Help!
Got an e-mail from a Mailer-Daemon about a supposed e-mail I sent that could not be delivered. Problem is, I never sent the e-mail in the first place! Has someone accessed my internet account? How do I stop/fix this?
Thanks for y'all's help!
Many Blessings,
Hms

Oh dear, I had that happen. Someone had hijacked my Email. :( But I got like 300 of those messages. Maybe it's just an error.

http://www.mailsbroadcast.com/email.broadcast.faq/45.email.hijacked.htm

This can happen when a computer illiterate allows a worm to infect his/her puter. Some of them not only send themselves out to everyone in the address book, but pick names from the book to use in the "From" field. When the messages are bounced for whatever reason, whatever poor soul was selected by the worm as the "sender" will receive the response that it's undeliverable. I get them on occasion from my backup ISP's email account, which I have never used.

I'm also getting the impression that some spammers will use valid email addresses as the senders. If that happens, one could get a flood of bounces.

daemon
Last modified: Tuesday, April 22, 2003

Pronounced DEE-mun or DAY-mun. A process that runs in the background and performs a specified operation at predefined times or in response to certain events. The term daemon is a UNIX term, though many other operating systems provide support for daemons, though they're sometimes called other names. Windows, for example, refers to daemons as System Agents and services.

Typical daemon processes include print spoolers, e-mail handlers, and other programs that perform administrative tasks for the operating system. The term comes from Greek mythology, where daemons were guardian spirits.Daemon (http://webopedia.internet.com/TERM/d/daemon.html)

Who is the Mailer-Daemon?

No need to call an exorcist if you get an email from the Mailer-Daemon; this is just a message from the email server itself. Usually you only hear from the email server when it has trouble delivering an email you sent.

A daemon is a program that works behind the scenes on a server, doing useful things.Who is the Mailer-Daemon? (http://www.spokaneschools.org/help/articles/Mailer-Daemon.stm)

DoctorDoom,
Do I need to do anything to fix my computer? I have a firewall, anti-virus, spy-bot, AOL spam blocker, spyware blaster, and ad-aware, do I need something else to prevent these mailer-daemons from happening?

Do I need to do anything to fix my computer? I have a firewall, anti-virus, spy-bot, AOL spam blocker, spyware blaster, and ad-aware, do I need something else to prevent these mailer-daemons from happening?Generally, there's nothing you can do, because it's not your computer that's doing it.

It might be because you misaddressed an email or the address that you used was no longer valid. This can happen when using "Reply to all" when responding to an email that was sent to multiple recipients, or when you send one out to a group, and in either case at least one of the addresses is invalid.

If you know it's not something you sent, then most likely it's because the machine of someone who has your email address has been infected, and the worm randomly chose your address for the "From" field entry.

Thanks for the help DoctorDoom -- I was just worried, since I KNEW I had not sent any e-mails (and in fact, had not even had my computer turned on at the time they were supposedly sent!), that somebody had possibly hacked my internet account and was sending things out with my screenname.

I'm trying to educate myself on this computer stuff as best I can, but everything gets so conufusing!

Anyway, thanks again for the help ... once again, you're my hero!
Many Blessings,
Hms

Many times if you right click on the message header and choose Properties you'll see the true path that the email came from. DoctorDoom is correct - spammers will often times fudge the mail-from field with email addresses they've retrieved from various spammers.

Best thing you can really do is track it back to its real origin, identify the domain name or IP... in at least one case, I did that and tracked a message back to a garage-door company in Indianapolis, IN. I called their IT department and explained to them that I was repeatedly receiving spam messages from someone on their system. They didn't believe me at first, but when I forwarded them the messages they were able to determine that one of their employees was using company computer resources to conduct a world-wide spam campaign. Subsequently I got an email from the CEO of the company thanking me for taking the time to contact them - and assuring me that I would be receiving no more spam. I got the impression that the fellow responsible was either fired or given an ultimatum.

They try to get AOL addresses alot now because AOL has got so strict with their spam filters and they know they do not block anything with an AOL address. :(

Here's an email i received a couple days ago, obviously spam


NICON ASSOCIATES
45/46 NICON HOUSE Ste 4
LAGOS,NIGERIA.
From the desk of:ERICSON SMITH(ATTORNEY)
HEAD OF CHAMBER
Our Ref:........Your Ref:........Date:.....
ATTENTION:
Dear Sir,
URGENT BUSINESS REQUEST
I am a lawyer resident and practicing in LAGOS,
NIGERIA and I am using this correspondence to urgently seek and
request
your assistance and cooperation in a sensitive but highly beneficial
financial arrangement.Important clients of mine whose details I
cannot
release at this point has implored me to contact a reliable and
trustworthy
partner overseas to urgently receive and handle funds totaling THIRTY
MILLION US DOLLARS (US$30.M) in CASH presently lodged in a
security/finance outfit in LONDON (UK). Due to my client's inability
to travel out of the country presently and the fact that we continue
to accumulate huge debts daily as long as this consignment remains in
the security company we need a friend and partner to proceed as soon
as possible and retrieve this money on behalf of my clients and handle
it as duly instructed.
We intend to share this amount as follows: 65% for I
and my clients, 30% for your and 5% for any
contingencies. We expect this deal to be completed
within 14 (fourteen) working days, and all our
transaction shall be in accordance with the laws and
procedures on international remittance of fund.
Thank you in anticipation of your cooperation and hoping
to hear from you soon.
Yours' sincerely,
ERICSON SMITH(ATTORNEY)


------------------------------------------

Faites un voeu et puis Voila ! www.voila.fr


The return email address is apparently ericson1935@voila.fr <ericson1935@voila.fr> but is it really? Right click on the header, choose properties and you get:

Return-Path: <ericson1935@voila.fr>
Received: from mwinf4009.voila.fr ([192.168.1.3]) by mta007.verizon.net
(InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP
id <20041103205546.CQOT13705.mta007.verizon.net@mwinf4 009.voila.fr>
for <paul.calloway@verizon.net>; Wed, 3 Nov 2004 14:55:46 -0600
Received: from mwinf4009.voila.fr (193.252.22.174) by sc018pub.verizon.net (MailPass SMTP server v1.1.1 - 121803235448JY) with ESMTP id <1-998-173-998-208656-1-1099515343> for mta007.verizon.net; Wed, 3 Nov 2004 14:55:47 -0600
Received: from me-wanadoo.net (localhost [127.0.0.1])
by mwinf4009.voila.fr (SMTP Server) with SMTP
id C270218000A3; Wed, 3 Nov 2004 21:55:42 +0100 (CET)
Received: from wwinf4002 (wwinf4002 [172.22.157.29])
by mwinf4009.voila.fr (SMTP Server) with ESMTP
id B8C7D1800085; Wed, 3 Nov 2004 21:55:42 +0100 (CET)
Message-ID: <29744411.1099515342757.JavaMail.www@wwinf4002>
From: ericson1935@voila.fr
Reply-To: ericson1935@voila.fr
Subject: URGENT RESPONSE
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_26852_6889542.1099515342746"
X-Originating-IP: [213.181.81.58]
Date: Wed, 3 Nov 2004 21:55:42 +0100 (CET)
To: undisclosed-recipients: ;

Run an IP trace on 172.22.157.29 at http://www.arin.net/whois/ and you'll get:

OrgName: Internet Assigned Numbers Authority
OrgID: IANA (http://ws.arin.net/cgi-bin/whois.pl?queryinput=O%20!%20IANA)
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US

NetRange: 172.16.0.0 (http://ws.arin.net/cgi-bin/whois.pl?queryinput=172.16.0.0) - 172.31.255.255 (http://ws.arin.net/cgi-bin/whois.pl?queryinput=172.31.255.255)
CIDR: 172.16.0.0/12
NetName: IANA-BBLK-RESERVED (http://ws.arin.net/cgi-bin/whois.pl?queryinput=N%20.%20IANA-BBLK-RESERVED)
NetHandle: NET-172-16-0-0-1 (http://ws.arin.net/cgi-bin/whois.pl?queryinput=N%20!%20NET-172-16-0-0-1)
Parent: NET-172-0-0-0-0 (http://ws.arin.net/cgi-bin/whois.pl?queryinput=N%20NET-172-0-0-0-0)
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate: 1994-03-15
Updated: 2002-09-12

OrgAbuseHandle: IANA-IP-ARIN (http://ws.arin.net/cgi-bin/whois.pl?queryinput=P%20!%20IANA-IP-ARIN)
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org

OrgTechHandle: IANA-IP-ARIN (http://ws.arin.net/cgi-bin/whois.pl?queryinput=P%20!%20IANA-IP-ARIN)
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org

# ARIN WHOIS database, last updated 2004-11-06 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

That's where this email really came from, not france as the return address suggests. You can use that information to report the abuse... and you may even get a response.

The header usually contains valuable tracking information, but not always. Even the header info can be spoofed. Further info:

E-mail Header Spoofing Information (http://eleccomm.ieee.org/header-spoofing.shtml)

Where From Art Thou, Klez? (http://antivirus.about.com/od/virusdescriptions/a/klezspoof.htm)

Understanding E-mail Spoofing (http://www.windowsecurity.com/articles/Email-Spoofing.html)