Tons of spam the last few day

Posted by: petteri

Tons of spam the last few day - 26/08/2008 08:37

Has my e-mail account been hacked? I've been getting anywhere from 30 to 60 of these type of things the last few days:

Quote:
This is the mail system at host noc.ntu-kpi.kiev.ua.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<dew@pma.ntu-kpi.kiev.ua>: host pma.ntu-kpi.kiev.ua[10.255.14.1] said: 550
5.1.1 <dew@pma.ntu-kpi.kiev.ua>... User unknown (in reply to RCPT TO
command)
Reporting-MTA: dns; noc.ntu-kpi.kiev.ua
X-Postfix-Queue-ID: EAB77EF9FF
X-Postfix-Sender: rfc822; MY EMAIL ADDRESS WAS HERE
Arrival-Date: Tue, 26 Aug 2008 05:04:15 +0300 (EEST)

Final-Recipient: rfc822; dew@pma.ntu-kpi.kiev.ua
Original-Recipient: rfc822;dew@pma.ntu-kpi.kiev.ua
Action: failed
Status: 5.1.1
Remote-MTA: dns; pma.ntu-kpi.kiev.ua
Diagnostic-Code: smtp; 550 5.1.1 <dew@pma.ntu-kpi.kiev.ua>... User unknown
Received: from mta5.srv.hcvlny.cv.net (mta5.srv.hcvlny.cv.net [167.206.4.200])
by noc.ntu-kpi.kiev.ua (Postfix) with ESMTP id EAB77EF9FF
for <dew@pma.ntu-kpi.kiev.ua>; Tue, 26 Aug 2008 05:04:15 +0300 (EEST)
Received: from ool-18bf9629.edu.static.optonline.net
(ool-18bf9629.dyn.optonline.net [24.191.150.41]) by mta5.srv.hcvlny.cv.net
(Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007))
with SMTP id <0K660036KMGN2S01@mta5.srv.hcvlny.cv.net> for
dew@pma.ntu-kpi.kiev.ua; Mon, 25 Aug 2008 22:02:52 -0400 (EDT)
Date: Mon, 25 Aug 2008 22:03:05 -0700
From: MY EMAIL ADDRESS WAS HERE
Subject:
=?Windows-1251?Q?i_CRM_-_=F1=E8=F1=F2=E5=EC=ED=E0=FF_=F0=E0=E1=EE=F2=E0_=F1_=EA=EB=E8=E5=ED=F2=EE=EC._?=
To:
=?Windows-1251?Q?=CC=E8=F5=E0=E8=EB_=C1=EE=E3=F3=F1=EB=E0=E2=EE=E2=E8=F7_=CA=F0=E5=F7=E5=F2=EE=E2?=
<perryshelton@earthlink.net>,
=?Windows-1251?Q?=C3=E5=ED=E0=E4=E8=E9_=C8=E2=E0=ED=EE=E2=E8=F7_=D8=E0=F2=F3=F5?=
<perryshelton@earthlink.net>
Message-id:
<000b01c906fe$59dff880$2996bf18@ool-18bf9629.edu.static.optonline.net>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
Content-type: text/plain; charset=windows-1251
Content-transfer-encoding: 8BIT
X-Priority: 3
X-MSMail-priority: Normal
Posted by: Schido

Re: Tons of spam the last few day - 26/08/2008 09:03

Your email address is probably on a spammers list or cd.
They use those addresses for fake headers too.
Posted by: Dignan

Re: Tons of spam the last few day - 26/08/2008 10:32

For some reason in the past few days GMail has not filtered out a couple hundred obvious spam messages. I have no idea how their spam filters work, but apparently the "Report as Spam" button is utterly useless. Every message has either "poker" or "debt" in the subject, and look very similar otherwise. Their algorithms must not be terribly good. A while back I was getting hundreds of viagra spam, which I would think would be a no-brainer for spam filters.

I hate to create filters on the off chance that someone sends me legit mail that happens to contain certain words in the subject.
Posted by: mlord

Re: Tons of spam the last few day - 26/08/2008 12:23

In this case, one could just toss everything incoming from *.ua
Posted by: lectric

Re: Tons of spam the last few day - 26/08/2008 14:01

Every few days, I check the mail logs, check the biggest spammers, and drop the entire B or C class at my firewall. Works wonders.
Posted by: DWallach

Re: Tons of spam the last few day - 26/08/2008 16:10

What you're seeing is backscatter from other spam attempts. The spammer is forging your email address in the "from" field, sending that to other people, and those servers are barfing back at you. I had several days of this, at one point. Then it up and stopped. I'm guessing that the spammers pick one email address and use it just long enough to get stuff through before it's considered "burned" and then move on to the next one.
Posted by: g_attrill

Re: Tons of spam the last few day - 26/08/2008 18:51

I've found GMail (Apps) to be ok recently, although I've had a couple of false positives in the past week, but both were from the same sender, but their IT infrastructure (and company owner) is "quirky" to say the least, so I wasn't too surprised.

I did switch off catch-all a few months ago, I spent an evening going through various sites changing email addresses and adding aliases for those where it was impossible to change the address (hello? who designed this crap!) GMail was handling the spam ok, but the small (but significant) number of false positives is such that I need to manually browse the spam folder once a week, and catch-all was making it at least 5x as large.
Posted by: frog51

Re: Tons of spam the last few day - 26/08/2008 19:45

I've had NO gmail spam for over 3 months now (well, there are about 1800 in the spam folder, but I don't worry about them!) and even before that there were about 2 per month tops.

I think Google do pretty well on this front, tbh.
Posted by: petteri

Re: Tons of spam the last few day - 26/08/2008 21:21

Originally Posted By: DWallach
What you're seeing is backscatter from other spam attempts. The spammer is forging your email address in the "from" field, sending that to other people, and those servers are barfing back at you. I had several days of this, at one point. Then it up and stopped. I'm guessing that the spammers pick one email address and use it just long enough to get stuff through before it's considered "burned" and then move on to the next one.


This is what I thought might be happening. As of today it does seemed to have stopped. I also added a bunch to eathlink's "spambuster" list.

As far as GMail goes, I almost never get spam in my in box there. The spam folder gets a lot, but I just scan that quickly and empty it from time to time.
Posted by: FireFox31

Re: Tons of spam the last few day - 27/08/2008 02:03

You're lucky that you only get 60 of those backscatter/bounce messages a day. Somehow, an e-mail alias that I've never used started receiving those messages at a rate of 2 per minute, ~120 per hour. Thankfully, my system uses "maildropfilter", which I told to discard everything to that alias.

And the backscatter to this alias has not stopped for months. It's apparently some kind of new trick, I just don't see the point. Using my address to mailbomb every Russian server nonstop for a year?
Posted by: canuckInOR

Re: Tons of spam the last few day - 28/08/2008 16:43

Originally Posted By: FireFox31
It's apparently some kind of new trick, I just don't see the point.

It's not really a new trick -- they've been doing it for quite a while. The point of doing it is so that it's not the spammer themselves, who has to get all the rejection or invalid address notices.
Posted by: tman

Re: Tons of spam the last few day - 28/08/2008 17:08

Originally Posted By: canuckInOR
Originally Posted By: FireFox31
It's apparently some kind of new trick, I just don't see the point.

It's not really a new trick -- they've been doing it for quite a while. The point of doing it is so that it's not the spammer themselves, who has to get all the rejection or invalid address notices.

Another reason is that its so the sender can have a valid looking address. They used to just make one up or just provide some throw away account but spam filters started blocking those. Their solution was to just pick some address at random from their own spam lists and then use that.