On 09/12/10 14:33, Randy Ramsdell wrote: > I have been receiving bounces to my yahoo account for email I did not > send. From the pastebin, you see the email did originate from the yahoo > servers but is not in my sent directory. This is an interesting case and > I cannot determine how this happened. One thing could be my account was
Have you checked your Yahoo options to see whether the spammer has turned off saving of outgoing mail to the 'Sent' folder? The 'hijacker' presumably had access to everything, and could have just deleted mail. In other cases the spammers have been known to insert spam links into signatures, change secret questions, and so on. By the way, I believe your Yahoo username should be decipherable from the DKIM headers in theory if the DKIM checks out. > compromised, but I really doubt that given the password I chose and the > fact they did not change it to lock me out. I did change the password > however. Each address in this e-mail are people I have sent to from > yahoo, but these people are not connected to each other except for the > work accounts. The "common thread" is me. of course. > > Also not that sending e-mail from my yahoo account does not appear to > route the same way. I was thinking someone used an API to interface with > yahoo which would show different received headers. I know that yahoo has > many servers so this point may be moot. > > Can anyone add insight as to how this is happening? > > http://pastebin.com/WYYLpEJh Well, Hotmail is a bigger source of compromised accounts (I've had spam appearing to come from many friends and contacts), but Microsoft still seem fairly unsure about it themselves: <http://windowslivehelp.com/solution.aspx?solutionid=1fe6ed3e-eef6-4c57-933f-f3c408f1c5c1> Either it's phishing, or it's a keylogger on a PC you used, they say. Initially I saw hacked Hotmail accounts with Chinese electronics/shopping scams, then the pharma spam gangs worked out the same technique, and my impression is they've started using Yahoo as well a bit more in the last week. I'm sure someone must have more authoritative information on this than me, but my own personal theory goes... ...have you ever given your email address and password to a social networking site? Personally, I don't think it's responsible to encourage users to give up credentials to a fairly open system, besides the sending unsolicited invitations to contacts who may very well not be "friends". Unfortunately running NoScript on Facebook makes a lot of the Ajax unworkable. >From the recipient's point of view, do they want this blocked, or do they want to notify the sender who they may well know personally? I would go for rejection, but accepting such mail may be better than discarding. CK
