BT yahoo mail 'spoofing'...

[DSB SL AMG]

Have mentioned this in another post, thought best to start a new thread...

My BT yahoo account was hacked a few months ago, now every month or so multiple emails are sent out from a remote site, have changed my password many times

...BT tell me there is nothing that can be done as its 'spoofing' other than close my account and start new email addy...point is I have no idea how it was hacked as I never click on dodgy links, but researching the net seems BT yahoo have many issues....

BT info
Spoofing is a technique used by spammers where an email is sent with a forged 'From' address, in this case yours. With spoofing, emails are made to look as though they come from you, although in fact they don't. If your contacts were stolen when your account was initially compromised, spammers can send emails to your contacts by forging the sending address.

Has anyone else experienced this? is there really nothing that can be done other than terminate my email addy?

Thanks for any info,
DSB.

 

[Ted]

No, there is nothing you can do to stop your email addressed being spoofed.
Any controls on this are done either at the remote end by a number of validation processes (reverse domain lookup, SPF, or a DKIM record). Also an address that is sending out huge volumes of spam will end up on a blocklist. Anti spam utilities then use these to filter potential spam.

It is worth pointing out there is no black or white on spam (although this may surprise you given some of the content) - the correct tem for spam is Unsolicited Commercial Email (UCE) and this will be give a Spam Confidence Level (SCL) at the remote end of between 1 and 9 where 1 is almost certainly not spam and 9 is almost certainly spam.
The mails that are given a score around 4-5 are the hardest to deal with and often legit mail (say from pfizer) is classified as spam while spam gets through to your inbox.

 

[Sp!ke]

If someone spoofs the sender address then there is nothing you can do (as owner of that address) to prevent it.

I once was the host of a domain where one email address was being spoofed and the bounce backs to my server (for unknown addresses) were happening at over 1.5 million bounces an hour which got to the point where I was effectively under a DDOS attack and my server was incapacitated.

Even when I deleted the email address, my server was still getting hit by the replies. I had to turn off the domain completely for a few days before it stopped and long after that the domain remained on a RBL list and was eventually abandoned for a new domain name.

 

[DSB SL AMG]

Thanks guys for replies...what a PITA, I get hundreds of return receipts at least once a month into my inbox + its embarrassing as the ones that get through people who I know asking me why I have sent them spam links...

Seems I will need to terminate my email account and start new addy...problem is I use it for business and had it over 10 years so not so easy...

 

[John]

It is worth pointing out there is no black or white on spam

I've lost count the number of times I've said this over the last few years.

The higher up the chain of command, the less this is understood!

 

[Sp!ke]

Thanks guys for replies...what a PITA, I get hundreds of return receipts at least once a month into my inbox + its embarrassing as the ones that get through people who I know asking me why I have sent them spam links...

Seems I will need to terminate my email account and start new addy...problem is I use it for business and had it over 10 years so not so easy...

If the header is included in the bounced emails, perhaps you can PM me the headers and I will see if its possible to work out where they are being sent from.

 

[DSB SL AMG]

PM sent...thanks.

If the header is included in the bounced emails, perhaps you can PM me the headers and I will see if its possible to work out where they are being sent from.

 

[markmifsud]

Whilst the headers will reveal the current sender, my experience with this is that a large portion of them will originate from .CN and at least 90% of the listed abuse@ addresses will just be bounced or ignored.

UK and .EU seem to be pretty good in general when dealing with abuse@ emails.

 

[Sp!ke]

I haven't received a pm so wondering where it went if not me.

 

[markjay]

We had a client some years ago who would not accept that there is nothing that can be done regarding email spoofing, and demanded that we stop the spammers from using his email address.

To highlight the issue, I sent him an email explaining the situation, saying that even the UK government can not prevent spoofing.

I sent him the message with the sender's email address showing as [email protected].

He said he was astonished that I could do that, buy finally accepted that there is nothing that can be done to stop spoofing.

Incidentally, there have been several attempts to standardise around protocols that prevent spamming and spoofing, some are currently in use (e.g. SPF record), but there is still no overall solution to this issue.

 

[DSB SL AMG]

Strange..i clicked on your profile and sent private message

Have resent via messages...let me know if you got.

Thanks.

I haven't received a pm so wondering where it went if not me.

 

[DSB SL AMG]

BT told me once they have your address book they will continue until they get bored

With me if goes further as it seems they did a search on '@' and have copied every single addy from when my account was set up....so literally anyone who has ever sent me a mail gets spammed

We had a client some years ago who would not accept that there is nothing that can be done regarding email spoofing, and demanded that we stop the spammers from using his email address.

To highlight the issue, I sent him an email explaining the situation, saying that even the UK government can not prevent spoofing.

I sent him the message with the sender's email address showing as [email protected].

He said he was astonished that I could do that, buy finally accepted that there is nothing that can be done to stop spoofing.

Incidentally, there have been several attempts to standardise around protocols that prevent spamming and spoofing, some are currently in use (e.g. SPF record), but there is still no overall solution to this issue.

 

[Sp!ke]

Are you 100% sure you dont have a trojan running on one of your computers?

Someone spoofing your address wont have your contacts.

I would install malwarebytes, update to the latest dats and run a scan.

 

[DSB SL AMG]

Thanks for info....BT recommended running malwarebytes which I have done a few times...
BT said once they have email addys they will send out remotely on a regular basis...

Are you 100% sure you dont have a trojan running on one of your computers?

Someone spoofing your address wont have your contacts.

I would install malwarebytes, update to the latest dats and run a scan.

 

[Spinal]

Email crypto-signing? With some education of your contacts, at leas they'll know it's not really you...

 

[DSB SL AMG]

Correct, but still embarrassing...thankfully, most mails get blocked!

Email crypto-signing? With some education of your contacts, at leas they'll know it's not really you...

 

[Sp!ke]

Seeing as this is a generic bt email account and you use it for business, wouldn't now be a good opportunity to buy a domain name that reflects your business and transition over to that?

 

[DSB SL AMG]

Yes, good idea and maybe something to ponder moving forwards...

Seeing as this is a generic bt email account and you use it for business, wouldn't now be a good opportunity to buy a domain name that reflects your business and transition over to that?

 

[Ted]

Good advice from Spike - gives you full control, looks more professional and you can forward to different mail providers should you wish.
Cheap as chips now.

Also it usually isn't just coming from one place. Many desktops could be compromised with your email address.