Spam email from my own address?

Jimbo · May 01, 2010, 09:32:32

Hello!

I seem to be getting spam from my own email address? Any ideas on how to try and stop this? Or is it just pretending to be from me and using my idnet address in the title?

I've changed the account password to a very strong password, yet I still seem to get them coming through. No viruses or spyware on the PC, although I may try a scan in safe-mode.

It's not really annoying me, spam is spam, just took my eye when I saw my own idnet address and Thunderbird reporting it was "from" me and "to" me. lol.

Thanks.

pctech · May 01, 2010, 09:52:48

It does not mean that your account has been compromised, the address may have been harvested froim the address book of a contact.

Alas, there's very little IDNet or any ISP can do about this.

JB · May 01, 2010, 10:09:11

As said, there isn't much you can do to stop this email being generated. It is a common way of sending spam as the recipient is curious why it 'appears' to come from his/her own address and usually reads the message. I'm fairly sure your address has been harvested from either some mailing list/forum or the compromised computer of a friend who has you in their contact list.

One 'fix' if your email software allows it, is to reject or immediately delete any email which has your full email address in the from field. Most people don't send themselves email so the at least stops you seeing the spam.

HTH.

Edit: Just noted you are using Thunderbird. Use the filters to move to junk and mark read any email from your address.

Jimbo · May 01, 2010, 10:15:47

Helpful as always! Thanks again!

Cheers!

Rik · May 01, 2010, 10:18:18

It might, but only might, be revealing to look at the header, Jimbo.

DorsetBoy · May 01, 2010, 10:23:22

They use an "envelope" which makes the mail appear to come from your own address,this is done to prevent spam filters blocking the mail,you obviously cannot block your own address.

Look at Headers to get the original sender and try to block them out. If all else fails change address.

pctech · May 01, 2010, 11:01:29

If you can get an IP from the headers try running it through RIPE http://www.ripe.net as it may tell you who the service provider is.

Jimbo · May 01, 2010, 18:27:40

Thanks for the help. One has just arrived earlier on, but I'm struggling to setup a filter to move it to Junk. Any ideas? Here is the header:-

Code Select

From - Sat May 01 17:45:54 2010
X-Account-Key: account7
X-UIDL: 000011da4a3697ba
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <manipulation-ventil@amateurmatch.com>
Delivered-To: <MY EMAIL ADDRESS>
Received: from smtp-out.idnet.com (smtp-out.idnet.com [212.69.36.238])
	by mail.idnet.com (Postfix) with ESMTP id AA8BB2AC0FD
	for <MY EMAIL ADDRESS>; Sat,  1 May 2010 16:51:10 +0100 (BST)
Received: from localhost (unknown [127.0.0.1])
	by smtp-out.idnet.com (Postfix) with ESMTP id 9758F2D71FC
	for <MY EMAIL ADDRESS>; Sat,  1 May 2010 15:51:10 +0000 (UTC)
X-Virus-Scanned: amavisd-new at idnet.com
Received: from smtp-out.idnet.com ([127.0.0.1])
	by localhost (smtp-out.idnet.com [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id R9H3+bzcjBDD for <MY EMAIL ADDRESS>;
	Sat,  1 May 2010 16:51:09 +0100 (BST)
Received: from mail.idnet.net.uk (mail.idnet.net.uk [212.69.36.63])
	by smtp-out.idnet.com (Postfix) with ESMTP id 77D052D7247
	for <MY EMAIL ADDRESS>; Sat,  1 May 2010 16:51:03 +0100 (BST)
Received: from [127.0.0.1] by mail.flexonet.com (GMS 15.02.3689/NU3963.00.7ca42f0c) with ESMTP id duaooica for <MY EMAIL ADDRESS>;
 Sat, 1 May 2010 16:51:03 +0100
Received: from [109.71.206.55] by mail.idnetfreemail.co.uk (GMS 15.02.3689/NU3963.00.7ca42f0c) with SMTP id mvznoica for <MY EMAIL ADDRESS>; 
 Sat, 1 May 2010 16:46:23 +0100

Here is what the RIPE Database says for IP 109.71.206.55 which I got from the Header:-

Code Select


% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '109.71.204.0 - 109.71.207.255'

inetnum:         109.71.204.0 - 109.71.207.255
netname:         UICARD-NET
descr:           UralInterCard Net - Broadband P2P clients
descr:           Miass, Russia.
country:         RU
admin-c:         KVV19-RIPE
admin-c:         VVK17-RIPE
tech-c:          KVV19-RIPE
tech-c:          VVK17-RIPE
status:          ASSIGNED PA
mnt-by:          UIC-MNT
mnt-lower:       UIC-MNT
mnt-routes:      UIC-MNT
source:          RIPE # Filtered

person:          Vladimir V Kravtsov
address:         90 Parkovaya street, Miass
address:         Russia 456304
phone:           +7 351 355 1251
fax-no:          +7 351 355 4995
e-mail:          vvk@uic.ru
nic-hdl:         VVK17-RIPE
source:          RIPE # Filtered

person:          Valery V Kozlov
address:         90 Parkovaya street, Miass
address:         Russia 456304
phone:           +7 351 355 1251
fax-no:          +7 351 355 4995
e-mail:          kvv@uic.ru
nic-hdl:         KVV19-RIPE
source:          RIPE # Filtered

% Information related to '109.71.204.0/22AS28703'

route:           109.71.204.0/22
descr:           RU-Ural-Intercard
origin:          AS28703
mnt-by:          UIC-MNT
source:          RIPE # Filtered

% Information related to '109.71.206.0/24AS28703'

route:           109.71.206.0/24
descr:           RU-Ural-Intercard
origin:          AS28703
mnt-by:          UIC-MNT
source:          RIPE # Filtered

Thanks again.

Rik · May 01, 2010, 18:36:11

I'm not familiar with TB, Jimbo, what level can you filter down to. If possible, block SMTP id mvznoica, but meantime run a virus and malware scan, just to be sure.

Niall · May 01, 2010, 18:56:47

I had this when I ran my website. It was impossible to block the emails, unless you set up filters for specific words in the subject. At one point I was getting over 70 a day.

Jimbo · May 01, 2010, 19:13:31

I don't think I can block by the SMTP ID Rik.

You can do the usual, From, To, Subject, etc.

Google is not proving very helpful either. I would have thought I could get some sort of plugin to Thunderbird that would help.

Rik · May 01, 2010, 19:30:18

I don't know whether this would get deep enough, Jimbo:

QuoteEach time you mark messages as spam, Thunderbird "learns" and improves its filtering so you can spend more time reading the mail that matters.

Jimbo · May 01, 2010, 19:30:54

Quote from: 6jb on May 01, 2010, 10:09:11
As said, there isn't much you can do to stop this email being generated. It is a common way of sending spam as the recipient is curious why it 'appears' to come from his/her own address and usually reads the message. I'm fairly sure your address has been harvested from either some mailing list/forum or the compromised computer of a friend who has you in their contact list.

One 'fix' if your email software allows it, is to reject or immediately delete any email which has your full email address in the from field. Most people don't send themselves email so the at least stops you seeing the spam.

HTH.

Edit: Just noted you are using Thunderbird. Use the filters to move to junk and mark read any email from your address.

Thanks, that is what I've ended up doing. Move any mail with my email address in the "From" field to Junk. Like you say, I would never email myself from my myself.

Seems to have worked OK.

Thanks!

Rik · May 01, 2010, 19:33:08

Wait till you want to send a test message.

Jimbo · May 01, 2010, 19:38:55

Quote from: Rik on May 01, 2010, 19:33:08
Wait till you want to send a test message.

Rik · May 01, 2010, 19:43:10

JB · May 01, 2010, 19:53:06

Quote from: Jimbo on May 01, 2010, 19:30:54

Seems to have worked OK.

Thanks!

No problem. I hope it catches most of the rubbish. Just remember to clear out your junk folder occasionally