Email address being spoofed for spamming

[Setenza]

I have multiple email addresses. I use my Yahoo account for all those registrations and for competitions etc.

I received today a non delivery message for a bulk mailout that I did not send.

So my address is being spoofed

If enough people complain, then my address will get blacklisted I assume.

Tried to contact Yahoo about it, but they don't have any public phone numbers listed.

Spammers. They're scum and should be dealt with accordingly.

Here's the message. Don't worry about my email address being shown as it's already compromised.

What pisses me off most is, I recently upgraded my account with Yahoo afte paying £12.

Funny how the problem started after that.

Message from yahoo.com.
Unable to deliver message to the following address(es).

<alvinisagoodboy@yahoo.com>:
This user doesn't have a yahoo.com account (alvinisagoodboy@yahoo.com) [0]

<alvinjagroop@yahoo.com>:
Sorry your message to alvinjagroop@yahoo.com cannot be delivered. This account has been disabled or discontinued [#102].

<alwayspassionate1960@yahoo.com>:
This user doesn't have a yahoo.com account (alwayspassionate1960@yahoo.com) [0]

<alwayspathetic@yahoo.com>:
Sorry your message to alwayspathetic@yahoo.com cannot be delivered. This account has been disabled or discontinued [#102].

<alwayspeace74@yahoo.com>:
Sorry your message to alwayspeace74@yahoo.com cannot be delivered. This account has been disabled or discontinued [#102].

--- Original message follows.

X-Originating-IP: [125.182.114.79]
Return-Path: <@@@@@@@s@yahoo.com>
Authentication-Results: mta202.mail.re4.yahoo.com from=yahoo.com; domainkeys=neutral (no sig)
Received: from 125.182.114.79 (HELO 216.39.53.2) (125.182.114.79)
by mta202.mail.re4.yahoo.com with SMTP; Fri, 08 Jun 2007 08:07:57 -0700
Received: from 165.252.48.226 by 125.182.114.79; Fri, 08 Jun 2007 08:58:46 -0700
Message-ID: <TJBPQKHKNQBPNHKUNUUY@yahoo.com>
From: "@@@@@@@@@@s@yahoo.com>
Reply-To: "@@@@@@@@s@yahoo.com>
To: alvinisagoodboy@yahoo.com
Subject: save up to 7O% on the meds you need#
Date: Fri, 08 Jun 2007 16:58:46 +0100
X-Mailer: AOL 7.0 for Windows US sub 118
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--06811200693683348"
X-Priority: 3
X-MSMail-Priority: Normal

----06811200693683348
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit

<html>
<body bgColor=#ffffff>
<div align="left"><font face=Arial size=3>Hello, Would you like to spend less
on your MEDICATIONS ?<br>
<a
href="http://fixbiz.hk/?18879588">VlAGR@ Levltra CIALIS</a> and many other.<br>
</font><font face=Arial size=2></font><br>
<b><i><font color="#0072FF" size="+1"><I><B><font color="#003366">YOU NEED 15
MINUTES TO BE READY FOR ACTION.</font></b></I></font> <br>
<br>
</i> </b>
<table cellpadding="5">
<tr>
<td bgcolor="#CC99CC"> <i><b> - All popular drugs are available (Viagra,
Cialis,Levitra, Propecia and many many more )<br>
- Free shipping worlwide<br>
- No Doctor Visits<br>
- No Prescriptions<br>
- 100% Customer Satisfaction </b></i></td>
</tr>
</table>
<br>
</div>
<p align="left"><b><a href="http://fixbiz.hk/?18879588"><font size="+2" color="#003333">Click
here!<br>
<br>
</font></a></b><font face="Arial" size="+2"><font size="1">Have a nice day.</font></font><font size="+1"><i></i></font></p>
</body>
</html>


----06811200693683348--


*** MESSAGE TRUNCATED ***

[pixelpixel]

Its a spam trick....they fake failed delivery messages.

X-Originating-IP: [125.182.114.79]

I take it you don't live in Korea:

IP Address : 125.182.114.79 [ 125.182.114.79 ]
ISP : Dacom
Organization : PowerCom
Location : KR, Korea, Republic of
City : -, - -
Latitude : 37°00'00" North
Longitude : 127°50'00" East


Thanks for letting everyone else know your email address.

[stuart07970]

I suffered the same problem with my freeserve address (then wanadoo, then Orange!)

I took extreme action, but I have not received one single spam message in 9 months!!!

I can't fix your problem, but I can tell you what i did.

Get a mac, set up a .mac e-mail address, set up 5 alias's, give your e-mail address to no-one!!!

Dish out your alias's for all your needs.

If you start getting spam on one of them, just shut it down and open a new one.

[pixelpixel]

Quote:

Originally Posted by stuart07970

I suffered the same problem with my freeserve address (then wanadoo, then Orange!)

I took extreme action, but I have not received one single spam message in 9 months!!!

I can't fix your problem, but I can tell you what i did.

Get a mac, set up a .mac e-mail address, set up 5 alias's, give your e-mail address to no-one!!!

Dish out your alias's for all your needs.

If you start getting spam on one of them, just shut it down and open a new one.

Or you could apply a filter to your email box that only the people who you say yes to can send you emails the others go into the spam folder.

This rule would not work on the above as it has your email address as the from: and your email as the to: I get this the odd time, to me really nothing to worry about.

[LFC_SL]

Quote:

Originally Posted by pixelpixel

Or you could apply a filter to your email box that only the people who you say yes to can send you emails the others go into the spam folder.

Is this possible in "disposable emails"? (so called by avforums, even though some of us do not have their own isp and an isp email rant over)

Saying that, the viagra emails seem to have stopped in gmail now

[IronGiant]

XODs email addy removed by @@@@@@

Mod

[Setenza]

As I said, the email address has been compromised so it's no big deal. I only use it for registrations etc.

[Yandros]

I wade through thousands of spam emails at work every months. The spam war is a constant arms race.

My current arsenal...

blacklists
IP blocking
tarpits
honeypots
delete rules
bayesian and heuristic scanning
etc etc

They still get through

I could 'go nuclear' and emply some amazingly tough new methods, but you end up throwing away or blocking genuine mail.

Our mail servers learning is so good that they're practically self aware, and could probably hold quite lucid conversations on generic pharmaceuticals, stock market opportunities and deceased african royalty.

It's a constant battle. The source IPs are ever changing, as most spam comes from zombie PCs and fake domains. The good news is that if your domain is spoofed, it's usually for 2 or 3 days, because the spammers like to present a constantly moving target. The bad part is that for people like me, block lists are becoming pretty worthless. The target addresses are randomised. I get real addresses (some from over 5 years ago), permutations on real addresses (john.smitha, john.smithaa etc)and totally random ones. Spam content now heavily features dictionary attacks, and text disguised in images, always with random filenames. A high % of spam has a virus payload.

The best advice I can give, as others have said, is to guard your email address, and have disposable ones if possible. NEVER, EVER put your email address on a website.

Xusia, the good news is that I've never been blacklisted as a result of being spoofed. I don't think experienced mail admins bother, because spoofing is so rife. I never bounce back undeliverable spam because firstly it signals that your server exists, and secondly, 99% of the time, the address is bogus and you end up with undeliverable messages bouncing back from your own server, generating YET MORE spam I get angry not only with the spammers, but the muppet IT people who bounce spam, and don't let it drop into a black hole.