Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Returned Mail


  • Please log in to reply
21 replies to this topic

#1 gleet

gleet

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 30 September 2006 - 05:25 PM

A problem has arisen in the last two days. I have received at least twenty returned mails from Postmasters each day. So far as I can see, none of the messages were sent by me, nor created by anyone sitting at my computer. I use Mailwasher and delete through Mailwasher all suspicious or unwanted mail (including the returned Mail messages). I have not had this problem before. I am using XP Home (and it is continually updated) and Windows Internet Explorer. I wonder whether the problem is with the computer of someone with whom I have corresponded by e-mail, or who has my email address on his address list. Can anyone give me some advice please. If I need to send a HiJackThis log I can do so.

And thanks iqweed for your reply to my introduction post


gleet

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:12:31 AM

Posted 01 October 2006 - 08:59 AM

Chances are that all the mail "returned" by a mailer-deamon, and which you are certain was NOT generated by your computer, was caused by your E-mail address being harvested from an infected computer elsewhere. Very often, malware and spam will attempt to disguise themselves as returned mail;sometimes this is evident when you expand the E-mail header.
If you thoroughly scan your hard drive with your updated AV, and one or two good anti-spyware applications, and these find nothing, then the problem is not caused by your computer, and most likely you do not need to submit a HJT log.
If, though, you are unsure after running these, then follow the instructions for posting:

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 gleet

gleet
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 01 October 2006 - 09:59 AM

Thanks John. I did scan with AVG, Spybot, AdAware and AMust Registry Cleaner and nothing particular came up. I have had three returned Mails today (somewhat less than over the past two days). I rather suspected that someone elses computer is infected and using my address as purported sender. MailWasher is very convenient for this problem.

Thanks again
gleet

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:31 AM

Posted 01 October 2006 - 10:36 AM

These (for me) generally fall into 2 categories:

1) Returned mail that a spammer has sent using my return email address
2) SPAM emails that are sent to look like they're returned mail - this will cause you to look at them because you wonder who you sent the email to.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:12:31 AM

Posted 02 October 2006 - 04:09 AM

Of course, you could be infected with a trojan.

I would recommend a couple of online scans specifically fro them:

Trojan scans
Sygate Trojanscan
http://scan.sygatetech.com/pretrojanscan.html

Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp

Parasite scan from Aumha:
http://www.aumha.org/a/noads.php
or here:
http://www.aumha.org/win5/a/noads2.htm

#6 gleet

gleet
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 02 October 2006 - 09:05 AM

Thanks John. I am still getting a large number of "returns" all coming from different Postmasters.
Thanks Enthusiast. I have scanned with WindowsTrohjan Scan and there is a null return. I tried Sygate (the web adddress you gave cannot be found by my computer but I got the address using Google). That scan gave me the following message "You have blocked all of our probes! We still recommend running this test both with
and without Sygate Personal Firewall enabled... so turn it off and try the test again." I am not sure what that means as I do not have Sygate Personal Firewall on my machine so far as I am aware. I could try turning off my Windows XP firewall. I also have Zone Alarm working on my machine. I am a bit loathe to download the "returned messages" and then open them up to see if they gives any clue as to where they are originating from or whose computer might be infected. I am however thinking of doing that.
Thanks again for your help.

gleet

Edited by gleet, 02 October 2006 - 09:05 AM.


#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:31 AM

Posted 02 October 2006 - 12:46 PM

Just a thought:

Your e-mail address may have been picked up by a spam-bot or something which is sending out spam in your name. To rule out that the problem is with your computer, go to a different computer or personally contact your e-mail provider and change the user name for your e-mail address.

Inform your important contacts of the new address, but tell them not to put it in their address book in case it's infected.

Wait a while and see if the returned mail problems cease. If they do, we'll know it was not an infection on your computer.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#8 hillbillygreek

hillbillygreek

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Location:SC
  • Local time:12:31 AM

Posted 02 October 2006 - 02:32 PM

I could try turning off my Windows XP firewall. I also have Zone Alarm working on my machine.

gleet


Although this may not be a direct cause of your problems, it is not necessary to use Windows Firewall at all since you have Zone Alarm running. Try running a test here: Shields Up

You didn't mention which email client you use to download your email after you preview it in Mailwasher so this is just an FYI: Outlook/Outlook Express are prime targets for email addresses being hrvested, the reason being that the address books are stored as a text file that is easily accessible. If you are using either of these, you should consider an alternative such as Thunderbird , Eudora , or The Bat .

#9 gleet

gleet
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 03 October 2006 - 08:39 AM

I am still getting mail returns at a rate of knots. In fact I do not have Windows Firewall turned on. I am considering changing my eMail client from Outlook express, but will that not be closing the stable door after the horse has bolted HillBilly Greek (are you a golfer by any chance)?. I tried Shields Up but It did not seem to give any result appertaining to my difficulty. Thanks Orange Blossom for your suggestions. It may be that I will need to change my E-Mail address. I am not sure what you mean by trying a different computer. Surely that would not affect any of the spate of "returns" I am getting?

#10 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:01:31 AM

Posted 03 October 2006 - 09:48 AM

You can use the rules or filters settings in OE to send the SPAM directly to your Trash. Just be careful with the syntax of the rule - otherwise you may end up "throwing out the baby with the bathwater".
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:31 AM

Posted 03 October 2006 - 11:16 AM

I am not sure what you mean by trying a different computer. Surely that would not affect any of the spate of "returns" I am getting?


If your computer is infected with something that can identify your user name, e-mail address or whatever, changing your user name on your computer will not solve the problem as whatever it is would know what your new e-mail address is. Changing it on a different computer would have an affect at least at first. Once you start reading your mail etc., if the problem is a result of an infection, you will begin to see new returned mails. Does this make sense?

I read that you have ZoneAlarm on. Is it identifying or blocking any outgoing messages that you have not sent?

In your shoes, I would really go for changing the user name rather than simply putting in filter rules given the volume and kind of bad mail you are receiving. It is possible that your e-mail address was compromised and something is sending out spam in your name. If this is so, you want that stopped.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#12 gleet

gleet
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 03 October 2006 - 11:58 AM

Thanks for your latest Orange Blossom. It has given me food for thought. If I continue to use my computer with a new eMail address, then if my computer is infected, I should continue to get returned mails, but if it is not my computer which is infected then the returned mails should stop (until someone with an infected computer puts my new address on their contacts address list). Do you think my reasoning is correct?

Thanks for your futher message John, Mailwasher does seem to be sufficient for my purposes generally, as very little if any spam gets through my screening. It is just that I would like to be able to stop this deluge of returned mails without marking each one individually for deletion in Mailwasher ( and also taking care not to delete a genuine returned mail message).

#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:31 AM

Posted 03 October 2006 - 01:02 PM

Do you think my reasoning is correct?

Yup, pretty much. You may notice a slight lag before you start getting bombarded again if the problem is on your computer, but it wouldn't take long.

Also, as a safety measure, never post your e-mail address on discussion boards, listserves etc. Always choose options that keep it hidden.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#14 The Old Vicar

The Old Vicar

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 05 October 2006 - 06:51 AM

My problem is different in that the e mails that are being returned to me are ones that I have sent. This is I understand a growing problem caused by postmasters automatically blocking mail from servers that have been used by spammers, whether they know it or not. I use Orange as my ISP and some, not all e mails are blocked. I tried using Yahoo mail to see whether that would get round the problem but the e mails to the same addressees were returned.

Any suggestions?

#15 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:31 AM

Posted 05 October 2006 - 07:12 AM

There are a lot of reasons for returned emails. Some you can control, some you can't. Mistyped addresses, blocked from receiver's email by intended recipient, recipient changing email address, blocked by antispam programs, too large email, etc. If you think you are being blocked because your computer is suspected of sending spam then you need to run some security scans. Especially if this is a recent event.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users