07-17-2011 12:36 PM
Someone or something has taken over one of my email accounts. I'm getting 30-40 returned emails a day that I didn't originate with the message as shown in my subject. Earthlink hasn't been much help and keeps coming back to saying I should run my anti-virus software (NIS 2011). I've done several complete scans but have found nothing. I have also changed my email password to something much stronger but that has not helped. I am attaching one header from a returned email. Thoughts on how to resolve this?
07-17-2011 12:46 PM - edited 07-17-2011 12:51 PM
You are probably the victim of email address spoofing - spammers are putting your email address in the "From" field of the messages they are sending and you are receiving the bouncebacks, just as you would get letters returned by the post office if someone were putting your street address on the envelope as a return address. Since your email account and computer are completely uninvolved with the shenanigans, scanning won't help and there is really nothing you can do about this except wait it out (spammers usually abandon an address pretty quickly) or change your email address.
If your contacts are receiving the spam, then your account was compromised and you would need to take additional steps besides changing your password in order to re-secure your account. Again, though, the spam is probably not being sent from your account, so the trouble may continue for awhile, even after you have barred further access to your account by the spammers. See the following for suggestions on securing your compromised account:
07-18-2011 06:55 AM
Thanks for the reply/answer. The problem appears external to my computer, which is good. The bad is that I pride myself in running "clean". This is really disturbing!
07-18-2011 12:10 PM
Is there evidence that your account was actually compromised, such as everyone in your contact list getting spammed? If so, you were probably tricked into entering your account login information on a fake site somewhere. These can often be almost identical to the real site, so don't feel too bad if you were phished. On the other hand, if your account was not actually accessed, then the spammers may have gotten your email address from one of your friend's contact lists, in which case you are a completely innocent bystander and there is nothing you could have done to prevent the email spoofing.
07-18-2011 12:27 PM
Strangely earthlink.net is one I never allow mail from. I have banned it server-side.
This is because I was getting so much spam years ago from senders who had had their email addy hijacked.
Not impressed to see that it is still happening to earthlink accounts!
07-18-2011 12:49 PM
Thanks for helping me understand what is happening. I checked and it appears everything is going to .ru (Russia)? The content appears to be in slovic characters?? BTW, over 30 "returns" in just 3 hours!
07-18-2011 01:00 PM
Most likely, a botnet controlled by Russian spammers is using lots of zombie computers to send spam, and your address is being used on some of it. Usually, the spammers will abandon your address in a short time. Keep your fingers crossed.