BleepingComputer.com: Returned Mail

A problem has arisen in the last two days. I have received at least twenty returned mails from Postmasters each day. So far as I can see, none of the messages were sent by me, nor created by anyone sitting at my computer. I use Mailwasher and delete through Mailwasher all suspicious or unwanted mail (including the returned Mail messages). I have not had this problem before. I am using XP Home (and it is continually updated) and Windows Internet Explorer. I wonder whether the problem is with the computer of someone with whom I have corresponded by e-mail, or who has my email address on his address list. Can anyone give me some advice please. If I need to send a HiJackThis log I can do so.

And thanks iqweed for your reply to my introduction post


gleet

Chances are that all the mail "returned" by a mailer-deamon, and which you are certain was NOT generated by your computer, was caused by your E-mail address being harvested from an infected computer elsewhere. Very often, malware and spam will attempt to disguise themselves as returned mail;sometimes this is evident when you expand the E-mail header.
If you thoroughly scan your hard drive with your updated AV, and one or two good anti-spyware applications, and these find nothing, then the problem is not caused by your computer, and most likely you do not need to submit a HJT log.
If, though, you are unsure after running these, then follow the instructions for posting:

http://www.bleepingcomputer.com/forums/topic34773.html

Regards,
John

Thanks John. I did scan with AVG, Spybot, AdAware and AMust Registry Cleaner and nothing particular came up. I have had three returned Mails today (somewhat less than over the past two days). I rather suspected that someone elses computer is infected and using my address as purported sender. MailWasher is very convenient for this problem.

Thanks again
gleet

These (for me) generally fall into 2 categories:

1) Returned mail that a spammer has sent using my return email address
2) SPAM emails that are sent to look like they're returned mail - this will cause you to look at them because you wonder who you sent the email to.

Of course, you could be infected with a trojan.

I would recommend a couple of online scans specifically fro them:

Trojan scans –
Sygate Trojanscan
http://scan.sygatetech.com/pretrojanscan.html

Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp

Parasite scan from Aumha:
http://www.aumha.org/a/noads.php
or here:
http://www.aumha.org/win5/a/noads2.htm

Thanks John. I am still getting a large number of "returns" all coming from different Postmasters.
Thanks Enthusiast. I have scanned with WindowsTrohjan Scan and there is a null return. I tried Sygate (the web adddress you gave cannot be found by my computer but I got the address using Google). That scan gave me the following message "You have blocked all of our probes! We still recommend running this test both with
and without Sygate Personal Firewall enabled... so turn it off and try the test again." I am not sure what that means as I do not have Sygate Personal Firewall on my machine so far as I am aware. I could try turning off my Windows XP firewall. I also have Zone Alarm working on my machine. I am a bit loathe to download the "returned messages" and then open them up to see if they gives any clue as to where they are originating from or whose computer might be infected. I am however thinking of doing that.
Thanks again for your help.

gleet

This post has been edited by gleet: 02 October 2006 - 09:05 AM

Just a thought:

Your e-mail address may have been picked up by a spam-bot or something which is sending out spam in your name. To rule out that the problem is with your computer, go to a different computer or personally contact your e-mail provider and change the user name for your e-mail address.

Inform your important contacts of the new address, but tell them not to put it in their address book in case it's infected.

Wait a while and see if the returned mail problems cease. If they do, we'll know it was not an infection on your computer.

Orange Blossom

gleet, on Oct 2 2006, 10:05 AM, said:

Although this may not be a direct cause of your problems, it is not necessary to use Windows Firewall at all since you have Zone Alarm running. Try running a test here: Shields Up

You didn't mention which email client you use to download your email after you preview it in Mailwasher so this is just an FYI: Outlook/Outlook Express are prime targets for email addresses being hrvested, the reason being that the address books are stored as a text file that is easily accessible. If you are using either of these, you should consider an alternative such as Thunderbird , Eudora , or The Bat .

I am still getting mail returns at a rate of knots. In fact I do not have Windows Firewall turned on. I am considering changing my eMail client from Outlook express, but will that not be closing the stable door after the horse has bolted HillBilly Greek (are you a golfer by any chance)?. I tried Shields Up but It did not seem to give any result appertaining to my difficulty. Thanks Orange Blossom for your suggestions. It may be that I will need to change my E-Mail address. I am not sure what you mean by trying a different computer. Surely that would not affect any of the spate of "returns" I am getting?

You can use the rules or filters settings in OE to send the SPAM directly to your Trash. Just be careful with the syntax of the rule - otherwise you may end up "throwing out the baby with the bathwater".

gleet, on Oct 3 2006, 08:39 AM, said:

If your computer is infected with something that can identify your user name, e-mail address or whatever, changing your user name on your computer will not solve the problem as whatever it is would know what your new e-mail address is. Changing it on a different computer would have an affect at least at first. Once you start reading your mail etc., if the problem is a result of an infection, you will begin to see new returned mails. Does this make sense?

I read that you have ZoneAlarm on. Is it identifying or blocking any outgoing messages that you have not sent?

In your shoes, I would really go for changing the user name rather than simply putting in filter rules given the volume and kind of bad mail you are receiving. It is possible that your e-mail address was compromised and something is sending out spam in your name. If this is so, you want that stopped.

Orange Blossom

Thanks for your latest Orange Blossom. It has given me food for thought. If I continue to use my computer with a new eMail address, then if my computer is infected, I should continue to get returned mails, but if it is not my computer which is infected then the returned mails should stop (until someone with an infected computer puts my new address on their contacts address list). Do you think my reasoning is correct?

Thanks for your futher message John, Mailwasher does seem to be sufficient for my purposes generally, as very little if any spam gets through my screening. It is just that I would like to be able to stop this deluge of returned mails without marking each one individually for deletion in Mailwasher ( and also taking care not to delete a genuine returned mail message).

gleet, on Oct 3 2006, 11:58 AM, said:

Yup, pretty much. You may notice a slight lag before you start getting bombarded again if the problem is on your computer, but it wouldn't take long.

Also, as a safety measure, never post your e-mail address on discussion boards, listserves etc. Always choose options that keep it hidden.

Orange Blossom

My problem is different in that the e mails that are being returned to me are ones that I have sent. This is I understand a growing problem caused by postmasters automatically blocking mail from servers that have been used by spammers, whether they know it or not. I use Orange as my ISP and some, not all e mails are blocked. I tried using Yahoo mail to see whether that would get round the problem but the e mails to the same addressees were returned.

Any suggestions?

There are a lot of reasons for returned emails. Some you can control, some you can't. Mistyped addresses, blocked from receiver's email by intended recipient, recipient changing email address, blocked by antispam programs, too large email, etc. If you think you are being blocked because your computer is suspected of sending spam then you need to run some security scans. Especially if this is a recent event.