Help, I'm sending myself SPAM!

Discussion in 'Help Desk' started by olnortonut, Dec 22, 2008.

  1. olnortonut

    olnortonut New Email

    Joined:
    Dec 22, 2008
    Messages:
    3
    Likes Received:
    0
    For some reason I'm getting emails from myself advertising pharmaceuticals and other sexual devices! My wife has an identity on this computer also and she too receives these type of emails from me. I haven't been told by anyone else that they are getting anything from me but it could be that my computer is sending this junk out to others as well.

    I'm running Windows XP, Internet Explorer, Outlook Express. I run the free version of Avast a/v and have PC Tools Spyware Doctor.
    Nothing shows up on any scans that I've done.

    Got any ideas?

    Thanks,

    Bob
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,001
    Likes Received:
    120
    Hi Bob,

    Please get the full email headers from three of the spam mails.

    The full email headers tell the story of where the email originated and how it got to your inbox.

    Once we have the full headers can can assist you in blocking the spams and/or reporting them to the correct service providers abuse team.

    -Raymond
     

  3. olnortonut

    olnortonut New Email

    Joined:
    Dec 22, 2008
    Messages:
    3
    Likes Received:
    0
    Here you go:

    Received: from localhost by mx2
    with SpamAssassin (version 3.2.3);
    Mon, 22 Dec 2008 04:28:03 -0400
    From: Bob Thompson <bthompson@netidea.com>
    To: <bthompson@netidea.com>
    Subject: -= Spam Detected by the Net Idea =- OK, here is my answer
    Date: Mon, 22 Dec 2008 04:27:57 -0400
    Message-Id: <200812220828.mBM8RvVT031381@mx3.netidea.com>
    X-Spam-Flag: YES
    X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on mx2
    X-Spam-Level: *******
    X-Spam-Status: Yes, score=7.9 required=5.0 tests=AT_IN_URL,BAYES_99,
    HTML_IMAGE_ONLY_16,HTML_MESSAGE,HTML_SHORT_LINK_IMG_2,MIME_HTML_ONLY,
    SPF_HELO_PASS,SPF_PASS autolearn=no version=3.2.3
    MIME-Version: 1.0
    Content-Type: multipart/mixed; boundary="----------=_494F4F93.9AB8B014"
    X-Antivirus: avast! (VPS 081221-0, 12/21/2008), Inbound message
    X-Antivirus-Status: Clean

    Return-Path: <bthompson@netidea.com>
    Received: from mx1.netidea.com (mx1.netidea.com [216.116.8.103])
    by localhost.netidea.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id mBMKn9BA027171
    for <bthompson@imap1.netidea.com>; Mon, 22 Dec 2008 16:49:09 -0400
    From: Bob Thompson <bthompson@netidea.com>
    Received: from M4213.m.pppool.de (U41e7.u.pppool.de [89.56.65.231])
    by mx1.netidea.com (8.13.8/8.13.8/Debian-3) with SMTP id mBMJlFV4005781
    for <bthompson@netidea.com>; Mon, 22 Dec 2008 15:47:19 -0400
    Date: Mon, 22 Dec 2008 15:47:15 -0400
    Message-Id: <200812221947.mBMJlFV4005781@mx1.netidea.com>
    To: <bthompson@netidea.com>
    Subject: I lost your cell number
    MIME-Version: 1.0
    Importance: High
    Content-Type: text/html
    X-Virus-Scanned: ClamAV 0.94.2/8793/Mon Dec 22 12:56:32 2008 on mx1
    X-Virus-Status: Clean
    X-Antivirus: avast! (VPS 081221-0, 12/21/2008), Inbound message
    X-Antivirus-Status: Clean

    Return-Path: <bthompson@netidea.com>
    Received: from mx1.netidea.com (mx1.netidea.com [216.116.8.103])
    by localhost.netidea.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id mBMJdSkr013026
    for <bthompson@imap1.netidea.com>; Mon, 22 Dec 2008 15:39:28 -0400
    From: Bob Thompson <bthompson@netidea.com>
    Received: from [77.28.163.199] ([77.28.165.224])
    by mx1.netidea.com (8.13.8/8.13.8/Debian-3) with ESMTP id mBMIbcee017001
    for <bthompson@netidea.com>; Mon, 22 Dec 2008 14:37:39 -0400
    Date: Mon, 22 Dec 2008 14:37:38 -0400
    Message-Id: <200812221837.mBMIbcee017001@mx1.netidea.com>
    To: <bthompson@netidea.com>
    Subject: She is asking for your number
    MIME-Version: 1.0
    Importance: High
    Content-Type: text/html
    X-Virus-Scanned: ClamAV 0.94.2/8793/Mon Dec 22 12:56:32 2008 on mx1
    X-Virus-Status: Clean
    X-Antivirus: avast! (VPS 081221-0, 12/21/2008), Inbound message
    X-Antivirus-Status: Clean
     
  4. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,001
    Likes Received:
    120
    Hi Bob,

    Your e-mail providers SpamAssassin is out of date. Ask them to upgrade SpamAssassin to the latest version. The e-mail provider appears to be netidea.com but it's possible they are another company on those mail servers too. The anti-virus is OK. I'd start with asking for the SpamAssassin to be updated to version 3.2.5.

    One of the 3 messages was tagged as spam. Of the two that were not tagged both are listed in the Spamhaus RBL. You can also ask your mail provider to run the Spamhaus zen RBL (zen.spamhaus.org) on their mail servers. If they were blocking known spam senders with the Spamhaus zen RBL you would not have received any of these spams, and SpamAssassin would spend less time doing more resource intensive spam content checks on their mail servers. It's a win-win situation for all involved.

    http://www.spamhaus.org/query/bl?ip=89.56.65.231

    http://www.spamhaus.org/query/bl?ip=77.28.165.224

    Please feel free to send your e-mail provider the link to this information.

    -Raymond
     
  5. olnortonut

    olnortonut New Email

    Joined:
    Dec 22, 2008
    Messages:
    3
    Likes Received:
    0
    Thanks Raymond,
    Net idea has just been taken over by another outfit so I guess it'll take some time for them to get it together. I will send them the info you sent me. Good.

    My original question was not answered...why am I sending out these emails? I really don't want to do this! <G>

    Bob
     
  6. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    9,001
    Likes Received:
    120
    Hi Bob,

    You are not sending out the e-mails. For example the one from 89.56.65.231 originated in Germany. It's possible the mail servers are rewriting the From: as from you, but it's more likely the spammers are sending the mail From: your address. It's an old spammer trick to send e-mail From: and To: the same e-mail address to try and get past spam filters. Some people like to whitelist e-mail from their own e-mail address or domain name. Check your whitelist and other filters to make sure that you are not allowing e-mail from yourself, but this appears to be more an an issue with the spam filters on the mail servers being out of date. If it's an option instead of changing the subject you may want to have the suspect spams deliver into a spam folder instead of your inbox.

    -Raymond
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...