Spammer using my email as address

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
Seasonal
Posts: 2719
Joined: Sun May 21, 2017 1:49 pm

Spammer using my email as address

Post by Seasonal »

I just received over 100 'Mail Delivery Failure' messages. Someone had spoofed my email address as the sender of some spam email to recipients with names starting with 's' @bellsouth.net. The emails ask the recipient to verify their username and password at SunTrust bank.

They were using my email account at my ISP, if that matters. I wrote to the ISP, but they are seldom helpful.

Is there anything useful I can do about this?
refinedchain
Posts: 27
Joined: Tue Feb 17, 2015 10:32 am

Re: Spammer using my email as address

Post by refinedchain »

Seasonal wrote: Mon Sep 21, 2020 7:59 am I just received over 100 'Mail Delivery Failure' messages. Someone had spoofed my email address as the sender of some spam email to recipients with names starting with 's' @bellsouth.net. The emails ask the recipient to verify their username and password at SunTrust bank.

They were using my email account at my ISP, if that matters. I wrote to the ISP, but they are seldom helpful.

Is there anything useful I can do about this?
No except to block those mail delivery failures.

You could have the same issue with physical mail. Pence back in the day used to receive notifications by mail thanking him for donating to causes he didn't donate to.
User avatar
cheese_breath
Posts: 10358
Joined: Wed Sep 14, 2011 7:08 pm

Re: Spammer using my email as address

Post by cheese_breath »

Get a new Email address and cancel that one.
The surest way to know the future is when it becomes the past.
Topic Author
Seasonal
Posts: 2719
Joined: Sun May 21, 2017 1:49 pm

Re: Spammer using my email as address

Post by Seasonal »

refinedchain wrote: Mon Sep 21, 2020 8:16 am
Seasonal wrote: Mon Sep 21, 2020 7:59 am I just received over 100 'Mail Delivery Failure' messages. Someone had spoofed my email address as the sender of some spam email to recipients with names starting with 's' @bellsouth.net. The emails ask the recipient to verify their username and password at SunTrust bank.

They were using my email account at my ISP, if that matters. I wrote to the ISP, but they are seldom helpful.

Is there anything useful I can do about this?
No except to block those mail delivery failures.

You could have the same issue with physical mail. Pence back in the day used to receive notifications by mail thanking him for donating to causes he didn't donate to.
That was my assumption, but I thought I'd ask anyway.
Topic Author
Seasonal
Posts: 2719
Joined: Sun May 21, 2017 1:49 pm

Re: Spammer using my email as address

Post by Seasonal »

cheese_breath wrote: Mon Sep 21, 2020 8:16 am Get a new Email address and cancel that one.
It's the verification email on a lot of accounts. Changing would be a major hassle. I'll probably change the password out of paranoia, but it doesn't seem you need a password to spoof an email address.
Kuna_Papa_Wengi
Posts: 52
Joined: Sun Mar 08, 2015 1:55 pm
Location: Rocinante

Re: Spammer using my email as address

Post by Kuna_Papa_Wengi »

It's odd that bellsouth.net doesn't have an SPF record. That's some basic spoofing protection that makes it a little harder for these things to happen. Anyone can spoof bellsouth.net email addresses and there's no way for a mail server to know that it's not legitimate.

It might be a good idea to transition to a more secure email service. In the mean time, create a filter to trash those messages.
Topic Author
Seasonal
Posts: 2719
Joined: Sun May 21, 2017 1:49 pm

Re: Spammer using my email as address

Post by Seasonal »

Kuna_Papa_Wengi wrote: Mon Sep 21, 2020 8:31 am It's odd that bellsouth.net doesn't have an SPF record. That's some basic spoofing protection that makes it a little harder for these things to happen. Anyone can spoof bellsouth.net email addresses and there's no way for a mail server to know that it's not legitimate.

It might be a good idea to transition to a more secure email service. In the mean time, create a filter to trash those messages.
I'm a bit surprised that bellsouth didn't automatically block my email after a while. If I got over 100 Mail Delivery Failures in less than one minute I'd imagine a lot more went through. FWIW, the recipients were all bellsouth, but I use a different ISP.

The headers claim that the emails were scanned by Cloudmark Authority Engine, which is supposed to block all forms of abuse.

One failure message came at 8:49, but all of the others came at 8:29. I haven't received any since.

I mainly use gmail. I probably should create a new gmail account that's only used for verification. I got a reply from my ISP saying to do a virus scan and change my password. In response to a follow-up, they agreed it was likely just someone spoofing my email and they had no indication there was any breach of my account.
Lee_WSP
Posts: 4248
Joined: Fri Apr 19, 2019 5:15 pm
Location: Arizona

Re: Spammer using my email as address

Post by Lee_WSP »

Seasonal wrote: Mon Sep 21, 2020 8:24 am
cheese_breath wrote: Mon Sep 21, 2020 8:16 am Get a new Email address and cancel that one.
It's the verification email on a lot of accounts. Changing would be a major hassle. I'll probably change the password out of paranoia, but it doesn't seem you need a password to spoof an email address.
You want to continue using a very weakly secured email provider for your verification emails!!!!???? :oops:
Topic Author
Seasonal
Posts: 2719
Joined: Sun May 21, 2017 1:49 pm

Re: Spammer using my email as address

Post by Seasonal »

Lee_WSP wrote: Mon Sep 21, 2020 11:11 am
Seasonal wrote: Mon Sep 21, 2020 8:24 am
cheese_breath wrote: Mon Sep 21, 2020 8:16 am Get a new Email address and cancel that one.
It's the verification email on a lot of accounts. Changing would be a major hassle. I'll probably change the password out of paranoia, but it doesn't seem you need a password to spoof an email address.
You want to continue using a very weakly secured email provider for your verification emails!!!!???? :oops:
What evidence is there that it's a very weakly secured email provider?

The headers pointing to my email address result in: spf=softfail; sender-id=softfail
The headers include Authentication-Results: smtp02.XXXX.YYYYY.synacor.com smtp.user=briesemw; auth=pass (LOGIN). That is not my username and synacor is not my ISP.

My understanding is that it's not difficult to spoof an email address.
Lee_WSP
Posts: 4248
Joined: Fri Apr 19, 2019 5:15 pm
Location: Arizona

Re: Spammer using my email as address

Post by Lee_WSP »

Seasonal wrote: Mon Sep 21, 2020 11:26 am What evidence is there that it's a very weakly secured email provider?

My understanding is that it's not difficult to spoof an email address.
If they are taking a laissez faire attitude towards allowing spoofing to occur by not even bothering to update their systems, what makes you think they're updating the rest of their security features?

Cyber security starts with regular & frequent updates to software to patch known exploits.
Topic Author
Seasonal
Posts: 2719
Joined: Sun May 21, 2017 1:49 pm

Re: Spammer using my email as address

Post by Seasonal »

Lee_WSP wrote: Mon Sep 21, 2020 1:59 pm
Seasonal wrote: Mon Sep 21, 2020 11:26 am What evidence is there that it's a very weakly secured email provider?

My understanding is that it's not difficult to spoof an email address.
If they are taking a laissez faire attitude towards allowing spoofing to occur by not even bothering to update their systems, what makes you think they're updating the rest of their security features?

Cyber security starts with regular & frequent updates to software to patch known exploits.
How is an ISP supposed to prevent another ISP from accepting spoofed emails?
Lee_WSP
Posts: 4248
Joined: Fri Apr 19, 2019 5:15 pm
Location: Arizona

Re: Spammer using my email as address

Post by Lee_WSP »

Kuna_Papa_Wengi wrote: Mon Sep 21, 2020 8:31 am It's odd that bellsouth.net doesn't have an SPF record. That's some basic spoofing protection that makes it a little harder for these things to happen. Anyone can spoof bellsouth.net email addresses and there's no way for a mail server to know that it's not legitimate.

It might be a good idea to transition to a more secure email service. In the mean time, create a filter to trash those messages.
Seasonal wrote: Mon Sep 21, 2020 2:04 pm [quote=Lee_WSP post_id=5507676 time=<a href="tel:1600714791">1600714791</a> user_id=147765]
[quote=Seasonal post_id=5507369 time=<a href="tel:1600705584">1600705584</a> user_id=121294]
What evidence is there that it's a very weakly secured email provider?

My understanding is that it's not difficult to spoof an email address.
If they are taking a laissez faire attitude towards allowing spoofing to occur by not even bothering to update their systems, what makes you think they're updating the rest of their security features?

Cyber security starts with regular & frequent updates to software to patch known exploits.
[/quote]
How is an ISP supposed to prevent another ISP from accepting spoofed emails?
[/quote]
Topic Author
Seasonal
Posts: 2719
Joined: Sun May 21, 2017 1:49 pm

Re: Spammer using my email as address

Post by Seasonal »

Kuna_Papa_Wengi wrote: Mon Sep 21, 2020 8:31 am It's odd that bellsouth.net doesn't have an SPF record. That's some basic spoofing protection that makes it a little harder for these things to happen. Anyone can spoof bellsouth.net email addresses and there's no way for a mail server to know that it's not legitimate.

It might be a good idea to transition to a more secure email service. In the mean time, create a filter to trash those messages.
Bellsouth was the recipient of the emails (see the OP). It is not my ISP.
User avatar
Stinky
Posts: 7346
Joined: Mon Jun 12, 2017 11:38 am
Location: Sweet Home Alabama

Re: Spammer using my email as address

Post by Stinky »

Seasonal wrote: Mon Sep 21, 2020 8:24 am
cheese_breath wrote: Mon Sep 21, 2020 8:16 am Get a new Email address and cancel that one.
It's the verification email on a lot of accounts. Changing would be a major hassle. I'll probably change the password out of paranoia, but it doesn't seem you need a password to spoof an email address.
Sure, change the password now.

But if this happens again, definitely transition out of this email account. It may be a major PITA to change your verification sites, but that’s the world that we live in now.

And, if you start getting angry emails from folks that received the earlier message from “your” account, that would be an even larger reason to get away from this email account.
It's a GREAT day to be alive! - Travis Tritt
RetiredAL
Posts: 1323
Joined: Tue Jun 06, 2017 12:09 am
Location: SF Bay Area

Re: Spammer using my email as address

Post by RetiredAL »

Seasonal wrote: Mon Sep 21, 2020 2:14 pm
Kuna_Papa_Wengi wrote: Mon Sep 21, 2020 8:31 am It's odd that bellsouth.net doesn't have an SPF record. That's some basic spoofing protection that makes it a little harder for these things to happen. Anyone can spoof bellsouth.net email addresses and there's no way for a mail server to know that it's not legitimate.

It might be a good idea to transition to a more secure email service. In the mean time, create a filter to trash those messages.
Bellsouth was the recipient of the emails (see the OP). It is not my ISP.
Mail allows "reply to" to different than the user.

Someone has gained access to that synacor user's email credentials to sending spam from a list. To not alert that user, the "reply to" is to you, thus all the failed messages are coming to you and the other guy is likely clueless.

The quickest way to stop them is to write a filter on your email. Sooner or later, Synacor will realize that their user is sending a lot of mail and investigate it.
Lee_WSP
Posts: 4248
Joined: Fri Apr 19, 2019 5:15 pm
Location: Arizona

Re: Spammer using my email as address

Post by Lee_WSP »

Seasonal wrote: Mon Sep 21, 2020 2:04 pm How is an ISP supposed to prevent another ISP from accepting spoofed emails?
The better question is why you don't think your email is now compromised or being targeted as it's obviously being used to send spam mail.
Topic Author
Seasonal
Posts: 2719
Joined: Sun May 21, 2017 1:49 pm

Re: Spammer using my email as address

Post by Seasonal »

Lee_WSP wrote: Mon Sep 21, 2020 3:08 pm
Seasonal wrote: Mon Sep 21, 2020 2:04 pm How is an ISP supposed to prevent another ISP from accepting spoofed emails?
The better question is why you don't think your email is now compromised or being targeted as it's obviously being used to send spam mail.
I doubt it's compromised because the ID check for my email address failed, which means they don't have my password. Based on the very limited range of an alphabetized list the recipient emails represented (all had the same first four letters), I'd bet the spammer just harvested a large number of email addresses to use as named senders, rather than doing anything to target me specifically.

If this happens again, I'll more drastically ramp up security.

And you didn't answer my question.
User avatar
GerryL
Posts: 3100
Joined: Fri Sep 20, 2013 11:40 pm

Re: Spammer using my email as address

Post by GerryL »

I've been getting messages from my ISP indicating that they have blocked emails supposedly coming though my account "Considered UNSOLICITED BULK EMAIL or SPAM apparently coming from you." Actually, happening on several of my email address (same ISP).

I figure that as long as their system is blocking the emails, I'm ok. May consider changing my password but not sure that would make a difference if they are spoofing.
Post Reply