Hundreds of bounce messages - advice please

#1
Logged on to download my e-mail this evening and received about 400 messages, every one of which looks like genuine message saying that my message has been blocked as spam or refused by bulk mail server, etc, etc.

They've been coming in since 0500 this morning at a rate of one evey few minutes and they're still coming...

I don't run a server - just a normal PC. I have Norton firewall and run anti-virus and anti-spyware scans regularly.

I'm not an expert at reading e-mail headers but they seem to indicate that someone in Russia has sent a spam run using my e-mail address as the return address :cry: I'm a Demon Internet customer whcih means I have an infinite number of e-mail addresses XXXX @ mydomainname.demon.co.uk and these returned mails are all coming to different versions of XXXX. It seems to be alphabetical and so far I'm only getting the Es 8O

Any advice on what I can do other than delete the stuff on the server (via webmail) or speak to Demon tomorrow (not sure what they can do either?) Headers of a typical post below in case anyone can tell me anything from it. This is the "message you sent" headers in a "returned mail" message so allegedly this is what I sent.....

Received: from ppp91-122-36-58.pppoe.avangard-dsl.ru (localhost [127.0.0.1])
by barracuda.macalester.edu (Spam Firewall) with ESMTP id 5E024CE9242
for <tlee@macalester.edu>; Tue, 18 Mar 2008 17:58:02 -0500 (CDT)
Received: from ppp91-122-36-58.pppoe.avangard-dsl.ru (ppp78-37-120-106.pppoe.avangarddsl.ru [78.37.120.106]) by barracuda.macalester.edu with ESMTP id gQ9vdKLtFDpry816 for <tlee@macalester.edu>; Tue, 18 Mar 2008 17:58:02 -0500 (CDT)
Message-ID: <000801c8894b$85d9b8d0$3a247a5b@user>
From: "Bonita kleczek" <Bonita-duisitor@mydomain.demon.co.uk>
To: tlee@macalester.edu
Subject: dschroef
Date: Wed, 19 Mar 2008 01:58:04 +0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--------=_NextPart_000_0004_01C88964.AB26F0D0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
 
#2
I had this a couple of years back. I checked everything, and even asked for advice on here.

http://www.arrse.co.uk/cpgn2/Forums/viewtopic/t=29558/

I was told that spammers were using my e-mail address as a return address for their spam.

I ended up having to drop that e-mail account.
You may find that it's the easiest way out of this problem.

Best of luck.
T_T
 
#4
Thanks guys - I was afraid it might be something like that - I assume 78.37.120.106 is the IP address of the spammer?

I've been a Demon customer for many years but they aren't the cheapest and I was considering changing. Any tips for a good broadband ISP? I don't need webspace but multiple e-mail addresses is useful.

Edited to add a had some spam this week which appeared to come from a friend's AOL (spit!) address. I had a message from him yesterday saying that his AOL address book had been hacked and as AOL would not sort it out he was closing the AOL account. Could the two things be connected - i.e. could the spammers have got my address from his address book?
 
#5
I have had this problem with demon in the past. Here is the official advice from them.

I never sent this mail, why was it returned to me?
The most likely explanation is that spam was sent to one of our users, possibly you, and was then rejected by our servers. At this point, the server that attempted to send the spam returned a Delivery Status Notification (DSN) message to the address in the Return-path of the mail. In this instance that address was yours and hence why you have received the DSN. You can either delete the DSN or, if it includes the headers of the original mail, you can file a report with the originating ISP.
If you find that you are receiving a large number of these DSNs then you may wish to make use of our Discard DSN feature. When enabled this will silently discard any DSN including legitimate ones for mail you have sent. As such we only recommend that you enable this for a short period of time while you experience any problems.
You can enable or disable the Discard DSN feature at any time by logging into the WebPassword control panel:
https://www.password.uk.demon.net
 
#6
scaryspice said:
Could the two things be connected - i.e. could the spammers have got my address from his address book?
Yes, you've been 'joe jobbed'.

msr
 
#7
Thanks mr_stabby I hadn't spotted that option. Now activated. As I received 500 more this morning it should help a great deal.

msr - I knew there was an expression for this situation but had forgotten what it was - thanks. Who's Joe? :)
 

Similar threads

New Posts

Latest Threads