Help, I'm sending myself SPAM!

olnortonut

New Email
For some reason I'm getting emails from myself advertising pharmaceuticals and other sexual devices! My wife has an identity on this computer also and she too receives these type of emails from me. I haven't been told by anyone else that they are getting anything from me but it could be that my computer is sending this junk out to others as well.

I'm running Windows XP, Internet Explorer, Outlook Express. I run the free version of Avast a/v and have PC Tools Spyware Doctor.
Nothing shows up on any scans that I've done.

Got any ideas?

Thanks,

Bob
 

EQ Admin

EQ Forum Admin
Staff member
Hi Bob,

Please get the full email headers from three of the spam mails.

The full email headers tell the story of where the email originated and how it got to your inbox.

Once we have the full headers can can assist you in blocking the spams and/or reporting them to the correct service providers abuse team.

-Raymond
 

olnortonut

New Email
Here you go:

Received: from localhost by mx2
with SpamAssassin (version 3.2.3);
Mon, 22 Dec 2008 04:28:03 -0400
From: Bob Thompson <bthompson@netidea.com>
To: <bthompson@netidea.com>
Subject: -= Spam Detected by the Net Idea =- OK, here is my answer
Date: Mon, 22 Dec 2008 04:27:57 -0400
Message-Id: <200812220828.mBM8RvVT031381@mx3.netidea.com>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on mx2
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.9 required=5.0 tests=AT_IN_URL,BAYES_99,
HTML_IMAGE_ONLY_16,HTML_MESSAGE,HTML_SHORT_LINK_IMG_2,MIME_HTML_ONLY,
SPF_HELO_PASS,SPF_PASS autolearn=no version=3.2.3
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_494F4F93.9AB8B014"
X-Antivirus: avast! (VPS 081221-0, 12/21/2008), Inbound message
X-Antivirus-Status: Clean

Return-Path: <bthompson@netidea.com>
Received: from mx1.netidea.com (mx1.netidea.com [216.116.8.103])
by localhost.netidea.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id mBMKn9BA027171
for <bthompson@imap1.netidea.com>; Mon, 22 Dec 2008 16:49:09 -0400
From: Bob Thompson <bthompson@netidea.com>
Received: from M4213.m.pppool.de (U41e7.u.pppool.de [89.56.65.231])
by mx1.netidea.com (8.13.8/8.13.8/Debian-3) with SMTP id mBMJlFV4005781
for <bthompson@netidea.com>; Mon, 22 Dec 2008 15:47:19 -0400
Date: Mon, 22 Dec 2008 15:47:15 -0400
Message-Id: <200812221947.mBMJlFV4005781@mx1.netidea.com>
To: <bthompson@netidea.com>
Subject: I lost your cell number
MIME-Version: 1.0
Importance: High
Content-Type: text/html
X-Virus-Scanned: ClamAV 0.94.2/8793/Mon Dec 22 12:56:32 2008 on mx1
X-Virus-Status: Clean
X-Antivirus: avast! (VPS 081221-0, 12/21/2008), Inbound message
X-Antivirus-Status: Clean

Return-Path: <bthompson@netidea.com>
Received: from mx1.netidea.com (mx1.netidea.com [216.116.8.103])
by localhost.netidea.com (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id mBMJdSkr013026
for <bthompson@imap1.netidea.com>; Mon, 22 Dec 2008 15:39:28 -0400
From: Bob Thompson <bthompson@netidea.com>
Received: from [77.28.163.199] ([77.28.165.224])
by mx1.netidea.com (8.13.8/8.13.8/Debian-3) with ESMTP id mBMIbcee017001
for <bthompson@netidea.com>; Mon, 22 Dec 2008 14:37:39 -0400
Date: Mon, 22 Dec 2008 14:37:38 -0400
Message-Id: <200812221837.mBMIbcee017001@mx1.netidea.com>
To: <bthompson@netidea.com>
Subject: She is asking for your number
MIME-Version: 1.0
Importance: High
Content-Type: text/html
X-Virus-Scanned: ClamAV 0.94.2/8793/Mon Dec 22 12:56:32 2008 on mx1
X-Virus-Status: Clean
X-Antivirus: avast! (VPS 081221-0, 12/21/2008), Inbound message
X-Antivirus-Status: Clean
 

EQ Admin

EQ Forum Admin
Staff member
Hi Bob,

Your e-mail providers SpamAssassin is out of date. Ask them to upgrade SpamAssassin to the latest version. The e-mail provider appears to be netidea.com but it's possible they are another company on those mail servers too. The anti-virus is OK. I'd start with asking for the SpamAssassin to be updated to version 3.2.5.

One of the 3 messages was tagged as spam. Of the two that were not tagged both are listed in the Spamhaus RBL. You can also ask your mail provider to run the Spamhaus zen RBL (zen.spamhaus.org) on their mail servers. If they were blocking known spam senders with the Spamhaus zen RBL you would not have received any of these spams, and SpamAssassin would spend less time doing more resource intensive spam content checks on their mail servers. It's a win-win situation for all involved.

http://www.spamhaus.org/query/bl?ip=89.56.65.231

http://www.spamhaus.org/query/bl?ip=77.28.165.224

Please feel free to send your e-mail provider the link to this information.

-Raymond
 

olnortonut

New Email
Thanks Raymond,
Net idea has just been taken over by another outfit so I guess it'll take some time for them to get it together. I will send them the info you sent me. Good.

My original question was not answered...why am I sending out these emails? I really don't want to do this! <G>

Bob
 

EQ Admin

EQ Forum Admin
Staff member
Hi Bob,

You are not sending out the e-mails. For example the one from 89.56.65.231 originated in Germany. It's possible the mail servers are rewriting the From: as from you, but it's more likely the spammers are sending the mail From: your address. It's an old spammer trick to send e-mail From: and To: the same e-mail address to try and get past spam filters. Some people like to whitelist e-mail from their own e-mail address or domain name. Check your whitelist and other filters to make sure that you are not allowing e-mail from yourself, but this appears to be more an an issue with the spam filters on the mail servers being out of date. If it's an option instead of changing the subject you may want to have the suspect spams deliver into a spam folder instead of your inbox.

-Raymond
 
Top