1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Please help me stop an automatic spammer from my email address.

Discussion in 'Security and Privacy' started by Forsaken Knight, 2010/07/18.

  1. 2010/07/18
    Forsaken Knight

    Forsaken Knight Inactive Thread Starter

    Joined:
    2007/12/01
    Messages:
    501
    Likes Received:
    0
    Trophy Points:
    106
    Location:
    The Sun Shine State.
    Computer Experience:
    beginner
    I have been having a problem for a while and would like to finally put it to rest. The problem is that their are emails that are being sent from my email address, that I do not send. I have done an ask/answer question thread on the www.yahoo.com web site, where my email address is located. I was given information there as to what to do, but I do not know how to go about using the information, and implementing it. I have my email address in my contact list, so this is how I know that my email is sending these emails out. I have changed my password many many times. I have made my password more complex than the last one. Even so, I still see that my email is still sending out spam emails. I want to stop this. I do not want to close my email address. That would be the same as saying to the spammer, "Fine, you win ". I do not want that; instead, I want my actions to say, "No more of this ". Therefore, I would like help in this matter to resolve it, once and for all.

    The thread on the yahoo answers section is located here.

    http://answers.yahoo.com/question/i...x0lZ7.Hty6IX;_ylv=3?qid=20090802112835AANJS9e

    The title of the question is, A problem with a specific spam mail I get.?

    The most recent spam email from my email address has the following when I click on its "full header ". Please tell me how to read this.

    X-Apparently-To: nelsonarucas@yahoo.com via 67.195.15.198; Fri, 16 Jul 2010 23:39:52 -0700
    Return-Path: <krissee34@adventinc.com>
    X-YahooFilteredBulk: 94.69.213.78
    Received-SPF: neutral (mta1028.mail.ac4.yahoo.com: domain of krissee34@adventinc.com is neutral about designating 94.69.213.78 as permitted sender)
    X-YMailISG: Q5tZCH8cZAqDzX2yV.JHx6lPiOzkZUdanrssd1VRcxuT2HKb g9FARjkdQVt.jfeOJzxrWUOcAhcwGj3OqBPLCQWBsekw7kEzQmOOYLmjeJcS cHhEbmTyMqKdvOU.QJdzI0mGYiEb1MKQGCLHGEXdBssBk642WfKtrHJxOSGX 8l35I12ZhYdGTlHlDhfUkzCbtimPYL.32EgDSIIeD9j0uJH3h4v1XBYbjn1H yDb4ZtFIhQsMsLnSJwrncdqUNIHje5KedF28J4HnFXvEmXtM9XE4DOUhzECX PQTx4Fe0XTbULG8gMp9akpcPC9pv_AKEQTD.xTcn.NhRPKsarcbpG0vrV0QJ 94uldEUw3SwpheXcKxqROJHrllI0s.6v24RvxHU5mmQISyfdtcywgZmjCosc _ty3weyuUTvXk1j9Lj5_nzhhIt4LG.OaaM75QkB__e8T.ggqgsma0VLstlhq DuCPCsGTF_6Q_pemud4Xx4sBv_M3n8k8FuuqQMlI7CfDY56m.eqWMrtsq5xv WzbKs9cyYWIrrTz.dwiaJkXaniQ0fwJPGiACq_czgrM.zzlCECOKytgGqUE-
    X-Originating-IP: [94.69.213.78]
    Authentication-Results: mta1028.mail.ac4.yahoo.com from=yahoo.com; domainkeys=neutral (no sig); from=yahoo.com; dkim=neutral (no sig)
    Received: from 127.0.0.1 (HELO ppp-94-69-213-78.home.otenet.gr) (94.69.213.78) by mta1028.mail.ac4.yahoo.com with SMTP; Fri, 16 Jul 2010 23:39:52 -0700
    To: <nelsonarucas@yahoo.com>
    Subject: vacancy #762
    From: <nelsonarucas@yahoo.com> View contact details
    MIME-Version: 1.0
    Importance: High
    Content-Type: text/html
    Content-Length: 1694


    Please help me put an end to the spam once and for all.

    Thank you all in advance for helping me out with this issue of mine.

    sincerely,

    FK
     
  2. 2010/07/18
    Forsaken Knight

    Forsaken Knight Inactive Thread Starter

    Joined:
    2007/12/01
    Messages:
    501
    Likes Received:
    0
    Trophy Points:
    106
    Location:
    The Sun Shine State.
    Computer Experience:
    beginner
    the person who replied to the question I asked in regards to this problem offered the following advice. The following is from "Martin G "

    "
    One possibility is that the spam is being sent to you from your own account. The spammers who do that usually send to everyone in your address book. Changing your password can stop that.
    You could have a virus. Scan your computer with a reputable product.
    The spam can be from elsewhere with your email address forged. You don't mention getting delivery failures or other responses, so the spam program may be set to automatically forge the recipient as sender for each email. Can you fight back? Yes.
    Here are some tools that will help:
    Traceroute is available at
    http://www.opus1.com/www/traceroute.html

    ARIN whois on IP numbers is available at
    https://ws.arin.net/whois/

    How to use them? Well, at those sites, read any available advice on how to interpret what they mean.

    You will need to open the email to show complete headers. Different programs have different ways to select this. Sometimes it is called "View Source ". In Yahoo, you will find a link "Full Headers" to the bottom right of the message. You need these, because dirtbag spammers can forge addresses, but somewhere in the headers are probably IP (a.k.a. DNS) numbers that will identify their hosting service. They are in four groups of 1-3 digits. There may be more than one. Some may be from the internal network, some will be from the provider used to access the internet, some may be from an addition site (e.g. webmail), some may be forged, and some may or may not be added by your own email service. In general, deeper is usually close to the spammer. If the ones at the top are for your own service provider, look deeper. The headers should have numbers that will enable the host to identify the account that was used.

    It's a good idea to open a text editor like Notepad to keep notes when you are working up a spam.
    Look up the IP numbers in the whois of the Regional Internet Registry (RIR). There are five in the world, and the one to use depends on the location of the spammer's host. I usually start with ARIN.
    U.S. and Canada
    https://ws.arin.net/whois/
    Asia Pacific
    http://www.apnic.net/apnic-info/whois_se…
    Africa
    http://www.afrinic.net/
    Latin America
    http://lacnic.net/en/index.html
    Europe
    http://www.db.ripe.net/whois

    The spamvertiser is the company for whom the spam was sent. If there is a link in the email, the displayed text may not show it correctly. Right click on the link, and select Copy Shortcut. Paste that into your notes. Find the domain and do traceroute to resolve it to its IP number, which it should do at the top of the traceroute report. Copy that number to your notes. Do ARIN lookup.

    It may be safer to skip the above step (unless you are using linux or a Mac). Sometimes the link will trigger downloads of malware if you left click it.

    For example, if I do traceroute on yahoo.com, it shows me IP number of 209.191.93.53, which ARIN shows is registered to Yahoo. Get the abuse address for the host of the spamvertiser.
    You can now forward the spam, with full headers displayed, to the abuse departments. I like to include a note that says something like:
    Spam from [ip number from header] hosted by [registrant of that IP number]
    for spamvertiser [link from coped shortcut] at [ip number from traceroute] hosted by [registrant of that IP number]

    Some email programs will include the headers when you forward, but Yahoo trims them out. To make this work, with the spammers message open and Full Headers selected, select and copy the headers. Paste into your notes. In your forwarding you can write: "Here are full headers" and copy them from your notes and paste them in above the forwarded body of the spam.

    I like to send a Bcc to myself to show that my email, went through, to keep a record of the report, and to see how it is displayed to the recipient.
    "

    Please tell me how I should go about doing this, in order to stop the spam emails. In addition, if there is any additional method I should do, please state the additional methods as well.

    Thank you for your time, I look foward to hearing a response from the windowsbbs.com team.

    Sincerely,


    FK
     

  3. to hide this advert.

  4. 2010/07/19
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    14,903
    Likes Received:
    379
    Trophy Points:
    1,093
    Most important point: with Yahoo you can not have a secure email password. Yahoo doesn't offer https for their email login, thus passwords are always sent as "plain text ", so there for all (with some knowledge) to see.

    Your computer could also be infected with Malware that 'gives' away your password as you change it.


    The above is assuming that the spam is actually send from your account, which most of the time is not the case, as we have discussed on this forum before:

    http://www.windowsbbs.com/general-security/93358-junk-mail-sent-me-me-howd-happen.html

    http://www.windowsbbs.com/general-security/90928-email-spam-sent-my-account.html
     
    Arie,
    #3
  5. 2010/07/19
    Forsaken Knight

    Forsaken Knight Inactive Thread Starter

    Joined:
    2007/12/01
    Messages:
    501
    Likes Received:
    0
    Trophy Points:
    106
    Location:
    The Sun Shine State.
    Computer Experience:
    beginner
    so what can I do?

    I would like to know if there is anything that I may do in order to fix this problem.
     
  6. 2010/07/20
    Arie

    Arie Administrator Administrator Staff

    Joined:
    2001/12/27
    Messages:
    14,903
    Likes Received:
    379
    Trophy Points:
    1,093
    If you know for sure that your computer isn't infected with Malware (Read this post, then post the requested log(s) in the Malware and Virus Removal forum), the only other thing to do is to abandon Yahoo mail for a Web mail that does protect their system with https (Gmail, Live mail & most others).
     
    Arie,
    #5

Share This Page