Unknown Sender

[Cannonfodder]

Lately, I've been receiving messages in my inbox that look like the quote below. I don't know any of the emails addresses it is sent too and I never sent it. This has happened while I've been in linux or windows. The only common denominator is that I've left AOL Instant messenger open all night. Could there be a security hole that allows an outside party to send email from my machine? BTW I'm a roadrunner customer and don't have a mail server running on my computer. Any ideas? I'm not looking for general bashing of AIM either, just specific comments! Thanks :)

 

From:  Mail Delivery Subsystem <MAILER-DAEMON@aol.com>

To:  markryan@rochester.rr.com

Subject:  Returned mail: User unknown

Date:  Wed, 08 Jan 2003 01:42:25 -0500 (EST)  

The original message was received at Wed, 8 Jan 2003 01:42:06 -0500 (EST)

from rly-xj05.mail.aol.com [172.20.116.42]

 

 

*** ATTENTION ***

 

Your e-mail is being returned to you because there was a problem with its

delivery.  The address which was undeliverable is listed in the section

labeled: "----- The following addresses had permanent fatal errors -----".

 

The reason your mail is being returned to you is listed in the section

labeled: "----- Transcript of Session Follows -----".

 

The line beginning with "<<<" describes the specific reason your e-mail could

not be delivered.  The next line contains a second error message which is a

general translation for other e-mail servers.

 

Please direct further questions regarding this message to your e-mail

administrator.

 

--AOL Postmaster

 

 

 

  ----- The following addresses had permanent fatal errors -----

<mstpss@aol.com>

<cuteazn@aol.com>

 

  ----- Transcript of session follows -----

... while talking to air-xa01.mail.aol.com.:

>>> RCPT To:<cuteazn@aol.com>

<<< 550 MAILBOX NOT FOUND

550 <cuteazn@aol.com>... User unknown

>>> RCPT To:<mstpss@aol.com>

<<< 550 MAILBOX NOT FOUND

550 <mstpss@aol.com>... User unknown

 

Reporting-MTA: dns; rly-st13.mail.aol.com

Arrival-Date: Wed, 8 Jan 2003 01:42:06 -0500 (EST)

 

Final-Recipient: RFC822; mstpss@aol.com

Action: failed

Status: 5.1.1

Remote-MTA: DNS; air-xa01.mail.aol.com

Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND

Last-Attempt-Date: Wed, 8 Jan 2003 01:42:24 -0500 (EST)

 

Final-Recipient: RFC822; cuteazn@aol.com

Action: failed

Status: 5.1.1

Remote-MTA: DNS; air-xa01.mail.aol.com

Diagnostic-Code: SMTP; 550 MAILBOX NOT FOUND

Last-Attempt-Date: Wed, 8 Jan 2003 01:42:24 -0500 (EST)

 

From:  karren_genovese <markryan@rochester.rr.com>

To:  jm6673@aol.com

Cc:  cuteazn@aol.com, venusbella@aol.com, seralippi@aol.com, size7poopshoot@aol.com, seralla57@aol.com, afineart52@aol.com, mstpss@aol.com

Subject:  permanently enlargement! one to four inches {1047834}

Date:  Wed, 8 Jan 2003 01:49:50 -0500  

       jm6673@aol.comjm6673@aol.com

 

 

You Will Gain 1-4 Inches Guaranteed!

 

Learn More!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

To Be taken off of this list, pleasego here!

[Guest flare]

To me it looks like some one has used your address as the sender/return-to address for a spam email. Hence when the users have not been found by the aol email server then it has informed you that it couldn't deliver the original email.

 

Don't know anything about AIM, but do you have you r email address specified within th eprefernces somewhere ?

[Cannonfodder]

Actually the only thing I've really done with it is use it for my resume (online) and for signing up with a yahoo group. I suppose a bot got it, but I didn't start getting it until recently. Does this mean the email is not being sent from roadrunner's smtp server? But is just being pasted into an email that is being sent from another server? Anything I can do about it? Reason I mentioned AIM is it has only seemed to happen when I leave AIM up and running and I noticed the AOL Postmaster comment in the quote. Plus they are all AOL members that are being rejected.. hate to be part of a spam effort :(

[Cannonfodder]

While this doesn't explain my problem (different email used for my AIM service), here's a related post..

 

http://pub82.ezboard.com/fawardinternetmar...topicID=4.topic

[tyme]

what's occuring is that someone is using an old tactic to send fake emails. whether they are using a program to do this or are doing it manually can't really be told. in fact, from what you posted i can't quite figure out where the email is coming from-which i'm usually able to determine. that is, assuming full headers are turned on-not on your side, as the headers necessary to determine where it's coming from would be in the original message.

 

my suggestion: change your email address-unless you absolutely have to have this email.

 

aim isn't the issue here...someone probably just figured out that the email address you have exists, and started using it to send out these emails. i had a similar issue w/my old domain, tymehacker.net, in which i had a long conversation w/someone who had received one of the emails supposedly sent from my address. i helped him get in contact w/the ISP from which the email originated, but i can't find that info in what you've posted. otherwise, i'd try to be of more help :-/ I ended up closing that account so that this sort of thing wouldn't occur.

[Counterspy]

I guess I don't understand why you leave AIM on all night unless you are looking for a response to posting your resume. If that is the reason, unless you are willing to work anywhere in the world, I would set up a cron job to shut down the AIM connection at 3:00 a.m. EST and turn it back on at 7:00 EST. (Midnight in CA, 8:00 AM in Me.) Personally I have not taken to IM of any kind any more than IRC so I maybe totally off base here. If so, my apologies.

 

Counterspy

[tyme]

a lot of people leave AIM on while they are sleeping. it's some weird thing-for me it's 'cuz i have friends in different time zones, and it's easier for them to just send me an IM then to write up an email and send it off.

 

it's just something AIM users tend to do, really....

[johnnyv]

From: karren_genovese <markryan@rochester.rr.com>

 

Hehe my name is karren! it's short for mark :D

 

Does anybody actually click on the links these spammers usually send?

possibly the same people who run outlook and like to click on the attachments from messages like:

 

From: Bill_Clinton@USA.com

To: You & 1000 other people

 

here is a cool games for you fun playing it you will from your friend (yoda obviously)

funnygame.klez.virus.exe

 

or

 

Here is the porn movie you wanted

teen_ass_spankers.klez.virus.mpg.exe

[Cannonfodder]

I realized that my web site where I have my resume posted has that email posted, so I altered it to be markryan at rochester.rr.com. Hopefully the bot or whatever will forget me. But for now, its part of my job search too bad soo sad :roll: