How can I stop spam coming as if from my email account?

[Chacara]

I'd like to get a piece of advice from our IT experts, if possible, how I can stop the spam/email spoofing that started a couple of weeks ago and is very annoying for my friends and me. I've already tried everything I could, but these spam messages continues coming. Also, I feel guilty that they all suffer because of my imprudence...

I suspect that somebody stole my address book information when I once used Skype (that was linked with my email) at my friend's house a few days before. She told me that there was an anomaly with her FB (her friends received a strange message from her that she hadn't sent), but I didn't think her computer might be infected, since she had an updated antivirus program and was doing a full scan regularly.

After the spam had started coming, I've alerted my friends against opening attachments and/or links in the strange messages coming as if from my hotmail address (the name in the "From" field is different, but it is followed always by my email address!) Also, I've unlinked my email account from Skype and changed my security settings and passwords. There are no such messages in my sent folder, so I presume that the spammer doesn't really send them from my account. Also, I've verified on a few appropriate websites if my account was hacked and the result was negative.

Every time when such a message comes, I identify the IP address of the spammer in the Full Heading and write a complaint to the company providing internet connection for this IP address. It is always the same company, but in two different countries: USA or UK. This company normally sends me a polite reply that "this customer has been cancelled due to fraudulent activity" or something similar. Since the IP address is different each time except for the first two blocks of digits, I've finally requested to block ALL IP addresses that start with those two blocks of digits. The reply was: "At this time this customer has been removed from this IP'', but today the spam has restarted coming after a few days of "rest".

At the Full Header I can see that this spam comes always from "uol.com.br" server, but I don't know if this info is of any help to me. However, I advised my friends to set up their filters in the email accounts to block all messages from this server. Nobody told me yet if it's working. I haven't done it for myself yet (for my additional email account on a different server that also makes part of my hotmail address book and therefore receives those spam messages) because I need to continue watching the spam flow.

I'd be very grateful if you could help me to stop this nightmare!

 

[Foxx]

Unfortunately I think you've taken all the steps possible to take in this case--that is, making sure no one else has access to your email account (change your password to ensure this) and notifying the ISP of the sender of the emails. It's possible to spoof someone else's email without doing anything on their end, so it may be the case that they got your list of contacts from your email and are now doing just that.

I'd change email passwords and skype passwords to be on the safe side, but I don't have any other suggestions for what you can do.

I suspect that somebody stole my address book information when I once used Skype (that was linked with my email) at my friend's house a few days before. She told me that there was an anomaly with her FB (her friends received a strange message from her that she hadn't sent), but I didn't think her computer might be infected, since she had an updated antivirus program and was doing a full scan regularly.

Sounds like she was probably infected with something and the antivirus software didn't pick it up, which happens.

Good luck!

 

[rs]

I'd like to get a piece of advice from our IT experts, if possible, how I can stop the spam/email spoofing that started a couple of weeks ago and is very annoying for my friends and me. I've already tried everything I could, but these spam messages continues coming. Also, I feel guilty that they all suffer because of my imprudence...

I suspect that somebody stole my address book information when I once used Skype (that was linked with my email) at my friend's house a few days before. She told me that there was an anomaly with her FB (her friends received a strange message from her that she hadn't sent), but I didn't think her computer might be infected, since she had an updated antivirus program and was doing a full scan regularly.

After the spam had started coming, I've alerted my friends against opening attachments and/or links in the strange messages coming as if from my hotmail address (the name in the "From" field is different, but it is followed always by my email address!) Also, I've unlinked my email account from Skype and changed my security settings and passwords. There are no such messages in my sent folder, so I presume that the spammer doesn't really send them from my account. Also, I've verified on a few appropriate websites if my account was hacked and the result was negative.

Every time when such a message comes, I identify the IP address of the spammer in the Full Heading and write a complaint to the company providing internet connection for this IP address. It is always the same company, but in two different countries: USA or UK. This company normally sends me a polite reply that "this customer has been cancelled due to fraudulent activity" or something similar. Since the IP address is different each time except for the first two blocks of digits, I've finally requested to block ALL IP addresses that start with those two blocks of digits. The reply was: "At this time this customer has been removed from this IP'', but today the spam has restarted coming after a few days of "rest".

At the Full Header I can see that this spam comes always from "uol.com.br" server, but I don't know if this info is of any help to me. However, I advised my friends to set up their filters in the email accounts to block all messages from this server. Nobody told me yet if it's working. I haven't done it for myself yet (for my additional email account on a different server that also makes part of my hotmail address book and therefore receives those spam messages) because I need to continue watching the spam flow.

I'd be very grateful if you could help me to stop this nightmare!

Unfortunately, since it is "trivial" to spoof the origin of e-mail once your identity has been compromised, there is essentially nothing you can do, beyond what steps you have already taken. My recommendation is that you abandon your old e-mail ID and create a new one. Then notify all of your contacts to completely ignore the old one. It is not possible for you to prevent this spoofing at this point.

 

[Chacara]

Thank you very much Foxx and Rs for your advices!

Sounds like she was probably infected with something and the antivirus software didn't pick it up, which happens.

She's being using Microsoft Security Essentials, which apparently was not enough. So she took her laptop to an IT person who made the necessary cleaning and installed AVG 2015.

I was used to have AVG antivirus too, but after the recent upgrade to AVG 2015 some unwanted tools (AVG Secure Search etc.) somehow sneaked inside too. I became very angry and tried to get rid of them, but it wasn't so easy. Fortunately, I've finally managed to do it thank to the useful tips from the Malwarebytes website. After that I didn't want to have AVG 2015 anymore and uninstalled it.

Now I'm using Malwarebytes and AdwCleaner for my laptop protection against viruses and malware, but I'm not sure if I still need an antivirus like AVG, Avira or Avast? If yes, which one is better in your opinion?

My recommendation is that you abandon your old email ID and create a new one. Then notify all of your contacts to completely ignore the old one. It is not possible for you to prevent this spoofing at this point.

Oh, well... It's very sad, but if there is nothing else to do... I've being using this address for many many years... Is it possible to transfer all data from this address to a new one?

The spam came yesterday again, after a few days of break. I reported it to the internet provider as usually and received a polite reply, as usually, that they took measures. Today I'm waiting if it comes again. In this connection I have a few other questions, if you don't mind:

1) Is it so easy for the spammer to get a new IP address after each my complaint to the internet provider?
2) If I continue reporting spam to the internet provider, is there any chance that spamming stops one day?
3) Can it help if I request "uol.com.br" to block the spammer's email address (I don't know if the address in full header is real)?

Thank you in advance for your help and patience!

 

[Foxx]

Now I'm using Malwarebytes and AdwCleaner for my laptop protection against viruses and malware, but I'm not sure if I still need an antivirus like AVG, Avira or Avast? If yes, which one is better in your opinion?

I've actually been using Linux for over a decade now, so I'm not sure about who's making good antivirus software these days. I used AVG in an organization in the past and it seemed to work well enough, but I don't have enough information to recommend anything with confidence.

Oh, well... It's very sad, but if there is nothing else to do... I've being using this address for many many years... Is it possible to transfer all data from this address to a new one?

Yes, depending on the types of mail servers that you're using. I'd suggest googling for a migration guide for between the service your using and a new service if you get one. If they both provide IMAP servers, then you should be able to copy everything with an email client, depending on the client.

1) Is it so easy for the spammer to get a new IP address after each my complaint to the internet provider?

Yes, IPs are generally assigned dynamically, so they probably get a new IP every time they sign or automatically after a certain period of time. I wouldn't assume that the ISP would actually cancel the person's account, though they should.

2) If I continue reporting spam to the internet provider, is there any chance that spamming stops one day?

I'd try at least a few more times. There's a chance it'll work.

3) Can it help if I request "uol.com.br" to block the spammer's email address (I don't know if the address in full header is real)?

It might--it's worth trying.

Good luck!

 

[Chacara]

Thank you for your help Foxx! The spam has stopped coming since Mar. 10, but I remain vigilant. Also, I've installed Avira antivirus on my laptop, since its reviews are a bit better than for AVG or Avast.

Thanks again!

 

[sToRmR1dR]

I'm using:

Avast Free Antivirus 2015
CCleaner-freeware-once per week
Spybot-Search & Destroy-freeware-once per week

Latest updates and popular software:

http://filehippo.com/ ;)

 

[mkrnhr]

I'm using:
Avast Free Antivirus 2015
CCleaner-freeware-once per week
Spybot-Search & Destroy-freeware-once per week

Those are what I'm using on this computer. On another one I use AVG (just to have different anti-virus) when I transfer files. Also, it's good to regularly transfer important files into an external hard-disc Just in case something happens.

 

[the+other+ben]

1) Is it so easy for the spammer to get a new IP address after each my complaint to the internet provider?
2) If I continue reporting spam to the internet provider, is there any chance that spamming stops one day?
3) Can it help if I request "uol.com.br" to block the spammer's email address (I don't know if the address in full header is real)?

Hi Chacara,

It looks like you got some good advice so far. SPAM is definitely an unfortunate reality. It's funny that just today before I read your post, I took a peek in my junk folder and was aghast about the sheer amount of SPAM I get every day that my mail client successfully filters out of my inbox.

I don't know what country you reside in but there may be opt-out laws that might be worth checking into. But it really is a uphill battle, especially in the US. The following site might help: http://www.lsoft.com/resources/optinlaws.asp

Email was never designed to be secure yet we now rely upon it for just about everything. Forging email headers is trivial-- heck, I was easily able to do it back in the mid 1990's but of course it was just to play a little joke on a couple of friends at the time. ;)

I did perform a "whois" lookup on the ISP you mentioned. Here's the pertinent info:

domain: uol.com.br
owner: Universo Online S.A.
ownerid: 001.109.184/0004-38
responsible: Contato da Entidade UOL
country: BR
owner-c: CAU12
admin-c: CAU12
tech-c: CTU6
billing-c: CCU10

nic-hdl-br: CAU12
person: Contato Administrativo - UOL
e-mail: l-registrobr-uol@corp.uol.com.br

nic-hdl-br: CCU10
person: Contato de Cobranca - UOL
e-mail: l-adm-dns@uolinc.com

nic-hdl-br: CTU6
person: Contato Tecnico - UOL
e-mail: l-adm-dns@uolinc.com

 

[Scottie]

Unfortunately, since it is "trivial" to spoof the origin of e-mail once your identity has been compromised, there is essentially nothing you can do, beyond what steps you have already taken. My recommendation is that you abandon your old e-mail ID and create a new one. Then notify all of your contacts to completely ignore the old one. It is not possible for you to prevent this spoofing at this point.

Heck, it's trivial to spoof the origin of an e-mail when your login credentials have not been compromised.

The only thing that keeps things "running smoothly" is all the sender verification and other checks that happen at the receiving end of the e-mail. But, the quality of those checks varies greatly by provider. The spam will get through, and if it is blocked, they switch to a different server, tweak some settings, and poof! More spam.

It's also very easy for spammers to use compromised systems (different IP addies) or multiple cheap servers (even more different IPs) to send mail.

The big problem is that e-mail started out as a wide-open system, and security was really the last thing on anybody's mind. The whole system is still a complete and total joke. Configuring a mail server well is one of those infamous tasks where 99% of the time, it isn't done right. Here's a fun fact: If you enable certain security features, you will prevent your mail server from sending or receiving mail to many, many other mail servers, because they are using old or busted settings. So, you can't do everything right even if you wanted to! It's totally hilarious.

Yeah, it's an uphill battle. But the alphabet soup agencies just LOOOOOVE it, I'm sure.

 

[Chacara]

Thank you very much sToRmR1dR, mkrnhr, Quinault, and Scottie!

This morning I was going to joyfully report you that my battle had been won and the spam had stopped coming, but... it's just come again... from the both addresses: from "myself"(my primary address) to my second email address and from my friend's address to my primary address. So I had to restart sending complaints to the same company (Linode, LLC).

Last week I sent a complaint (in Portuguese, so they can better understand my request) to "uol.com.br" from their website, but they haven't replied me until now... May I give you an example of the full heading of one of the spam messages I received? Probably there is another place where I can complain, but I just don't see it?

Probably, I just have to live with it... I feel so badly about the friend of mine that got infected (probably her kids opened an attachment without her knowledge?) and is suffering all these annoying consequences because of me...

 

[Chacara]

Just to let you know that since April 21 I haven't received that kind of spam messages any more! I hope that spammers gave up and decided to let me alone. Probably my persistence with sending complaints to Linode and Microsoft (in accordance with the originated IP addresses of spam messages) could help. So I can state that this "war" has lasted about two months (started on Feb. 25). I'm keeping my fingers crossed...

 

[Chacara]

Crossing fingers didn't help... It's started all over again!... You were right! I've tried everything, but haven't succeeded in stopping the spam from citing my email address while being sent to my friends... I'm giving up...