5

About several hours ago I started getting A LOT of spam e-mails, 6 per minute on average. I have no idea what went wrong. This is the e-mail address that I'm using for years and I was very careful in regards to where I used it. I know a lot about computers, software and stuff (started working as a programmer recently), and I'm saying this just to throw out recklessness from the equation. It's my main e-mail, not gmail or yahoo or some other, it's the e-mail that has been given to me from my internet provider ages ago, and it has been used for serious correspondence only.

Almost all e-mails are the same, I'll take a picture of one and post it to you guys (my e-mail address is crossed out on every place it had been stated). And it's stated there that I've been actually sending some meaningless e-mails from my address to random people and that they were undeliverable.

I have no experience in this and have no idea how this has happened. Can this somehow be fixed, or can anyone at least explain to me what is going on?

first part of the email

second part of the same email

schroeder
  • 123,438
  • 55
  • 284
  • 319
Oggie
  • 53
  • 1
  • 1
  • 4
  • 2
    I think you should change your email password immediately if you haven't already. If it's not malware on your computer sending these emails, and you're not logged into your email on any other computers, it's quite possible your account has been compromised and is sending spam to other people from either the web interface or IMAP/POP3. – Steve Dec 09 '16 at 04:02
  • I have changed my e-mail password and now I'm just getting e-mails with the subject "Warning: could not send message for the past 4 hours". I'm not getting e-mails with the subject "Returned mail: see transcript for details". Does that seem like a step forward? – Oggie Dec 09 '16 at 04:33
  • I'm no email or security expert, but I believe so. I think that you will continue to receive those messages for around another 4 hours while the email server continues to try to send the remaining spam emails from your account. Since the person or bot who hacked your email credentials can no longer send emails, you just have to wait. I would recommend sending an email to all of your contacts notifying them to delete any emails from you for the past day. It's likely that they were sent spam emails (possibly malicious) from your account as well. – Steve Dec 09 '16 at 04:46
  • Just to inform you that the problem has been solved. I changed the password on my e-mail account and was receiving returned emails for 4 hours. After that I stopped receiving spam e-mails. Problem solved. Thank you all for the assistance. – Oggie Dec 10 '16 at 14:35

2 Answers2

7

The messages you show mean that somebody is using your email address as a sender. This might mean that your mail account is compromised but it can also be that the attacker got information about your email by compromising users which received mails from you or by simply guessing or generating random email addresses. Email is similar insecure as snail mail, i.e. one can write anything as the claimed sender at the envelope and this means that the claimed sender gets a bounce message if the mail could not be delivered.

Once spammers are using your address as a claimed sender as in this case there is not a lot you can do. If you have no control over the domain you probably can only delete all the bounces from your inbox. If you have control you could configure SPF and DKIM to limit how much your address can be used for spoofing.

For more details see Why is it even possible to forge sender header in e-mail?

Community
  • 1
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Just to inform you that the problem has been solved. I changed the password on my e-mail account and was receiving returned emails for 4 hours. After that I stopped receiving spam e-mails. Problem solved. Thank you all for the assistance. – Oggie Dec 10 '16 at 14:36
  • 2
    @Oggie: in this case somebody had probably taken over your account. You can probably be lucky that you still had access to the account, i.e. that the attacker did not change the password and locked you out. – Steffen Ullrich Dec 10 '16 at 14:50
4

Looks to me like your computer has gained some malware turning in into a spam bot, and you are receiving the bounce messages when your spam bot is blocked.

You need to remove the virus/malware on your computer

camelccc
  • 209
  • 1
  • 4
  • Isn't it also possible to cause such bounced messages to be redirected to another address? I seem to remember that being a possible DOS vector. – JAB Dec 09 '16 at 01:49
  • I've checked the computer for viruses and malware, and nothing was found. And I also do not see those messages being sent from my computer, they are not in my SENT folder. – Oggie Dec 09 '16 at 02:55
  • Check the ip addresses. Assuming your ISP is not a total idiot, it's far more likely you gave a rootkit or something that antivirus software doesn't detect. They wouldn't be in your sent folder, since use of this is on client side. Disconnect your computer from the internet and see if they subside. – camelccc Dec 09 '16 at 08:41