Freelancer.com

Go Back   Warrior Forum - The #1 Internet Marketing Forum & Marketplace > The Warrior Forum > Main Internet Marketing Discussion Forum
Register Blogs Social Groups Advertise with usHelp Desk

Reply
LinkBack Thread Tools
Unread 7th March 2012, 10:21 PM   #1
In Denial About Age
War Room Member
 
AnneE's Avatar
 
Join Date: 2008
Location: Catskill mountains of New York
Posts: 795
Blog Entries: 5
Thanks: 138
Thanked 171 Times in 105 Posts
Default Mail Delivery Failed for Mail I didn't send

In the last 24 hours, I'm now receiving on average a "Mail delivery failed" email about every 10 minutes which shows my email address as sender. Should I be concerned?

Sorry if this is a dumb question, but I'm a bit concerned with whether someone is sending a ton of junk emails that appear to be from me. The contents of these emails are generally nonsensical -- lots of words that are not necessarily in sentences.

Any ideas what's up with that?

AnneE is offline   Reply With Quote
Unread 7th March 2012, 10:33 PM   #2
happy Texans fan
War Room Member
 
David Keith's Avatar
 
Join Date: 2009
Posts: 1,694
Thanks: 636
Thanked 1,067 Times in 562 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

is it an email address from a provider like gmail/yahoo/hotmail? or is it from your own domain? have you looked at the email headers to see who actually sent it?
David Keith is offline   Reply With Quote
Unread 7th March 2012, 10:34 PM   #3
Senior Warrior Member
War Room Member
 
Charlotte Jay's Avatar
 
Join Date: 2009
Location: Living the expat life in the USA!
Posts: 1,059
Blog Entries: 5
Thanks: 388
Thanked 333 Times in 236 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Sounds like you got hacked. Change your password, clear your cache and cookies. Hopefully that should do the trick. The same thing happened to my GMail account a couple of days ago.
Charlotte Jay is offline   Reply With Quote
Unread 7th March 2012, 10:43 PM   #4
In Denial About Age
War Room Member
 
AnneE's Avatar
 
Join Date: 2008
Location: Catskill mountains of New York
Posts: 795
Blog Entries: 5
Thanks: 138
Thanked 171 Times in 105 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

The message headers look like:

Return-path: <my email address here>
Received: from static-141-158-133-2.scr.east.verizon.net ([141.158.133.2] helo=server.ea-net.local)
by dylan.lunarpages.com with esmtpsa (TLSv1:RC4-MD5:128)
(Exim 4.69)
(envelope-from <my email address here>)
id 1S5USJ-0006cu-Aa
for removed email address; Wed, 07 Mar 2012 19:55:55 -0800
MIME-Version: 1.0
Date: Wed, 07 Mar 2012 22:56:22 -0500
X-Priority: 3 (Normal)
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: taxi passed us a fake saws body, and needle showed how well they hid across town. Me, I would to
From: my email address here
To: removed email address
Message-ID: <CHILKAT-MID-a3d54662-9dc9-5e1b-4d0c-afe21885a1db@server.ea-net.local>

Memoir Another friend, Jennifer, just served Nora can These young men s= ay, Yeah, I will them from=20 far Jersey ........


See the texts don't even make sense. I'll go change my password. Now that you say it I'm thinking, duh..... I should have thought of that. perhaps a little more tired than I realized.

AnneE is offline   Reply With Quote
Unread 7th March 2012, 10:44 PM   #5
HyperActive Warrior
 
Wendy Maki's Avatar
 
Join Date: 2006
Location: , Ontario , Canada.
Posts: 167
Thanks: 110
Thanked 51 Times in 33 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

I have had this happen a number of times. At first I panicked until I checked into it with the ISP I had at the time. All that has happened (probably) is that someone has gotten hold of either your email address (from a subscription or otherwise) or the domain of your email (if you use a catchall type email with a domain you own)... and you will find that email address either on the visible part of the email or in the source code (it's often hidden behind a fake visible address). Then the nefarious party used that email address to APPEAR as the source of the spam to hide the real source when they bulk mailed to a lot of people. Inevitably some of those bounce ... and they bounce back to YOU, rather than the people who actually sent it. ISPs know this ploy apparently and will not blame you.

I hope this helps ease your mind. Obviously if there are more problems look into other causes, like viruses mailing from your computer, but start with the more usual cause...

-- Find blues festivals around the world at the bluesmusicfestivals.com directory and jazz festivals at jazzmusicfests.com.
Wendy Maki is offline   Reply With Quote
Unread 7th March 2012, 10:48 PM   #6
Senior Warrior Member
War Room Member
 
Troy_Phillips's Avatar
 
Join Date: 2009
Location: North Ga.
Posts: 2,859
Blog Entries: 9
Thanks: 1,707
Thanked 1,225 Times in 728 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Have you set up a WP blog in the last few days ... you can get emails like that sometimes when you are getting comments to your blog .. almost looks like keyword loaded comments.



Quote:
Originally Posted by AnneE View Post
The message headers look like:

Return-path: <my email address here>
Received: from static-141-158-133-2.scr.east.verizon.net ([141.158.133.2] helo=server.ea-net.local)
by dylan.lunarpages.com with esmtpsa (TLSv1:RC4-MD5:128)
(Exim 4.69)
(envelope-from <my email address here>)
id 1S5USJ-0006cu-Aa
for removed email address; Wed, 07 Mar 2012 19:55:55 -0800
MIME-Version: 1.0
Date: Wed, 07 Mar 2012 22:56:22 -0500
X-Priority: 3 (Normal)
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: taxi passed us a fake saws body, and needle showed how well they hid across town. Me, I would to
From: my email address here
To: removed email address
Message-ID: <CHILKAT-MID-a3d54662-9dc9-5e1b-4d0c-afe21885a1db@server.ea-net.local>

Memoir Another friend, Jennifer, just served Nora can These young men s= ay, Yeah, I will them from=20 far Jersey ........


See the texts don't even make sense. I'll go change my password. Now that you say it I'm thinking, duh..... I should have thought of that. perhaps a little more tired than I realized.


Troy_Phillips is offline   Reply With Quote
Unread 7th March 2012, 10:52 PM   #7
VeeroTech | Web Hosting
War Room Member
 
Join Date: 2011
Location: Raleigh, NC
Posts: 2,626
Thanks: 411
Thanked 447 Times in 385 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Someone is spoofing your email. No need to be alarmed, it happens ALL the time.

Create an SPF record. It will stop any mail from coming back that didn't originate from the domain.

Kingfish85 is offline   Reply With Quote
Unread 7th March 2012, 11:03 PM   #8
In Denial About Age
War Room Member
 
AnneE's Avatar
 
Join Date: 2008
Location: Catskill mountains of New York
Posts: 795
Blog Entries: 5
Thanks: 138
Thanked 171 Times in 105 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Quote:
Originally Posted by Kingfish85 View Post
Someone is spoofing your email. No need to be alarmed, it happens ALL the time.

Create an SPF record. It will stop any mail from coming back that didn't originate from the domain.
Er.... what's an SPF record.

I did change the password and logged into FTP browser with new password, just to look for any new files. Pretty tame hackers if someone actually had the password, perhaps just spoofing the emails as suggested. Though so far, since I change password no bounced mail -- too soon to say it's stopped for good though.

AnneE is offline   Reply With Quote
Unread 7th March 2012, 11:15 PM   #9
Senior Warrior Member
War Room Member
 
Dann Vicker's Avatar
 
Join Date: 2010
Posts: 1,353
Thanks: 26
Thanked 206 Times in 162 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

This used to happen to me until I figured to change the password...that sort of did the trick.

Need more sales for your clicks? Then go direct with NairaCPA Media Network with over 300 High converting CPL and CPS offers. Sales/Commissions are paid out same day via paypal
- FREE Sign up http://nairacpa.hasoffers.com/signup
Dann Vicker is offline   Reply With Quote
Unread 7th March 2012, 11:23 PM   #10
In Denial About Age
War Room Member
 
AnneE's Avatar
 
Join Date: 2008
Location: Catskill mountains of New York
Posts: 795
Blog Entries: 5
Thanks: 138
Thanked 171 Times in 105 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Hmm... I did Google for SPF records, they didn't look like items that amateurs should be playing with. I still received one bounced email, but then I realized, sometimes mail does take a while to get bounced.

Thanks for the suggestions everyone. Nice to feel a sense of help from a community. I'm heading to bed. We'll see what tomorrow brings.

AnneE is offline   Reply With Quote
Unread 7th March 2012, 11:38 PM   #11
tpw
Bill Platt
War Room Member
 
tpw's Avatar
 
Join Date: 2004
Location: Stillwater, Oklahoma, USA.
Posts: 9,608
Blog Entries: 4
Thanks: 8,710
Thanked 7,779 Times in 3,548 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Quote:
Originally Posted by Kingfish85 View Post
Someone is spoofing your email. No need to be alarmed, it happens ALL the time.

I don't know about the SPF record either, and I have been doing this a long time.

But I definitely concur that someone is most likely spoofing your email address.

It happens all the time to me... And frequently, people will spoof my address in the To: and From: field with the same address.

tpw is offline   Reply With Quote
Unread 7th March 2012, 11:52 PM   #12
agc
Advanced Warrior
War Room Member
 
Join Date: 2010
Posts: 534
Thanks: 35
Thanked 85 Times in 62 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Quote:
Originally Posted by AnneE View Post
In the last 24 hours, I'm now receiving on average a "Mail delivery failed" email about every 10 minutes which shows my email address as sender. Should I be concerned?

Sorry if this is a dumb question, but I'm a bit concerned with whether someone is sending a ton of junk emails that appear to be from me. The contents of these emails are generally nonsensical -- lots of words that are not necessarily in sentences.

Any ideas what's up with that?
I'm guessing it's a Wordpress site?

Go look at the files in each of your ftp directories... sort by date. That said, they probably whacked the date too... so look at any files that have changed... either LATEST or EARLIEST dates.

SPECIFICALLY look at any STATS.PHP or WP-STATS.PHP files. Look at what's inside them. If you see a bunch of base 64 crap... odds are it's a virus/hack.

This is a known wordpress hack. I was getting email bounces for a domain of mine that hosts a wordpress blog. I found a stats.php dated like 1967. or 1867. I forget, but it was obvious. Renaming stats.php.virus (ie not deleting the file just in case I actually need to put it back later) fixed the problem.
agc is offline   Reply With Quote
Unread 8th March 2012, 07:13 AM   #13
In Denial About Age
War Room Member
 
AnneE's Avatar
 
Join Date: 2008
Location: Catskill mountains of New York
Posts: 795
Blog Entries: 5
Thanks: 138
Thanked 171 Times in 105 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Quote:
Originally Posted by agc View Post
I'm guessing it's a Wordpress site?

Go look at the files in each of your ftp directories... sort by date. That said, they probably whacked the date too... so look at any files that have changed... either LATEST or EARLIEST dates.

SPECIFICALLY look at any STATS.PHP or WP-STATS.PHP files. Look at what's inside them. If you see a bunch of base 64 crap... odds are it's a virus/hack.

This is a known wordpress hack. I was getting email bounces for a domain of mine that hosts a wordpress blog. I found a stats.php dated like 1967. or 1867. I forget, but it was obvious. Renaming stats.php.virus (ie not deleting the file just in case I actually need to put it back later) fixed the problem.
It does have a WP blog on the domain. The bounced emails are still going. I will look for the sort of file you are describing this morning. If nothing else having my Inbox dominated by this junk is very annoying!

I definitely appreciate people helping me out.

AnneE is offline   Reply With Quote
Unread 8th March 2012, 07:16 AM   #14
VeeroTech | Web Hosting
War Room Member
 
Join Date: 2011
Location: Raleigh, NC
Posts: 2,626
Thanks: 411
Thanked 447 Times in 385 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Hi AnneE, sorry for the long delay. SPF stands for Sender Policy Framework. It will validate that the email was actually sent from your domain. you can do this in cPanel under "Email Authentication", click enable. If you don't have the option or are unsure, contact your host.

Kingfish85 is offline   Reply With Quote
Unread 8th March 2012, 08:34 AM   #15
In Denial About Age
War Room Member
 
AnneE's Avatar
 
Join Date: 2008
Location: Catskill mountains of New York
Posts: 795
Blog Entries: 5
Thanks: 138
Thanked 171 Times in 105 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Quote:
Originally Posted by Kingfish85 View Post
Hi AnneE, sorry for the long delay. SPF stands for Sender Policy Framework. It will validate that the email was actually sent from your domain. you can do this in cPanel under "Email Authentication", click enable. If you don't have the option or are unsure, contact your host.
Ah.... clicking an option on cPanel I think I can handle. Thanks for pointing out this option.

Actually though, I think I have what agc suggested. I believe someone hacked the website password and FTPed PHP files that they are now executing and those PHP files are what is sending emails from my account.

I went and looked at the files in the Wordpress directories. None of them had suspicious dates, but there are tons of files with nonsensical names. About 4 folders had been created with names such as sbxjt which contain an index.php in them. So someone could have gone to my site and tacked on the /sbxjt/ to the domain name and run code that they transferred there. I first did a mass transfer of the whole directory to an external hard-drive and now I'm deleting these folders on my website. Hopefully that will be the end of it.

AnneE is offline   Reply With Quote
Unread 8th March 2012, 08:37 AM   #16
VeeroTech | Web Hosting
War Room Member
 
Join Date: 2011
Location: Raleigh, NC
Posts: 2,626
Thanks: 411
Thanked 447 Times in 385 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Quote:
Originally Posted by AnneE View Post
Ah.... clicking an option on cPanel I think I can handle. Thanks for pointing out this option.

Actually though, I think I have what agc suggested. I believe someone hacked the website password and FTPed PHP files that they are now executing and those PHP files are what is sending emails from my account.

I went and looked at the files in the Wordpress directories. None of them had suspicious dates, but there are tons of files with nonsensical names. About 4 folders had been created with names such as sbxjt which contain an index.php in them. So someone could have gone to my site and tacked on the /sbxjt/ to the domain name and run code that they transferred there. I first did a mass transfer of the whole directory to an external hard-drive and now I'm deleting these folders on my website. Hopefully that will be the end of it.
Hi AnnE,

If all you're getting is delivery failure bounce-backs, most likely someone is just spoofing your email address. It's pretty common and in most cases they get flagged as spam and automatically sent to your spam box. Sometimes the will slip through depending on the content of the email. Enabling SPF should eliminate the problem.

Kingfish85 is offline   Reply With Quote
Unread 8th March 2012, 09:42 AM   #17
agc
Advanced Warrior
War Room Member
 
Join Date: 2010
Posts: 534
Thanks: 35
Thanked 85 Times in 62 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Quote:
Originally Posted by Kingfish85 View Post
Hi AnnE,

If all you're getting is delivery failure bounce-backs, most likely someone is just spoofing your email address. It's pretty common and in most cases they get flagged as spam and automatically sent to your spam box. Sometimes the will slip through depending on the content of the email. Enabling SPF should eliminate the problem.
While that MIGHT be true, it is NOT safe assumption!

*IF* it's just a spoofed return address, then you are correct, there is nothing you can do about it except ignore it.

However...

*IF* the emails are originating via a wordpress hack, THEN your email address is not spoofed... it's actually originating from your email exchange / SMTP server / agent. This means you REALLY ARE sending the spam emails.

At a minimim, this will eventually end up in your domain getting into all the email black lists. Worse, you could end up with hosting companies just shutting down your account. Or god forbid, in a rare case even wind up dealing with law enforcement. Not that you are guilty... but dealing with law enforcement is ALWAYS to be avoided, even if innocent.

*IF* you've been hacked *AND* this is a domain you ever intend to send any real email from, then this is a serious problem and needs to be cleaned up now.
agc is offline   Reply With Quote
Unread 8th March 2012, 09:58 AM   #18
HyperActive Warrior
 
BackLinkiT's Avatar
 
Join Date: 2009
Location: Devon, England
Posts: 434
Thanks: 66
Thanked 122 Times in 92 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Check your out of office assistant too, just to be on the safe side.

Some goofball hacked my gmail account and even set the out of office to reply with more garbage to every email I received!

Cheeky b*&%$^!

Peter
BackLinkiT is offline   Reply With Quote
Unread 8th March 2012, 10:28 AM   #19
agc
Advanced Warrior
War Room Member
 
Join Date: 2010
Posts: 534
Thanks: 35
Thanked 85 Times in 62 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Quote:
Originally Posted by BackLinkiT View Post
Check your out of office assistant too, just to be on the safe side.

Some goofball hacked my gmail account and even set the out of office to reply with more garbage to every email I received!

Cheeky b*&%$^!

Peter
Oh yeah, there are lots of those hacks for GMAIL and Yahoo mail.

Important to keep in mind in the context of this thread being useful for other people.

But I suspect the Op found his virus in the /gurgeburf/ directories of his Wordpress blog.
agc is offline   Reply With Quote
Unread 8th March 2012, 10:49 AM   #20
In Denial About Age
War Room Member
 
AnneE's Avatar
 
Join Date: 2008
Location: Catskill mountains of New York
Posts: 795
Blog Entries: 5
Thanks: 138
Thanked 171 Times in 105 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Quote:
Originally Posted by agc View Post
...

*IF* the emails are originating via a wordpress hack, THEN your email address is not spoofed... it's actually originating from your email exchange / SMTP server / agent. This means you REALLY ARE sending the spam emails.

...
Yes, this is what I'm thinking was actually going on on my account. Only time will tell for sure. But certainly all the files I deleted from within the Wordpress subdirectories weren't there for no reason. Someone moved them there for a purpose, a not good purpose. The email address of mine that they were using is the admin account for the Wordpress blog.

AnneE is offline   Reply With Quote
Unread 15th March 2012, 07:34 AM   #21
In Denial About Age
War Room Member
 
AnneE's Avatar
 
Join Date: 2008
Location: Catskill mountains of New York
Posts: 795
Blog Entries: 5
Thanks: 138
Thanked 171 Times in 105 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Bummer, I thought this was done when a week ago I deleted all the weird Wordpress files and changed the account password. But today the Undeliverable mail messages (and therefore my account sending SPAM) began again. I did today now set the SPF enabled bit and will see if this helps at all.

AnneE is offline   Reply With Quote
Unread 15th March 2012, 08:59 AM   #22
agc
Advanced Warrior
War Room Member
 
Join Date: 2010
Posts: 534
Thanks: 35
Thanked 85 Times in 62 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Go back and verify that you don't have a new hack / exploit / virus.

Is your WordPress up to the latest version?

If you are at you're wits end, most hosting companies can help clean up a wordpress installation that's been hacked.
agc is offline   Reply With Quote
Unread 15th March 2012, 11:35 AM   #23
Senior Warrior Member
War Room Member
 
azmanar's Avatar
 
Join Date: 2010
Location: Malaysia
Posts: 1,123
Blog Entries: 19
Thanks: 1,072
Thanked 375 Times in 275 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Hi,

If you want to clean-up your WP, please refer to this WF blog post.

There are some options for you to choose from.

=== >>> Tomorrow Should Be Better Than Today

azmanar is offline   Reply With Quote
Unread 15th March 2012, 11:40 AM   #24
Senior Warrior Member
War Room Member
 
Join Date: 2008
Posts: 1,695
Thanks: 3,523
Thanked 991 Times in 669 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Quote:
Originally Posted by Kingfish85 View Post
Someone is spoofing your email. No need to be alarmed, it happens ALL the time.

Create an SPF record. It will stop any mail from coming back that didn't originate from the domain.
Kingfish is right. It's what I had to do because the pharma spammers were using my email addy to spoof. You can create an SPF record from within your hosting cpanel

I love life!
---------------
Karen Blundell is offline   Reply With Quote
Unread 15th March 2012, 11:41 AM   #25
VeeroTech | Web Hosting
War Room Member
 
Join Date: 2011
Location: Raleigh, NC
Posts: 2,626
Thanks: 411
Thanked 447 Times in 385 Posts
Default Re: Mail Delivery Failed for Mail I didn't send

Hi AnneE, I sent you a PM, but I wasn't sure if your noticed it or not.

Kingfish85 is offline   Reply With Quote
Reply

  Warrior Forum - The #1 Internet Marketing Forum & Marketplace > The Warrior Forum > Main Internet Marketing Discussion Forum

Bookmarks

Tags
delivery, failed, mail, send

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




All times are GMT -6. The time now is 04:21 PM.