I'm apparently sending spam!

So get this, I get e-mails from Goose Egg, and he from me, that are spam. Yet they’re not showing up in our “sent” boxes - somehow the spam e-mails are “masquerading” as being sent from us. All of our computers are clean, so we’re pretty sure the problem isn’t coming from our machines. We’re also unsure if these e-mails have been showing up in our other contacts’ inboxes. This is the information we’ve gleaned from the “show original” function in our e-mail systems:

Any suggestions or explanations?

Interesting. I just got an email from my server host saying spam was being sent from my server as well. We had to shut down the mailer program for now, while figuring out how they got in. So you’re not the only one.

Well, if it is just the “from” email address that is weird, then don’t worry - it can be faked trivially. Spammers will sometimes just insert some random mail addresses there, and if it happens to be yours, well the it looks like it was sent by you. Many years ago some spammers were sending out masses of emails with “somerandomstuff@domainownedbyme.com” as sender email… and for every email they sent to that diodn’t exist or had a full mailbox, the bounce email from that mailserver would go to my mailserver. Thousands of spam bounces per day, very funny :frowning:

Anyway, just compare the headers for a normal mail from you to Gus with this email’s header. Those “received from…” items should show you if the email really came from your mail server, or from some other server (just claiming to be from your mail address).

Unfortunately I am not too familiar with gmail (which seems to be involved), and also not with your and Gus mail server details… else I could maybe assist to decipher that email header.

If indeed Gmail is involved on your side, then maybe once again (happened before AFAIK) some accounts including yours were hijacked and spam was sent out…

The e-mails look like they’re coming from forumosa.com (both Gus and I redirect our f.com mail to gmail for convenience), so I don’t think it’s a gmail issue.

Spammers using your domain name to make it look like the emails are coming from the administrators? I’ve had a real hard time with this in the past. Up to 20 spam emails per day. I ended up dropping the domain altogether. This is not an option for you, though, so good luck sorting it out. I would be interested to know what the fix is for this, too, so let us know, please.

The same has happened to me. Still get some from others too. All are in my contacts list. I know tech stuff - not at all. My son-in-law says that my email has been hacked and spammers are using my contacts list to send crap to my friends. My virus protection is always up to date but he says this doesn’t stop a spammer from guessing and getting an occasional hit, like me. He says the only way to stop it is to notify everybody on my list that this has happened and to change my email password. I did and after a few months it seems to have pretty much stopped because nobody is responding or opening the spam. But . . what do I know? Damned aggravating.

I had the same problem a few years back, it turned out to be a proxy server (Squid) that was activated by default when I installed Linux. I had to go in and disable it, or make sure the security settings were appropriate.

However, I did some port scans on your server, and nothing came back as suspect. Maybe you could recruit some better hackers to try and bust into your server, and tell you were you are vulnerable.

[quote=“maoman”]So get this, I get e-mails from Goose Egg, and he from me, that are spam. […]
Any suggestions or explanations?[/quote]
The spam originated from this host: ip98-185-18-69.rn.hr.cox.net - you get that from the oldest (= lowest in the list) “Received” entry…

I sent my question to our server host and got this reply:

[quote]I checked the mail queue and server logs and do not see any spam being sent from your server.

Some viruses or malware will set the return email address to someone’s email address they do now even know. In this case it was one of your addresses. We do not have any control over this issue since it is not originating from your server.

You can try to investigate this issue based on the header and product being sold. It has been our experience that this will slow down in a few days and eventually stop.

ISPs and mail admins are aware of this type of issue with email and do not normally block email based on the address. They block based on the IP address of the sending server so you should not get black listed.

Please let us know if you have any additional questions.

Thanks,

David

Customer Service
cs (at) hostexpress.com[/quote]

One possible explanation: somewhere there was/is a computer that got infected by a data collecthing viruses or worm, and that computer’s owner (person “C”) has had message from or to from Goose Egg ("A) and also from or to maoman (“B”) on the computer, so that the malware found the involved mail addresses…

Dear Victoria,
I look forward to seeing your pictures. :howyoudoin: