Undeliverable messages....getting on my tats now
#1
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: The poliotical wing of Chip Sengravy.
Posts: 6,129
Likes: 0
Received 0 Likes
on
0 Posts
Undeliverable messages....getting on my tats now
I keep getting tonnes of email bouncing back to me saying undeliverable message, I have NAV, and have done various online AV scans , all these come up clean, by the way these are messages I have never sent.
I also use adaware,spybot,spy sweeper, I connect to the net via a ADSL router, I think this has some kind of firewall built in.
I get in the region of 10-20 of these every day, they say they are undelivered from my address, however, not one has come from somebody in my address book, although by chance, although the odd one is recognisable - a lad that works for us now used to copy me in on all his email funnies etc - some of the other recipients of these messages ( from ages ago ) are now coming back to me saying undelivered, the bulk of them are just from clearly bogus addresses.
Is a third party using my email address to send out spam??, BTW, some of these are infected with various viruses by the looks of it, others tell me the contents of the mesage can be viewed at blah,blah blah ( a link ), when I hover my mouse over the link though a load of gobledygook apears at the bottom of the message pane.
Any ideas?
Thanks if you can help,
Mike.
I also use adaware,spybot,spy sweeper, I connect to the net via a ADSL router, I think this has some kind of firewall built in.
I get in the region of 10-20 of these every day, they say they are undelivered from my address, however, not one has come from somebody in my address book, although by chance, although the odd one is recognisable - a lad that works for us now used to copy me in on all his email funnies etc - some of the other recipients of these messages ( from ages ago ) are now coming back to me saying undelivered, the bulk of them are just from clearly bogus addresses.
Is a third party using my email address to send out spam??, BTW, some of these are infected with various viruses by the looks of it, others tell me the contents of the mesage can be viewed at blah,blah blah ( a link ), when I hover my mouse over the link though a load of gobledygook apears at the bottom of the message pane.
Any ideas?
Thanks if you can help,
Mike.
#2
Someone with you in their contacts list has the Netsky virus and is using your address to send out virus messages. They then get knocked back by AV software on the recipients machine and YOU get the message. You need to track down the culprit. Its possible if you check the headers on the original message to get teh IP and PC name, which if they are on your network will help.
#3
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: The poliotical wing of Chip Sengravy.
Posts: 6,129
Likes: 0
Received 0 Likes
on
0 Posts
here is a typical one, I take it by the headers you mean the message properties..
X-Symantec-TimeoutProtection: 0
X-Symantec-TimeoutProtection: 1
Return-Path: <a0610050abca188db8ebe@[172.26.0.12].0.8>
Delivered-To: my email addy Received: (qmail 5721 invoked from network); 16 Apr 2004 09:22:04 -0000
Received: from unknown (HELO my domain name) (**.**.***.***)
by 0 with SMTP; 16 Apr 2004 09:22:04 -0000
From: a0610050abca188db8ebe@[172.26.0.12].0.8
To: my email addy
Subject: Mail Delivery (failure my email addy)
Date: Fri, 16 Apr 2004 11:21:26 +0200
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: Normal
Does this make any sense to you lot?,
alot of the message properties list the line as below, although the IP address changes now and again.:
Received: from unknown (HELO my domain name) (**.**.***.***)
X-Symantec-TimeoutProtection: 0
X-Symantec-TimeoutProtection: 1
Return-Path: <a0610050abca188db8ebe@[172.26.0.12].0.8>
Delivered-To: my email addy Received: (qmail 5721 invoked from network); 16 Apr 2004 09:22:04 -0000
Received: from unknown (HELO my domain name) (**.**.***.***)
by 0 with SMTP; 16 Apr 2004 09:22:04 -0000
From: a0610050abca188db8ebe@[172.26.0.12].0.8
To: my email addy
Subject: Mail Delivery (failure my email addy)
Date: Fri, 16 Apr 2004 11:21:26 +0200
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_001B_01C0CA80.6B015D10"
X-Priority: 3
X-MSMail-Priority: Normal
Does this make any sense to you lot?,
alot of the message properties list the line as below, although the IP address changes now and again.:
Received: from unknown (HELO my domain name) (**.**.***.***)
#4
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: The poliotical wing of Chip Sengravy.
Posts: 6,129
Likes: 0
Received 0 Likes
on
0 Posts
Apologies for keeping posting gibberish, I have looked up the most common IP addy that appears in these messages I am getting, does this mean anything to anyone?
% This is the RIPE Whois server.% The objects are in RPSL format.%% Rights restricted by copyright.% See http://www.ripe.net/ripencc/pub-services/db/copyright.htmlinetnum: 81.106.64.0 - 81.106.95.255netname: NTLdescr: NTL Infrastructure - Oldhamcountry: GBadmin-c: NNMC1-RIPEtech-c: NNMC1-RIPEstatus: ASSIGNED PAmnt-by: AS5089-MNTremarks: INFRA-AWchanged: hostmaster@ntli.net 20030120source: RIPEroute: 81.96.0.0/12descr: NTL-UK-IP-BLOCKorigin: AS5089mnt-by: AS5089-MNTchanged: hostmaster@ntli.net 20020614source: RIPErole: NTLI Network Management Centreaddress: NTL Internetaddress: Crawley Courtaddress: Winchesteraddress: Hampshireaddress: SO21 2QAtrouble: -------------------------------------------------------trouble: For abuse notifications please -trouble: file an online case @ http://www.ntlworld.com/netreporttrouble: +44 2920 305142trouble: -------------------------------------------------------trouble: For peering issues/requests please -trouble: email : peering@ntli.nettrouble: -------------------------------------------------------admin-c: MH22007-RIPEadmin-c: CF2297-RIPEadmin-c: CM1377-RIPEtech-c: MH22007-RIPEtech-c: CF2297-RIPEtech-c: CM1377-RIPEnic-hdl: NNMC1-RIPEmnt-by: AS5089-MNTnotify: data.planning@ntl.come-mail: data.planning@ntl.comchanged: hostmaster@ntli.net 20020815changed: hostmaster@ntli.net 20020913changed: hostmaster@ntli.net 20030328changed: hostmaster@ntli.net 20030401changed: hostmaster@ntli.net 20030603changed: hostmaster@ntli.net 20030707changed: hostmaster@ntli.net 20040303changed: hostmaster@ntli.net 20040312source: RIPE
% This is the RIPE Whois server.% The objects are in RPSL format.%% Rights restricted by copyright.% See http://www.ripe.net/ripencc/pub-services/db/copyright.htmlinetnum: 81.106.64.0 - 81.106.95.255netname: NTLdescr: NTL Infrastructure - Oldhamcountry: GBadmin-c: NNMC1-RIPEtech-c: NNMC1-RIPEstatus: ASSIGNED PAmnt-by: AS5089-MNTremarks: INFRA-AWchanged: hostmaster@ntli.net 20030120source: RIPEroute: 81.96.0.0/12descr: NTL-UK-IP-BLOCKorigin: AS5089mnt-by: AS5089-MNTchanged: hostmaster@ntli.net 20020614source: RIPErole: NTLI Network Management Centreaddress: NTL Internetaddress: Crawley Courtaddress: Winchesteraddress: Hampshireaddress: SO21 2QAtrouble: -------------------------------------------------------trouble: For abuse notifications please -trouble: file an online case @ http://www.ntlworld.com/netreporttrouble: +44 2920 305142trouble: -------------------------------------------------------trouble: For peering issues/requests please -trouble: email : peering@ntli.nettrouble: -------------------------------------------------------admin-c: MH22007-RIPEadmin-c: CF2297-RIPEadmin-c: CM1377-RIPEtech-c: MH22007-RIPEtech-c: CF2297-RIPEtech-c: CM1377-RIPEnic-hdl: NNMC1-RIPEmnt-by: AS5089-MNTnotify: data.planning@ntl.come-mail: data.planning@ntl.comchanged: hostmaster@ntli.net 20020815changed: hostmaster@ntli.net 20020913changed: hostmaster@ntli.net 20030328changed: hostmaster@ntli.net 20030401changed: hostmaster@ntli.net 20030603changed: hostmaster@ntli.net 20030707changed: hostmaster@ntli.net 20040303changed: hostmaster@ntli.net 20040312source: RIPE
#6
Scooby Senior
Scanning the address book for email addresses is yesterdays trick. Modern day viruses and spammers search web pages either live or on a victims machine. You only have to post your email address on a web page, that's it. Don't feel bad and set a rule to move the returned emails, check occationaly for genuine ones.
Trending Topics
#8
To add to what Jack said...
NetSky.D (as an example) will look in:
.adb
.asp
.cgi
.dbx
.dhtm
.doc
.eml
.htm
.oft
.php
.pl
.rtf
.sht
.shtm
.msg
.tbb
.txt
.uin
.vbs
.wab
for e-mail addresses to send it's self to.
NetSky.D (as an example) will look in:
.adb
.asp
.cgi
.dbx
.dhtm
.doc
.eml
.htm
.oft
.php
.pl
.rtf
.sht
.shtm
.msg
.tbb
.txt
.uin
.vbs
.wab
for e-mail addresses to send it's self to.
#11
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: The poliotical wing of Chip Sengravy.
Posts: 6,129
Likes: 0
Received 0 Likes
on
0 Posts
here's a question for you..
81.106.94.93 resolves to spr2-stkp3-6-0-cust93.manc.broadband.ntl.com
how do I find out who this is?
81.106.94.93 resolves to spr2-stkp3-6-0-cust93.manc.broadband.ntl.com
how do I find out who this is?
#12
Scooby Regular
Join Date: Dec 2003
Location: cheshire
Posts: 1,180
Likes: 0
Received 0 Likes
on
0 Posts
#13
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: The poliotical wing of Chip Sengravy.
Posts: 6,129
Likes: 0
Received 0 Likes
on
0 Posts
waste of time:
At last, just had a response..sort of anyway. I tried calling Ntl tech support today, is it just me, or are customer support phone No's a bit thin on the ground on ntl's website.
So I rang sales instead, surprise surprise I got an answer in 2.73 seconds . When the guy that answred finished his opening spiel I told him I need tech support, but not being an Ntl customer I had rung sales hoping to be put through. He put me through to some girl that knew what a computer was, but there endeth the story . To her credit she took my phone No, and promised someone would call me back.
So they just called me back..
Ring ring.... ( shortened version)
NTL:Hello is that Mr mj1?
Me: yes
NTL:IYou reported a problem with Ntl....
Me: yes, are you on the technical side?
NTL: [smug] yes [/smug].
Me: ok, I keep getting viruses sent to me by an ntl user that is spoofing my email address
NTL:right ok, update your antivirus protection...etc,etc,etc
Me: I already have, makes no difference, and have done various AV scans, I have the IP address of the original sender.
NTL:ok, just hang on a minute ( she dissapears for 2 minutes while asking what an IP address is )
NTL:mj1?
Me: yes?
NTL:I have just spoken to one of our guys what is more of wizz with computers that me ( err, not too difficult then, the cleaner must be in ), and he says you need to update your antivirus protection...etc,etc,etc
Me: I've done that, I have checked out the IP from the message headers and they resolve to an Ntl user, can I speak to the guy your'e speaking to please?
NTL:ok, just hang on a minute ( she dissapears for another 2 minutes while asking what resolve means, and tries to find the cleaner she was just talking to... )
zzzzzzzzzzzzzz............................
NTL:mj1?
Me: hello.
NTL:Hi, err...... yes, he says you need to go to doubleyew,doubleyew,doubleyew, dot, broadband, dot, com. You can check the IP address there.
Me: I've checked the IP address, it always comes back to Ntl.
NTL:errrr
Me: Can I speak to someone in tech support please?
NTL: OK, ( can't get off the bloody phone fast enough ) I'll put you through...
Ring ring....
NTL: Hello, you have reached NTL Customer services..............please enter your Ntl telephone No after the tone......
Me: AAAAAAAARRRRRRGGGGGGGGHHHHHHHHHHHHHHHHHHHH
Moan over.
At last, just had a response..sort of anyway. I tried calling Ntl tech support today, is it just me, or are customer support phone No's a bit thin on the ground on ntl's website.
So I rang sales instead, surprise surprise I got an answer in 2.73 seconds . When the guy that answred finished his opening spiel I told him I need tech support, but not being an Ntl customer I had rung sales hoping to be put through. He put me through to some girl that knew what a computer was, but there endeth the story . To her credit she took my phone No, and promised someone would call me back.
So they just called me back..
Ring ring.... ( shortened version)
NTL:Hello is that Mr mj1?
Me: yes
NTL:IYou reported a problem with Ntl....
Me: yes, are you on the technical side?
NTL: [smug] yes [/smug].
Me: ok, I keep getting viruses sent to me by an ntl user that is spoofing my email address
NTL:right ok, update your antivirus protection...etc,etc,etc
Me: I already have, makes no difference, and have done various AV scans, I have the IP address of the original sender.
NTL:ok, just hang on a minute ( she dissapears for 2 minutes while asking what an IP address is )
NTL:mj1?
Me: yes?
NTL:I have just spoken to one of our guys what is more of wizz with computers that me ( err, not too difficult then, the cleaner must be in ), and he says you need to update your antivirus protection...etc,etc,etc
Me: I've done that, I have checked out the IP from the message headers and they resolve to an Ntl user, can I speak to the guy your'e speaking to please?
NTL:ok, just hang on a minute ( she dissapears for another 2 minutes while asking what resolve means, and tries to find the cleaner she was just talking to... )
zzzzzzzzzzzzzz............................
NTL:mj1?
Me: hello.
NTL:Hi, err...... yes, he says you need to go to doubleyew,doubleyew,doubleyew, dot, broadband, dot, com. You can check the IP address there.
Me: I've checked the IP address, it always comes back to Ntl.
NTL:errrr
Me: Can I speak to someone in tech support please?
NTL: OK, ( can't get off the bloody phone fast enough ) I'll put you through...
Ring ring....
NTL: Hello, you have reached NTL Customer services..............please enter your Ntl telephone No after the tone......
Me: AAAAAAAARRRRRRGGGGGGGGHHHHHHHHHHHHHHHHHHHH
Moan over.
Thread
Thread Starter
Forum
Replies
Last Post
rob oneill
Computer & Technology Related
4
21 March 2004 07:26 PM