Has some spammer hijacked my account?

[thatcrazycajun]

I just got a dozen bounce notices for e-mail my software claims it has never sent...in Cyrillic. Most of them have this header:
Failed to deliver
SMTP module(domain nbi.com.ua) reports:
host mxs.nbi.com.ua says:
550 "Your address mattleger at earthlink dot net is banlisted forever!!!"
 How the hell did some Russian spammer manage to hack into my account and do this? And how can I stop it?

Comments

[kayshapero]

Doesn't have to have hacked into your account, merely spoofed your address. As for what to do about it, I've no idea.

[robin-june.livejournal.com]

I get the same stuff, but it's coming to me in the guise of my OVFF concomm status. I've been wondering if it's latched on to that because the OVFF email isn't as spam-protected as it could be, or because tarkrai's account emanates from Germany now.

If I'd sent something to your email account directly, I'd understand why they found you, too, but I don't think I did.

Anyway, if Cyrillic spammers are being paid on the per-piece-sent basis, all these Latin alphabet e-addresses in this hemisphere must make for some mighty fine harvesting: lots of money for the spammers, and very few valid leads (a.k.a. depletions of the target address list) for those who pay the spammers.

[anaisdjuna.livejournal.com]

Russians are the kings of botmaking also.

[ccrazy.livejournal.com]

There's not much you can do about these. Someone slapped your return address on their email. I get several of these a day, lately they seem to be mostly in German.

[serendipitygirl.livejournal.com]

Wierd. Weirder still for me given that two livejournal accounts, also in cyrillic, showing the signs of being created through averaging certain interests have friended me in the last twelve hours.
Likely an unrelated coincidence, but spambots HAVE broached LJ before (most notably when Passion of the Christ came out. Those spam bots POSTED COMMENTS TO MY LIVEJOURNAL for shitssake...)

[technoshaman.livejournal.com]

It's called a Joe job (http://en.wikipedia.org/wiki/Joe_job). My server gets them once every few months these days... they're stealing the credibility of an innocent account in an attempt to get spam through. Be glad you only got a few dozen; cflute's domain, which I host, gets them by the couple-thousand-load when it happens. Thankfully, what's to the left of the @-sign is patently bogus, and my server promptly tells them to get lost, without ever troubling either of us. (I have to actually read my logs to know it's happened.)

You can't stop it; it's the moral equivalent of somebody else scribbling your return address on an envelope and sticking it in the mail. You could *in theory* filter for it, if you had a handy list of folks you'd sent mail to and mail software to match against that...

The real cure is twofold: One, I'll bet money that the original email didn't come from Earthlink; if (a) Earthlink published a list of legitimate machines from which it sent email and (b) folks checked and made sure a given message was coming from whence it said it did, this variety of spam would drop considerably. (Not stop - folks use freebie accounts like Yahoo and, increasingly, Google's Gmail, to send bogus spam all the time. That sort of thing has to be stopped differently.) The cure I've described is called SPF; you can google for it if you like.

What has to happen, long term, is that spamming has to be more of a pain in the ASCII for the spammers than it is lucrative. I could go into gory details, but I won't (unless you want me to), but as long as there are ISP's out there that let this stuff go on, and other ISP's that don't actively filter for it or don't actively take spamhausen out behind the woodshed and thrash them soundly, there will be spam.

[acelightning.livejournal.com]

[scruffycritter.livejournal.com]

Imagine someone sending a ton of letters thru USPS with:

1) Insufficient postage (or incorrect addresses in this case)
2) Your home listed as the return address.

Pretty much the same thing will happen as happened to you electronically. They all come back to *you*. You didn't send them.

Not a security issue. It's not even a bug believe it or not.

Literally there is an SMTP "envelope" that encloses an email. Who the envelope gets sent to has nothing to do with who the letter inside is addressed to, or intended to be read by.

Not sure what to do at this point. My guess is to start checking with spam listing orgs like spamhaus to see if you are on their list and to get yourself removed.

aliza250 has had to deal with this sort of thing herself. You may want to get in touch with her.