I posted this in the other "hacked email" thread, but realize that as it doesn't have anything to do with a hacked email, it probably wasn't a good place to ask my question. It kinda got lost.
The most recent one I got hit with, other than the huge amount of "normal" spam (normal amount is a few hundred or more per day), is to have my inbox pummeled with "message undeliverable", which have attachments of spam (viagra, canadian pharmacy, various languages, etc.).
By pummeled, I mean -- and we kept track of the number -- 2,561 in a 6 hour period. Our email program is designed to check email every two minutes -- every time I would watch as 40-60 of them were downloaded. I was being driven crazy that night. Our webmail host tweaked the server (saying they had also received "a few") and we were fine for a few days. Over the next few days we received maybe a few hundred.
Two days ago we were hit again -- this time the count was something like 1500. Today it's about 20-50 an hour.
The tech guys say they are not real emails being sent from our account even though it has us as the sender, as that was the first thing that concerned me (we are, after all, a business and the last thing we need is spam being spoofed from our account to customers). I ran multiple scans and there were no viruses, worms, etc. We have a firewall and anti-virus running at all times. No one downloads anything without a scan first, and never downloads a thing from emails.
The interesting thing is that it goes crazy with sending/receiving, then it will be quiet for many hours, then we'll get blasted again for a few hours (except for the first time when it went on for hour after hour and I nearly lost my mind). Unfortunately I have to check any "message undeliverable" if it comes in after I've sent something out. We can't block ISPs by simply blocking, for example, .ru because we get legitimate emails from all over the world.
It is still going on each day, although not to the extent as the first couple times. If anyone has any thoughts on this, I'd love to hear it.
Maria
Posts: 1151 | Location: London area now! | Registered: 10 November 2001
I have had a work email "spoofed" and I hate it but don't know how to prevent being "spoofed".
To deal with the influx of replies, I would set up a special folder and filter the messages so that every message with the subject "message undeliverable" is automatically sent to that new special folder. I might include any message from a "system administrator" to go to that folder.
Maria, I wish I had some good advice but I don't. I suspect the spammers have an automated program which is spewing all this stuff out.
It sounds like you are working with your technical staff. That is probably the best thing and to work with your ISP. Hopefully, it will stop after a few days.
They already are tagged as spam automatically and go straight into the spam folder, so that's one good part of it. Because of the heightened spam filter, every message's subject line has to be at least looked at because we've had to rescue a few occasionally. The good thing is that it is definitely not coming from us (we're not sending out spam that is coming back).
As for the tech staff at our ISP ... unfortunately they're pretty worthless. After the 2,500(ish) ones we got the first time, their only answer was to "up the level" on the spam filter attached to our account on the server It basically only brought the number down. I left them ALL on their server for them to deal with and delete when they got any information they needed The tech staff here is pretty basically me, and when I can't figure something out, then I call the webmail host company and tell 'em to make it stop
I just wish they could trace the ISP that's spewing out this program. The spammers are good, no doubt about it -- even my old friend "Hector" who always threw me email after email. We were finally able to block him and all was quiet for about three weeks ... until he/she found another ISP with another name. Too bad he/she didn't bother changing the virus attachment or the subject line!
Posts: 1151 | Location: London area now! | Registered: 10 November 2001
The spammers are spoofing your address in the return address field. It's called backscatter spam or a "joe job". Here's a good link explaining it: http://secondwheel.googlepages.com/backscatter
And here's a simple explaination from another site:
quote:
I wanted to talk about spam for a few moments. There is a format of spam out there that is getting through the server filters and workstation junk mail filters. This form of spam is what many are calling it, "undeliverable spam". The spammer has already verified that your email account exists. When he sends you spam, it goes right the junk mail folder or is scrapped by the server so what the spammer will do is send out spam to an email address that does not exist like 232k1kxc!@yahoo.com and in the sender data they will put your email address as the person that sent the message.
The message is naturally rejected by Yahoo! and is sent back to the sender as "Undeliverable:..." and since those kinds of messages are usually legitimate, your spam filter won't block it and thus your inbox is flooded with spam. The user is even more anxious to see what's going on when they see undeliverable and want to know what they sent that didn't make it. So spam filters don't block it and the spammers get you to read the message. This is common and the only resolution is to create a filter and places all messages with "Undeliverable" in the subject line in the Junk folder.
Posts: 304 | Location: Chicago area and Tuscany | Registered: 26 March 2006
Slow Travel Talk 
It basically only brought the number down. I left them ALL on their server for them to deal with and delete when they got any information they needed 
The tech staff here is pretty basically me, and when I can't figure something out, then I call the webmail host company and tell 'em to make it stop 
