Menu
Reply
Highlighted
  • 45
  • 0
  • 2
BruceS
On our wavelength
962 Views
Message 1 of 11
Flag for a moderator

Mail Administrator emails!

I have just received 3,000, yes that's right 3k's worth, Mail Administrator emails informing me that I have undeliverable emails, and they are still coming in! This happened to me about a month ago when I received around 600 and when I phoned Virgin Media they just told me to change my password, which I did - not very helpful and I suspected this would happen again, but not on this scale!!! I have no idea who these addresees are. Any ideas what's going on??? Thanks in anticipation! 

0 Kudos
Reply

Helpful Answers
  • 12.68K
  • 1.61K
  • 3.73K
Superuser
Superuser
1,843 Views
Message 6 of 11
Flag for a moderator
Helpful Answer

Re: Mail Administrator emails!

If the account had ever been compromised and the password changed to deal with that problem, the security question is the way back in for a hacker, but you've changed that now, so they wouldn't be able to get back in like that.

The info we'd need to see to know if it is a spoof or account compromise is the header, but it's more than the above, you need to use the 'view source' 'view original' and it will look something like: 

Delivered-To: ***@gmail.com
Received: by 10.103.51.204 with SMTP id z195csp96836vsz;
Thu, 1 Sep 2016 12:52:05 -0700 (PDT)
X-Received: by 10.66.160.200 with SMTP id xm8mr6776310pab.70.1472759525890;
Thu, 01 Sep 2016 12:52:05 -0700 (PDT)
Return-Path: <35YbIVwcLDNgHIL8JFSSIONO58.6IGFO6SL48cVcVcAG4CF.6IG@scoutcamp.bounces.google.com>
Received: from mail-pa0-x248.google.com (mail-pa0-x248.google.com. [2607:f8b0:400e:c03::248])

It will be a wall of info.Copy that info from the top, down to the subject line. Blank out any email addresses listed. You'll have seen that a mod blanked out the addresses in your prior message, as posting email addresses in full isn't permitted (remove the username.)

Some bounce messages include that info in an attachment, but spammers know this and so they fake bounce messages to get people to open their virus attachments. Only provide header info from one of the bounces which doesn't include an attachment, I.E. all the info about the bounced email etc included in the email itself alone.

- - - - - -
Any opinions expressed by myself are entirely my own and do not represent Virgin Media in any way.
  • 244
  • 33
  • 119
coenoby
Superfast
1,841 Views
Message 7 of 11
Flag for a moderator
Helpful Answer

Re: Mail Administrator emails!

Hi BruceS

I had exactly the same thing happen to me several years ago. It was not a VM or ISP email address and that made it even worse because it was an email address on my own domain that I had set up for a new business I had just started. I got many really nasty emails telling me what they thought of 'me' (the spammer) and it scared me that people could look up 'Whois' the registry of domain name owners and get my home address!

From personal experience I would say on no account should you respond to those abusive emails, it's a waste of time trying to explain to people that the spam they are getting is nothing to do with you and you just get even worse abuse back.

I regret to say that there is nothing you can do to stop the spammers using your email address. They don't need your password to send emails with your address. It's not necessarily a security breach by Virgin either. Any email address that can be seen via social media, forums like this or anywhere else can be picked up and used by spammers.  It can happen to any of of us.

As has been said, setting up filters to weed out those bounce backs is really all you can do.You might want to consider ditching that email address but that may cause more problems for you than it solves.

I can only say that my experience lasted for a few days, then restarted again but eventually stopped altogether after a few weeks and has not restarted since then.

Sorry I cannot be more positive, all I can say is that I know what you're going through. Your post have brought those memories all back to me.

Coenoby

 

*******************************
If someone posts a helpful message you can say thanks by clicking on the thumbs up in their post.
If someone posts a message that solves your problem it helps everyone if you mark their post as an Accepted Solution.

All Replies
  • 12.68K
  • 1.61K
  • 3.73K
Superuser
Superuser
959 Views
Message 2 of 11
Flag for a moderator

Re: Mail Administrator emails!

Sounds like a classic case of someone spoofing you or faking bounce messages. Spoofing isn't something the victim can stop, as it is easy to fake who the sender is and the spoofer requires no access to your account to do the spoofing.

However, without seeing the headers of one of the emails, I'd suggest a courtesy change of the account's password and security question in case it is the off chance a hacker has compromised it and is using it to spam. Yes I know it was done before (you mentioned it), but it's what I'd do in that situation.

Edit: typo fix.

- - - - - -
Any opinions expressed by myself are entirely my own and do not represent Virgin Media in any way.
0 Kudos
Reply
  • 45
  • 0
  • 2
BruceS
On our wavelength
949 Views
Message 3 of 11
Flag for a moderator

Re: Mail Administrator emails!

Thanks for your prompt reply but they are still coming in and as I said in my original post I changed my password the last time. I don't have a security question set up - I'm using an @virginmedia.com address through MS Outlook and Windows 10. Is there anything else I can do - this is driving me nuts!!! Thank you!

0 Kudos
Reply
  • 12.68K
  • 1.61K
  • 3.73K
Superuser
Superuser
946 Views
Message 4 of 11
Flag for a moderator

Re: Mail Administrator emails!

You'd need to log into My VM http://virg.co/myVM to see and change the security question, once signed in with the account go into the My Profile tab, the security question option will be near the bottom.

One way to limit the amount of these bounces you see is setup filters against them which will set it so they're automatically deleted. In the webmail you can create a filter by: click the cog -> Settings -> mail filter -> Add rule. Give the rule a name, set the condition as subject, copy in the subject line from the offending emails. Then set the action as either discard or move to folder and set the folder as Bin/Trash (depending on what it is named for you.) Save the rule.

Outlook email clients also have built in email filtering options you can make use of. Ask Google a question, so if you had say Outlook 2010 the question would to Google would be "Outlook 2010 setup filter" and follow the advise found in the results.

- - - - - -
Any opinions expressed by myself are entirely my own and do not represent Virgin Media in any way.
0 Kudos
Reply
  • 45
  • 0
  • 2
BruceS
On our wavelength
936 Views
Message 5 of 11
Flag for a moderator

Re: Mail Administrator emails!

I have changed my security question but I don't see how that will change things! I know how to set up filters but that will not stop the problem! I am now getting abusive emails from total strangers telling me to stop scamming them! Please help!!!!!! Here is what is now going out to people:

-----Original Message-----
From: Mr.Jack**** <****************>
To: Recipients <***************>
Sent: Fri, Sep 2, 2016 10:44 am
Subject: Read Attached

Read

This is apart from the undeliverable email messages! People are thinking it's me!!!! Not got a clue who Jack *** is. Thank you 

 

 

[MOD EDIT: Personal and private information has been removed from this post. Please do not post personal or private information in your public posts. Please review the Forum Guidelines]

0 Kudos
Reply
  • 12.68K
  • 1.61K
  • 3.73K
Superuser
Superuser
1,844 Views
Message 6 of 11
Flag for a moderator
Helpful Answer

Re: Mail Administrator emails!

If the account had ever been compromised and the password changed to deal with that problem, the security question is the way back in for a hacker, but you've changed that now, so they wouldn't be able to get back in like that.

The info we'd need to see to know if it is a spoof or account compromise is the header, but it's more than the above, you need to use the 'view source' 'view original' and it will look something like: 

Delivered-To: ***@gmail.com
Received: by 10.103.51.204 with SMTP id z195csp96836vsz;
Thu, 1 Sep 2016 12:52:05 -0700 (PDT)
X-Received: by 10.66.160.200 with SMTP id xm8mr6776310pab.70.1472759525890;
Thu, 01 Sep 2016 12:52:05 -0700 (PDT)
Return-Path: <35YbIVwcLDNgHIL8JFSSIONO58.6IGFO6SL48cVcVcAG4CF.6IG@scoutcamp.bounces.google.com>
Received: from mail-pa0-x248.google.com (mail-pa0-x248.google.com. [2607:f8b0:400e:c03::248])

It will be a wall of info.Copy that info from the top, down to the subject line. Blank out any email addresses listed. You'll have seen that a mod blanked out the addresses in your prior message, as posting email addresses in full isn't permitted (remove the username.)

Some bounce messages include that info in an attachment, but spammers know this and so they fake bounce messages to get people to open their virus attachments. Only provide header info from one of the bounces which doesn't include an attachment, I.E. all the info about the bounced email etc included in the email itself alone.

- - - - - -
Any opinions expressed by myself are entirely my own and do not represent Virgin Media in any way.
  • 244
  • 33
  • 119
coenoby
Superfast
1,842 Views
Message 7 of 11
Flag for a moderator
Helpful Answer

Re: Mail Administrator emails!

Hi BruceS

I had exactly the same thing happen to me several years ago. It was not a VM or ISP email address and that made it even worse because it was an email address on my own domain that I had set up for a new business I had just started. I got many really nasty emails telling me what they thought of 'me' (the spammer) and it scared me that people could look up 'Whois' the registry of domain name owners and get my home address!

From personal experience I would say on no account should you respond to those abusive emails, it's a waste of time trying to explain to people that the spam they are getting is nothing to do with you and you just get even worse abuse back.

I regret to say that there is nothing you can do to stop the spammers using your email address. They don't need your password to send emails with your address. It's not necessarily a security breach by Virgin either. Any email address that can be seen via social media, forums like this or anywhere else can be picked up and used by spammers.  It can happen to any of of us.

As has been said, setting up filters to weed out those bounce backs is really all you can do.You might want to consider ditching that email address but that may cause more problems for you than it solves.

I can only say that my experience lasted for a few days, then restarted again but eventually stopped altogether after a few weeks and has not restarted since then.

Sorry I cannot be more positive, all I can say is that I know what you're going through. Your post have brought those memories all back to me.

Coenoby

 

*******************************
If someone posts a helpful message you can say thanks by clicking on the thumbs up in their post.
If someone posts a message that solves your problem it helps everyone if you mark their post as an Accepted Solution.
  • 45
  • 0
  • 2
BruceS
On our wavelength
919 Views
Message 8 of 11
Flag for a moderator

Re: Mail Administrator emails!

Thank you very much for your patience! All the emails seem to have different messages, so I will give you a couple of examples:

*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with its delivery. The reason your mail is being returned to you is listed in the section labeled: "----- The delivery status notification errors -----".

The line beginning with "Diagnostic-Code:" describes the specific reason your e-mail could not be delivered.  The following lines contains the

RFC822 header of the original email message.

Please direct further questions regarding this message to your e-mail administrator.

--AOL Postmaster

----- The delivery status notification errors -----

<XXXXXXX@aol.com>: host core-mca05d.mail.aol.com[172.27.33.56] said: 554

    5.7.1 Your mail could not be delivered because the recipient is not

    accepting any mail.  If you feel you received this in error, please contact

    the recipient directly and ask them to check their email settings. (in

    reply to end of DATA command)

and another example:

This Message was undeliverable due to the following reason:

Each of the following recipients was rejected by a remote mail server.

The reasons given by the server are included to help you determine why each recipient was rejected.

    Recipient: <xxxxxx@aol.com>

    Reason:    5.1.1 <xxxxxx@aol.com>: Recipient address rejected: aol.com

Please reply to <Postmaster@ispmail.ntl.com> if you feel this message to be in error.

The following attachments have been removed from the bounce message: Reimbursement 2016.rtf

I hope this helps you in some way! 

0 Kudos
Reply
  • 45
  • 0
  • 2
BruceS
On our wavelength
913 Views
Message 9 of 11
Flag for a moderator

Re: Mail Administrator emails!

Thank you very much for your sympathetic response! I have now received in excess of 5,000 of these emails, and about a dozen abusive responses so far! I have changed my password and security question on my email profile so hopefully that will make it stop eventually! Glad to hear you weathered the storm and the problem disappeared. Hopefully the same will happen to me! Best wishes.

0 Kudos
Reply
  • 12.68K
  • 1.61K
  • 3.73K
Superuser
Superuser
895 Views
Message 10 of 11
Flag for a moderator

Re: Mail Administrator emails!

Looking at some of the info in the bounce messages the spoofer is sending out viruses (it mentions dodgy file attachments), the advise above is sound.

I too had an email address which suffered badly from spoofing in the past, I stopped using it so much during the worst points of the spoofing, but in the end I deleted it and moved on to a new email address.

- - - - - -
Any opinions expressed by myself are entirely my own and do not represent Virgin Media in any way.
0 Kudos
Reply