Is this my Windows Live account spamming, or just a spoofed sender?

0

Recently a friend told me he had been sent spam from one of my email addresses, and today I got bounced spam which had that email address as recipient. This email address was connected to MSN Messenger a very, very long time ago. The domain is one of my private domains.

What makes me think that this is not just a spoofed sender is this line in the headers that I got in the bounced email:

Sender: <hotmail_79fd6457a78d3219@live.com>

Does this mean that someone is sending the spam using Windows Live (via SMTP) and Windows Live helps them spoof the sender? If so, would removing my account from there (which I don't use anyway) help?

Return-path: <MYADDRESS@MYDOMAIN>
Received: from mail by web1.nhbwebhosting.com with spam-scanned (Exim 4.69)
    (envelope-from <MYADDRESS@MYDOMAIN>)
    id 1SWmZr-0006hD-TF
    for info@ytcg.com; Tue, 22 May 2012 06:44:32 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
    web1.nhbwebhosting.com
X-Spam-Level: *
X-Spam-Status: No, score=1.1 required=4.5 tests=DATE_IN_PAST_06_12,
    MSGID_FROM_MTA_HEADER,RCVD_IN_DNSWL_NONE autolearn=disabled version=3.3.2
Received: from blu0-omc4-s10.blu0.hotmail.com ([65.55.111.149])
    by web1.nhbwebhosting.com with esmtp (Exim 4.69)
    (envelope-from <MYADDRESS@MYDOMAIN>)
    id 1SWmZr-0006hA-Mj
    for info@ytcg.com; Tue, 22 May 2012 06:44:31 -0400
Received: from BLU0-SMTP66 ([65.55.111.136]) by blu0-omc4-s10.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
     Tue, 22 May 2012 03:44:31 -0700
X-Originating-IP: [78.178.57.202]
X-Originating-Email: [MYADDRESS@MYDOMAIN]
Message-ID: <BLU0-SMTP6657BD341A29BE1A60A863B0020@phx.gbl>
Received: from [192.168.1.1] ([78.178.57.202]) by BLU0-SMTP66.phx.gbl over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
     Tue, 22 May 2012 03:44:30 -0700
From: <MYADDRESS@MYDOMAIN>
Subject: RE: rich Dawe
Date: Tue, 22 May 2012 03:44:16 +0000
To: info@ytcg.com
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 22 May 2012 10:44:31.0610 (UTC) FILETIME=[DEB765A0:01CD3807]
Sender: <hotmail_79fd6457a78d3219@live.com>
X-Virus-Scanned: Tested OK

Per

Posted 2012-05-26T11:24:10.753

Reputation: 3

Answers

1

The mail appears to have originated from TurkTelekom (78.178.57.202) and was accepted by a host in a range owned by Microsoft. None of the servers before web1.nhbwebhosting.com accept email so they appear to routed internally by Microsoft. It does not appear that the address was spoofed.

It would appear that a Live user has set your address as the address to use when sending email. I would report this to abuse@live.com where it should be addressed and include the headers you have above with your real address left in. I usually forward the full message including the headers. It is possible that live.com does not have an abuse user in which case you will need to check their help information for the appropriate procedure.

BillThor

Posted 2012-05-26T11:24:10.753

Reputation: 9 384

1

Another thing that may have happened is that someone hacked your Hotmail account. Spammers often hack existing accounts to use for spamming because messages from existing, active account more easily get through since they have already been seen and may even have exceptions. There are a couple of things you will want to do.

  1. Change your password to something much harder to hack. If you have a simple password, it will be easy to hack your account (it happened to one of my Hotmail accounts that had what I thought was a decent password).

  2. Check your webmail’s sent folder. If there are indeed messages sent from your account, then you were definitely hacked (I saw three messages in mine). If not, then they may simply have used your address in the spam (this used to be quite common).

Synetech

Posted 2012-05-26T11:24:10.753

Reputation: 63 242

Asked: 2012-05-26T11:24:10.753

Viewed: 1 727 times

Active: 2013-08-03T19:28:49.857