail. So anyone claiming to own your e-mail address and
puts that e-mail address in the "headers" will get used by the
misconfigured receiving mail host that rejects AFTER the mail session is
already over. They can only send the non-delivery report to the e-mail
address in the headers. However, if they had rejected the e-mail DURING
the mail session with the sending mail host, the receiving mail host
never has to issue a non-delivery report. The sending mail host gets
the rejection and notifies the sender of the problem.
 
Back
Top