Spoofed email

Discussion in 'other security issues & news' started by stuckwithit, May 25, 2006.

Thread Status:
Not open for further replies.
  1. stuckwithit

    stuckwithit Registered Member

    Joined:
    May 25, 2006
    Posts:
    2
    My eMail address has been spoofed [stolen] and is being used to bulk spam. I am horrified :mad: ! I can not find a way to stop it as it seems to be moving from IP to IP.

    Can anyone help?

    I've posted a copy of a mail below:
    _______________________________________________
    From: jbarnes@1000trails.com
    Subject: Sterling Stock Watch
    Date: 24 May 2006 23:30:46 BDT
    To: gary@garymorga.com
    Reply-To: jbarnes@1000trails.com
    Return-Path: <jbarnes@1000trails.com>
    Delivered-To: garymorga-gary@garymorga.com
    Received: (qmail 50872 invoked by uid 1024); 24 May 2006 21:36:21 -0000
    Received: from jbarnes@1000trails.com by server27.donhost.co.uk by uid 1002 with qmail-scanner-1.22 ( Clear:RC:0(62.178.253.249):. Processed in 0.108598 secs); 24 May 2006 21:36:21 -0000
    Received: from unknown (HELO chello062178253249.4.13.vie.surfer.at) (62.178.253.249) by 192.168.147.21 with SMTP; 24 May 2006 21:36:20 -0000
    X-Mailer: The Bat! (v2.12.00) CD5BF9353B3B7091
    X-Priority: 3 (Normal)
    Message-Id: <000267707.20060524213046@1000trails.com>
    Mime-Version: 1.0
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit

    For Immediate Release
    ALERT ISSUED - Watch FCYI.PK !

    Falcon Energy, Inc.
    F C Y I
    1 week ago $0.88
    Today $ 1.60
    5 Day Expected $2.90
    Market Plus Top Four Pick

    There is a big PR campaign starting today and running all week!! This Is Going To Explode!
    Is FCYI Ready To Go? If You Think So, You Know what to Do...
    Review exactly what the company does and Watch This One Trade...

    VANCOUVER, British Columbia, May 19, 2006 (PRIME ZONE) --
    As part of the commitment of Falcon Energy, Inc., a Nevada Corporation, to keep
    investors informed of its status and activities, the company is providing this
    investor update.

    Gas production continues steadily from Falcon Energy's Richmount Westlock property
    in Alberta, Canada. This opportunity has proven itself out as the property and
    investment have benefited from the surge in natural gas prices since the well was
    first tied in May of 2005. The market price (NYMEX) for natural gas at that time
    was approximately $6.50 per MMBTU but in the last year prices stayed over 10.00 per
    MMBTU for a 5 month period with several spikes above the $14.00 range. The company
    is pleased that the investment continues to provide consistent revenue for the company
    and its shareholders.

    Falcon Energy Inc. has also announced that due to the confirmed addition of its mining
    exploration properties in Mongolia, that it will shortly be expanding the executive team
    to assist in managing this new opportunity. Details will be forthcoming.

    VANCOUVER, British Columbia, May 17, 2006 (PRIME ZONE) -- Falcon Energy, Inc.
    is pleased to announce that the granting of exploration licenses for five mining properties
    in Mongolia has been finalized. These licenses will be held for a minimum of three years and
    grant Falcon Energy, Inc. access to the mineral rights for the
    licensed properties.

    Falcon Energy, Inc. had recently sought the mineral rights to these significant properties
    in the mineral rich region of Mongolia. Falcon Energy's interest in the region is driven in
    part by the anticipation of deploying modern prospecting methods to an area that abounds in
    both base and precious metals.

    The five licensed areas are:


    8825E - The Duhum Hujirt License Area
    8454X - Tsagaan Tolgoi Copper/Gold Project
    9997X - The Huld License Area
    9996X - The Har Tolgoi License Area
    9668X - Hutagt License Area

    Exploitable mineral resources found in the area in which the licenses are held include:
    Gold, base metals such as Copper, Molybdenum, Lead and Zinc as well as Fluorite and Uranium.
     
  2. stuckwithit

    stuckwithit Registered Member

    Joined:
    May 25, 2006
    Posts:
    2
    Re: Spoofed email ...and this one too

    From: postmaster@verizon.net
    Subject: Delivery Notification: Delivery has failed
    Date: 24 May 2006 20:27:53 BDT
    To: xrnm@garymorga.com
    Return-Path: <>
    Delivered-To: garymorga-xrnm@garymorga.com
    Received: (qmail 42675 invoked by uid 1024); 24 May 2006 19:27:54 -0000
    Received: from by server26.donhost.co.uk by uid 1002 with qmail-scanner-1.22 ( Clear:RC:0(206.46.252.49):. Processed in 0.402225 secs); 24 May 2006 19:27:54 -0000
    Received: from unknown (HELO vms049pub.verizon.net) (206.46.252.49) by 192.168.147.20 with SMTP; 24 May 2006 19:27:53 -0000
    Received: from process-daemon.vms049.mailsrvcs.net by vms049.mailsrvcs.net (Sun Java System Messaging Server 6.2-4.02 (built Sep 9 2005)) id <0IZS00701AW4WH00@vms049.mailsrvcs.net> for xrnm@garymorga.com; Wed, 24 May 2006 14:27:53 -0500 (CDT)
    Received: from vms049.mailsrvcs.net (Sun Java System Messaging Server 6.2-4.02 (built Sep 9 2005)) id <0IZS0084QBDF3O00@vms049.mailsrvcs.net>; Wed, 24 May 2006 14:27:53 -0500 (CDT)
    Message-Id: <0IZS0085OBEH3O00@vms049.mailsrvcs.net>
    Mime-Version: 1.0
    Content-Type: multipart/report; boundary="Boundary_(ID_4GFavfMSlKhtbeyOn1OzkQ)"; report-type=delivery-status

    This report relates to a message you sent with the following header fields:

    Message-id: <001e01c67f68$18f62ada$6fb9ba55@pi.amb>
    Date: Wed, 24 May 2006 22:18:04 +0300
    From: "Eva Lambert" <xrnm@garymorga.com>
    To: <edzebrowski@verizon.net>
    Subject: hood individualism

    Your message cannot be delivered to the following recipients:

    Recipient address: @relay.verizon.yahoo.com:edzebrowski@verizon.net
    Original address: edzebrowski@verizon.net
    Reason: SMTP transmission failure has occurred
    Diagnostic code: smtp;554 delivery error: dd This user doesn't have a verizon.net account (edzebrowski@verizon.net) [0] - mta101.vzn.mail.mud.yahoo.com
    Remote system: dns;mta.vzn.mail.yahoo4.akadns.net (TCP|206.46.252.49|64150|68.142.203.54|25) (mta101.vzn.mail.mud.yahoo.com ESMTP YSmtp service ready)

    Reporting-MTA: dns;vms049.mailsrvcs.net (tcp-daemon)

    Original-recipient: rfc822;edzebrowski@verizon.net
    Final-recipient: rfc822;@relay.verizon.yahoo.com:edzebrowski@verizon.net
    Action: failed
    Status: 5.0.0 (SMTP transmission failure has occurred)
    Remote-MTA: dns;mta.vzn.mail.yahoo4.akadns.net
    (TCP|206.46.252.49|64150|68.142.203.54|25)
    (mta101.vzn.mail.mud.yahoo.com ESMTP YSmtp service ready)
    Diagnostic-code: smtp;554 delivery error: dd This user doesn't have a
    verizon.net account (edzebrowski@verizon.net)
    [0] - mta101.vzn.mail.mud.yahoo.com

    From: "Eva Lambert" <xrnm@garymorga.com>
    Date: 24 May 2006 20:18:04 BDT
    To: <edzebrowski@verizon.net>
    Subject: hood individualism


    

    From: postmaster@verizon.net
    Subject: Delivery Notification: Delivery has failed
    Date: 24 May 2006 20:27:53 BDT
    To: xrnm@garymorga.com
    Return-Path: <>
    Delivered-To: garymorga-xrnm@garymorga.com
    Received: (qmail 42675 invoked by uid 1024); 24 May 2006 19:27:54 -0000
    Received: from by server26.donhost.co.uk by uid 1002 with qmail-scanner-1.22 ( Clear:RC:0(206.46.252.49):. Processed in 0.402225 secs); 24 May 2006 19:27:54 -0000
    Received: from unknown (HELO vms049pub.verizon.net) (206.46.252.49) by 192.168.147.20 with SMTP; 24 May 2006 19:27:53 -0000
    Received: from process-daemon.vms049.mailsrvcs.net by vms049.mailsrvcs.net (Sun Java System Messaging Server 6.2-4.02 (built Sep 9 2005)) id <0IZS00701AW4WH00@vms049.mailsrvcs.net> for xrnm@garymorga.com; Wed, 24 May 2006 14:27:53 -0500 (CDT)
    Received: from vms049.mailsrvcs.net (Sun Java System Messaging Server 6.2-4.02 (built Sep 9 2005)) id <0IZS0084QBDF3O00@vms049.mailsrvcs.net>; Wed, 24 May 2006 14:27:53 -0500 (CDT)
    Message-Id: <0IZS0085OBEH3O00@vms049.mailsrvcs.net>
    Mime-Version: 1.0
    Content-Type: multipart/report; boundary="Boundary_(ID_4GFavfMSlKhtbeyOn1OzkQ)"; report-type=delivery-status

    This report relates to a message you sent with the following header fields:

    Message-id: <001e01c67f68$18f62ada$6fb9ba55@pi.amb>
    Date: Wed, 24 May 2006 22:18:04 +0300
    From: "Eva Lambert" <xrnm@garymorga.com>
    To: <edzebrowski@verizon.net>
    Subject: hood individualism

    Your message cannot be delivered to the following recipients:

    Recipient address: @relay.verizon.yahoo.com:edzebrowski@verizon.net
    Original address: edzebrowski@verizon.net
    Reason: SMTP transmission failure has occurred
    Diagnostic code: smtp;554 delivery error: dd This user doesn't have a verizon.net account (edzebrowski@verizon.net) [0] - mta101.vzn.mail.mud.yahoo.com
    Remote system: dns;mta.vzn.mail.yahoo4.akadns.net (TCP|206.46.252.49|64150|68.142.203.54|25) (mta101.vzn.mail.mud.yahoo.com ESMTP YSmtp service ready)

    Reporting-MTA: dns;vms049.mailsrvcs.net (tcp-daemon)

    Original-recipient: rfc822;edzebrowski@verizon.net
    Final-recipient: rfc822;@relay.verizon.yahoo.com:edzebrowski@verizon.net
    Action: failed
    Status: 5.0.0 (SMTP transmission failure has occurred)
    Remote-MTA: dns;mta.vzn.mail.yahoo4.akadns.net
    (TCP|206.46.252.49|64150|68.142.203.54|25)
    (mta101.vzn.mail.mud.yahoo.com ESMTP YSmtp service ready)
    Diagnostic-code: smtp;554 delivery error: dd This user doesn't have a
    verizon.net account (edzebrowski@verizon.net)
    [0] - mta101.vzn.mail.mud.yahoo.com

    From: "Eva Lambert" <xrnm@garymorga.com>
    Date: 24 May 2006 20:18:04 BDT
    To: <edzebrowski@verizon.net>
    Subject: hood individualism


    
     
  3. Antarctica

    Antarctica Registered Member

    Joined:
    Feb 25, 2003
    Posts:
    1,617
    Location:
    Canada
    Have you tried to contact your Internet Service Provider?
     
  4. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Unfortunately, anyone who knows your email address can use it as their "Sent from" address and there's nothing you can do about it. Email doesn't validate who you are.

    This is a common tactic used by spammers to get back at spam-blocking services - set the reply addresses to spamblocking email addresses, and watch as all the bounce (and other) messages bombard the innocent third party server.

    Antarctica's suggestion to contact your ISP is a good one - the last thing you want is them to add insult to injury, and suspend your account for something that you haven't done :( Depending on how many mails were sent, they may be able to help you with the flood of bounce messages.

    I would also recommend that you give your computer the once over and make sure that you don't have something nasty installed. It's unlikely to be coming from your computer, but I'd double-check, just in case.


    Mike
     
Loading...
Thread Status:
Not open for further replies.