Mysterious returned e-mails

tbernstein · Joined: May 16, 2003 Posts: 1668 Location: London

In one of my web based e-mail accounts ( Myrealbox.com) I periodically get a Returned mail:Delivery status notification as pasted below. I have up-to date AV software, anti spyware etc. All the usual stuff is or has been protecting my system. I don't get this problem with any other e-mail account.
I'd just like an explanation if any one has one.

Here's what I get;

From: Mail Delivery System
To: ( I replaced.myusername)@psmtp-send.myrealbox.com
Cc:
Date: 08/06/04 20:10
Subject: Returned mail: Delivery Status Notification
Attachments: (225 Bytes) (85 Bytes)

The original message was received Mon, 02 Jun 2008 12:49:15 -0600
from myusername agaian DeleteThis @psmtp-send.myrealbox.com

----- The following address(es) had permanent fatal errors -----
<apache DeleteThis @thomaspoint.lhhost.com>; originally to apache DeleteThis @thomaspoint.lhhost.com (unrecoverable error)
The mail system encountered a delivery failure, code -11.
This failure could be due to circumstances out of its control,
please check the transcript for details

From:
To:
Cc:
Date:
Subject: (no subject)

--1212605389-1093-psmtp-send.myrealbox.com--

Confused

micker377 · Joined: May 27, 2005 Posts: 1059

Do you recognize the "To:" field on the returned e-mails? If not, it is probably spammers who have gotten ahold of your e-mail address, and is sending spam on your behalf! Some will go to "dead" accounts - so they get bounced back to you, the "sender". The only "cure" is to change your e-mail address. That will put a temporary stop to this action - until a "crawler" finds you again!

tbernstein · Joined: May 16, 2003 Posts: 1668 Location: London

The To: was my own user name. I just replaced it in this posting, with those words.
Where later on there's a string of numbers@etc, I have no idea abut that.

Baby_Tux · Joined: Mar 06, 2007 Posts: 1242

Make sure that the address is correct (no typos) & that the party you are sending it to hasn't changed addresses. Also, some (companies especially) mail server's filters will catch certain words or phrases as "spam" & reject them. Pay close attention as to what you put in subject & address lines.

If that doesn't work, contact the party & see if they have issues on there end. - I had this problem with the College I attend. Was something on there end as that address was the only one acting up, intermittently on top of it all. (never knew when it would go through) I ended up using another email account to send to them. Good thing I only had to do that once in a blue moon.

tbernstein · Joined: May 16, 2003 Posts: 1668 Location: London

Quote: " I don't get this problem with any other e-mail account. "

Quote :
"From:
To:
Cc:
Date:
Subject: (no subject)"

These messages don't reference any specific e-mail and so no sender/recipient. I thought that was obvious, sorry.
It's that that makes this mysterious. I just get these messages. Lots of them over time.

(And as it happens I haven't sent any e-mails to be bounced. This account isn't used for normal e-mailing, just subscriptions and registrations etc.)

micker377 · Joined: May 27, 2005 Posts: 1059

That's what I meant. I have had e-mails from me to me!!!

Baby_Tux · Joined: Mar 06, 2007 Posts: 1242

tbernstein · Joined: May 16, 2003 Posts: 1668 Location: London

If I was getting normal Spam I would understand it better. (And this service has a spamblocker.)
But these are just bounced e-mail messges, bouncing a series of e-mails that it thinks I've sent it. But not saying what the messages they have bounced are, which it would normally, if for example I'd mistyped the address.
Ditto, I know there's no spyware on my system that is phoning home, because this is the least vulnerable of my many e-mail accounts and I have currently or have had all the usual recommended protection on my system.
And this does seem to be a response to an e-mail. Or is it?
Query; What is thomaspoint.lhhost.com? They don't appear in Google

Lhhost.com I know is a web hosting company.
I have one theory, but I don't know it it's sensible. Could one of the little utilities or programmes that I've installed (all well known recommended programmes) be checking for updates on a site that is no longer valid? Would that be treated as an e-mail, as this seems to be. Or is that way off target?

seaeagle

Most likely it is just a spambot sending out emails from infected PCs all around the world. These bots set up their own mini-SMTP (send email) servers on the infected PCs, so the emails do not have to be routed through the PC owner's ISP's SMTP server. They have to put something in the "From" field, otherwise the emails won't be accepted at the other end. So they either use random combinations of names and ISPs, or they have their own mini-database of valid email addresses that the bot writer has collected and included in the virus/trojan when released on to the Internet.

Otherwise, the bots could be sending out emails that appear to be bounced ones (as in just making the subject "returned mail"), which is why you don't see where the emails have bounced from. It is a fairly common tactic, as many people who are loathe to open any emails that look like spam will let their defences down when it comes to "bounced" emails. Most likely the fake bounced emails contain nasty stuff themselves which is intended to install when the recipient opens the email to see why it had bounced.

The best thing is just to delete these bounced emails. If they are bouncing from addresses unknown to you and not in your address book, then it is extremely unlikely that your PC has been compromised (though you should still run the usual antivirus & malware scans regularly to be on the safe side).

Look at it this way. I get bounced emails returned to me regularly, and I use Linux, not Windows. Since there are no viruses for Linux, there is no way my PC could have been infected. But I do have fairly common first and last names, and the day had to come when one of the bots doing the rounds would get the combination right & use one of my addresses as the "From:" address. It looks like the same has happened to you.

Baby_Tux · Joined: Mar 06, 2007 Posts: 1242

Thanks, seaeagle, that is what I was TRYING to say but evidently I couldn't spit it out.

Yeah, all this has NOTHING to do with YOUR COMPUTER or even your web email OTHER THAN the fact that the address of your account is in involved. As seaeagle said, the spambots are on other compromised computers, where ever, but they have YOUR address (among others) & send email with it that looks like they came from YOU. As I said, very easy to spoof someone else's emails. So as seaeagle said, if they can't be delivered they bounce back to you as the recipients email server THINKS that is where it came from.

Funny, Unless the header has been altered (which is part of the spoofing process, so it probably has) you can track the email by info in it. - I'd (myself since I can read them) probably look anyway out of being curious but I doubt it would do any good.

zlim · Joined: Mar 11, 2005 Posts: 2747

You know all those forwarded emails that you get from "well-meaning" friends and relatives? Some of those have lots of email addresses because clueless users do not know you strip out the addresses or use the blind caron copy when sending. If one of the people in the cc field has an infected computer, guess what, your email address is in their address book and will be used as an email address to send crap out.

I told my brother-in-law not to forward anything to me. He didn't get it and as a result is no longer speaking to me. Oh well, at least I'm not getting forwarded email that I don't want from him.

Baby_Tux · Joined: Mar 06, 2007 Posts: 1242

I've also noticed that (some) email programs will default to adding any you send to, to your address book as well. Until this dawned on me I couldn't figure out how all of those addresses were getting in there as it use to NOT be default. - & one I HAD it shut off. (somehow flipped back - M$ good for that) - Some "companies" & there infinite wisdom.

zlim · Joined: Mar 11, 2005 Posts: 2747

I've never used any MS email programs so fortunately I don't have an addressbook from them on any of my computers.

Baby_Tux · Joined: Mar 06, 2007 Posts: 1242

Personally, I use thunderbird, & recently found the Linux version to do this. (STRANGE... as I've never encountered it in TB before - usually M$) when I 1st ran it. But by NOW, I know what causes it & immediately shut it off. BTW: had some web based one do this by default, too. But thankfully the controls on it let me "kill" it. (please don't ask which one as it's been to long ago & I think it was one of the ODD one's)