Now I suspect, for once, that this problem is not down to Orange, and I've done a bit of reasearch, but I'd value this community's advice.
Since yesterday I have received over 1000 (yes one thousand) emails. It appears that my email address has been hijacked by a spammer who has sent out spam as if from our account (or rather gobblygook@my freeservedomain). I'm now receiving all the "message not deliverable" type messages as these emails get bounced.
I've checked and I'll do a further check tonight, but I don't think I've got any viruses/spyware etc on my machine.
My specific questions are:
Although it appears to come from us, are the emails actually coming from a non-Orange mail server?
How come it is so easy to fake someone's email?
Is the torrent of emails likely to abate as the spammer moves on to another hijacked address (as mine will have been widely blacklisted by now)?
Is there anything I can practically do, apart from grinning and bearing it or shutting this account down - and remembering to notify all the organisions and websites which have this email address, often as the login ID?
(I've sort of answered this bit myself in that I've already set up new email addresses with 1&1 Web Hosting as stage 1 of Operation Dump Orange)
If I report the problem to Orange, is there a danger that the idiots will shut down our email accounts before I'm ready?
And finally, is there any chance that Orange could be at all to blame, as in some strange perverse way that would make me feel better?
Right click on Sender name,
click Properties,
click Details,
click Message Source.
Look for the "Received from" line just above "X-ME-UUID", there you should see an IP address. Highlight it and copy it into whois-search.com. Then look for the "report abuse" contact for that ISP.
I had the same problem but with persistence the spam stopped after 2 weeks.
Site AdminJoined: 07 Apr 2006Posts: 784Location: United Kingdom
Hello David T
A few things you should be aware of...
1. Orange, in fact Wanadoo (before it became Orange), had a major breach of security about a year ago. This was highlighted here at OrangeProblems.co.uk - see here. At the time, Wanadoo promised to contact all customers that were affected by this security breach although we have yet to hear from anyone that was actually contacted! There were 20,000 customer details exposed - you would have thought at least one would have dropped by here by now!
2. PlusNet have recently had their email servers hacked... So if you have a friend with a PlusNet email account who stored your Orange email address in their address book, it is likely that they now have your email address!
3. Yes it is very easy to spoof somebody's email address to make it look as if the email came from the spoofed address. However, as nhyder points out (see above), you can sometimes trace the ip address from which the email came from - i.e. the person that used your email address did not necessarily log-in to your webmail system, - in fact, very unlikely that they did this.
Joined: 13 Aug 2006Posts: 1689Location: Marylebone Central London
Hi i agree with above its very unlikely anyone has got into ur account when i was with Orange i also was getting 500 upwards of spam a day the email address is still open (which i havnt used since long before i left Orange) and still getting inundated with spam i asked Orange if they would give me a new email address last year their answer "yes we can do that we will close your account and re-open it with a new email address and a new 12 month contract" i refused of course.
Freeserve/Wanadoo/Orange email addresses are easy to spam because of the nature of the address my old address was name@lock**.freeserve.co.uk any name that was put before the @ would have got to me no problems and spammers know that.
Heres a link i saw yesterday in the latest Webuser about the top targetted ISP's for spammers HERE
I would do what nhyder has suggested.
Last edited by stevelondon on Wed May 23, 2007 5:21 pm; edited 1 time in total _________________ ex Freeserve/Wanadoo/Orange Blog
Personally, I think we have a duty to the ISPs to report any abuse. They don't want it passing through their servers (= slowdown) and sometimes unless it is reported they may not immediately know that they're being used.
When I received mega-spam, ISPs from practically every continent were being used. If you have 1000+ messages then select the top 10 ISPs to target.
One point I did forget, copy the whole of the "Message Source" data into the body of your email to the ISP, subject head your email "Report of spammer abuse using IP xxxxx" or similar with just the Message Source details that's all you need to do, no need to make any other comments. If the whois IP data doesn't display a "report abuse to" address (most do) then send it to whatever email address is shown, Postmaster for example.
Believe me, it does work and it is worth the considerable effort !!
Joined: 31 Mar 2007Posts: 83Location: Leyton, North-East London
Just FYI...
A few months ago I started getting loads of mail rejections that must have
originated from a spambot or two. Eventually, they dried up without action
from me and they never recurred. I now get shedloads of offers to cure my
erectile dysfunction, however...
When I right click on "sender" and click properties I don't get details or message source. What am I doing wrong?
One glimmer of light: no more large batches of bounced emails since earlier today.
When your in webmail click on one of your spam emails to open it then click on the "Show Full Header link to the right along the subject line there you will see the senders IP address.
_________________ ex Freeserve/Wanadoo/Orange Blog
David, you wrote:
Since yesterday I have received over 1000 (yes one thousand) emails. It appears that my email address has been hijacked by a spammer who has sent out spam as if from our account (or rather gobblygook@my freeservedomain). I'm now receiving all the "message not deliverable" type messages as these emails get bounced.
Answer:
When spammers send out millions of emails they will NEVER use their own address and always take someone else's email address, or simply make up a random address which sounds like it might be a real address. This does not mean they have hi-jacked your account. They have no idea whether your account even exists or not. They don't care. They just put the sender address as a random real sounding address, which, unfortunately for you happened to be your real address.
This means that whenever they send an email, i^t's your address which is shown as the return address. Now most people don't respond to spam (luckily), but unfortunately many servers are set up to automatically reply to messages that they can not deliver, or to let senders know the recipient is away on holiday or that their mail box is full. Of course when they reply, they reply to YOU! The mail you are receiving is thus not the SPAM itself, but rather the bounces from servers which are refusing the incoming mail from the spammer for some reason. Since the address of the sender was a fake address (your address in fact), they end up replying to your address that the message is undeliverable.
Probably in a few days they will stop sending these emails purporting to be from your address, and start a new email campaign using a different return address. That means the "bounced" emails should soon stop arriving.
You could set up a filter on your pc to put all mails with the word "undeliverable" into your trash can. Alternatively Orange may even let you do this on their web-site if you log in. (I am not sure about this, but many email services will let you manage email and set up online filters or "rules" before the mail gets to your computer).
Thanks Trickyt.
I think I did know most of that, but thanks for clarifying.
I use mailwasher or web access anyway to zap unwanted emails before they can get to my PC.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
