Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Spam sent from Comcast e-mail server?
337 views
Skip to first unread message
Jim
Mar 28, 2013, 8:34:17 AM3/28/13
to
Woke my PC out of sleep this morning and the downloads to my inbox
contained several "DELIVERY STATUS NOTIFICATION MESSAGES" of failed
delivery of an e-mail I supposedly sent plus one message in my inbox
sent from me to myself and 2 other non-current e-mails of friends with a
link. None of these "SENT" messages are in my local SENT folder. I know
the times can be spoofed but it appears that this originated on Comcast
mail servers while I was sleeping. ANyone else ever seen anything like
this?
contained several "DELIVERY STATUS NOTIFICATION MESSAGES" of failed
delivery of an e-mail I supposedly sent plus one message in my inbox
sent from me to myself and 2 other non-current e-mails of friends with a
link. None of these "SENT" messages are in my local SENT folder. I know
the times can be spoofed but it appears that this originated on Comcast
mail servers while I was sleeping. ANyone else ever seen anything like
this?
meagain
Mar 28, 2013, 4:30:08 PM3/28/13
to
used your address in the 'from' field and the 'to' address was inoperative.
At least, that's what I've heard.
Juan Sixpack
Mar 28, 2013, 10:33:58 PM3/28/13
to
On 03/28/2013 06:34 AM, Jim wrote:
> Woke my PC out of sleep this morning and the downloads to my inbox contained several "DELIVERY STATUS NOTIFICATION MESSAGES" of failed delivery of an e-mail I supposedly sent plus one message in my inbox sent from me to myself and 2 other non-current
> e-mails of friends with a link. None of these "SENT" messages are in my local SENT folder. I know the times can be spoofed but it appears that this originated on Comcast mail servers while I was sleeping. ANyone else ever seen anything like this?
Yup, see it every day. Just hit the delete key.
> Woke my PC out of sleep this morning and the downloads to my inbox contained several "DELIVERY STATUS NOTIFICATION MESSAGES" of failed delivery of an e-mail I supposedly sent plus one message in my inbox sent from me to myself and 2 other non-current
> e-mails of friends with a link. None of these "SENT" messages are in my local SENT folder. I know the times can be spoofed but it appears that this originated on Comcast mail servers while I was sleeping. ANyone else ever seen anything like this?
Rev. Don Kool
Mar 29, 2013, 5:18:41 PM3/29/13
to
--
Saving the world one soul at a time.
Don
Bert
Mar 30, 2013, 12:13:30 PM3/30/13
to
In news:kj294d$oeg$1...@dont-email.me meagain <rick0....@gmail.com>
wrote:
> It is said that spammers can forge a 'from' address. So they
> used your address in the 'from' field and the 'to' address was
> inoperative.
>
> At least, that's what I've heard.
Yes. The visible "From:" and even the "To:" line can contain just about
anything the sender cares to put in them; they're not actually used in
the routing of the message. The sort of email client you or I are likely
to use don't usually have the features needed to pull this off, but the
stuff spammers use does.
The actual source and destination are embedded in header information of
the message, which your email client won't show you unless you ask it
nicely.
If you read your email via a Web interface, you probably have no way to
see this routing information.
--
be...@iphouse.com St. Paul, MN
wrote:
> It is said that spammers can forge a 'from' address. So they
> used your address in the 'from' field and the 'to' address was
> inoperative.
>
> At least, that's what I've heard.
anything the sender cares to put in them; they're not actually used in
the routing of the message. The sort of email client you or I are likely
to use don't usually have the features needed to pull this off, but the
stuff spammers use does.
The actual source and destination are embedded in header information of
the message, which your email client won't show you unless you ask it
nicely.
If you read your email via a Web interface, you probably have no way to
see this routing information.
--
be...@iphouse.com St. Paul, MN
Ken Whiton
Mar 31, 2013, 3:18:55 AM3/31/13
to
*-* On Sat, 30 Mar 2013, at 16:13:30 +0000 (UTC),
*-* In Article <XnsA193A56E9B3...@78.46.70.116>,
*-* Bert wrote
*-* About Re: Spam sent from Comcast e-mail server?
Not necessarily. Both of my ISPs' webmail applications have
options to view the message source (headers plus "raw" message body)
without having to open the message. In my local e-mail client I have
to open the message first in order to view the source. :-(
In Comcast's Zimbra webmail, right click on a message in the
message list and "View Source" is one of the menu options available.
Ken Whiton
--
FIDO: 1:132/152
InterNet: kenw...@surfglobal.net.INVAL (remove the obvious to reply)
*-* In Article <XnsA193A56E9B3...@78.46.70.116>,
*-* Bert wrote
*-* About Re: Spam sent from Comcast e-mail server?
options to view the message source (headers plus "raw" message body)
without having to open the message. In my local e-mail client I have
to open the message first in order to view the source. :-(
In Comcast's Zimbra webmail, right click on a message in the
message list and "View Source" is one of the menu options available.
Ken Whiton
--
FIDO: 1:132/152
InterNet: kenw...@surfglobal.net.INVAL (remove the obvious to reply)
afos...@gmail.com
Mar 31, 2013, 11:50:08 AM3/31/13
to
Adam H. Kerman
Mar 31, 2013, 12:19:53 PM3/31/13
to
afos...@gmail.com wrote:
>I checked the address book on the Comcast webmail interface. All the
>invalid addressees and a some valid ones for these spam mails are coming
>from THAT address book. They are not on my local e-mail client address
>book. So my question is how did my on line account, which I don't use
>routinely, get hacked. Seems like a Comcast security issue.
An invalid address is in your Comcast on line address book? I'm confused.
>I checked the address book on the Comcast webmail interface. All the
>invalid addressees and a some valid ones for these spam mails are coming
>from THAT address book. They are not on my local e-mail client address
>book. So my question is how did my on line account, which I don't use
>routinely, get hacked. Seems like a Comcast security issue.
codswallop
Mar 31, 2013, 4:37:39 PM3/31/13
to
On 3/31/2013 11:50 AM, afos...@gmail.com wrote:
> I checked the address book on the Comcast webmail interface. All the invalid addressees and a some valid ones for these spam mails are coming from THAT address book. They are not on my local e-mail client address book. So my question is how did my on line account, which I don't use routinely, get hacked. Seems like a Comcast security issue.
Possibly a rogue keystroke logger running on your computer or you're using an easily-guessed email password.
> I checked the address book on the Comcast webmail interface. All the invalid addressees and a some valid ones for these spam mails are coming from THAT address book. They are not on my local e-mail client address book. So my question is how did my on line account, which I don't use routinely, get hacked. Seems like a Comcast security issue.
Barry Margolin
Mar 30, 2013, 1:20:16 PM3/30/13
to
In article <XnsA193A56E9B3...@78.46.70.116>,
email client settings and change your sending address. This is generally
a separate field from the username/password required for authentication,
although a "wizard" configuration tool may get the default username from
the address.
And sending mail to addresses that aren't in the header is also pretty
easy: use BCC. However, most mail clients make it hard to exclude the
To: address from the recipients.
>
> The actual source and destination are embedded in header information of
> the message, which your email client won't show you unless you ask it
> nicely.
>
> If you read your email via a Web interface, you probably have no way to
> see this routing information.
I think most webmail applications have a View Source command that shows
the raw header. You might have to hunt for it, though, it's not
typically in the toolbar with Reply, Forward, and Delete.
--
Barry Margolin
Arlington, MA
Bert <be...@iphouse.com> wrote:
> In news:kj294d$oeg$1...@dont-email.me meagain <rick0....@gmail.com>
> wrote:
>
> > It is said that spammers can forge a 'from' address. So they
> > used your address in the 'from' field and the 'to' address was
> > inoperative.
> >
> > At least, that's what I've heard.
>
> Yes. The visible "From:" and even the "To:" line can contain just about
> anything the sender cares to put in them; they're not actually used in
> the routing of the message. The sort of email client you or I are likely
> to use don't usually have the features needed to pull this off, but the
> stuff spammers use does.
It's actually pretty easy to change the From: address. Just go into the
> In news:kj294d$oeg$1...@dont-email.me meagain <rick0....@gmail.com>
> wrote:
>
> > It is said that spammers can forge a 'from' address. So they
> > used your address in the 'from' field and the 'to' address was
> > inoperative.
> >
> > At least, that's what I've heard.
>
> Yes. The visible "From:" and even the "To:" line can contain just about
> anything the sender cares to put in them; they're not actually used in
> the routing of the message. The sort of email client you or I are likely
> to use don't usually have the features needed to pull this off, but the
> stuff spammers use does.
email client settings and change your sending address. This is generally
a separate field from the username/password required for authentication,
although a "wizard" configuration tool may get the default username from
the address.
And sending mail to addresses that aren't in the header is also pretty
easy: use BCC. However, most mail clients make it hard to exclude the
To: address from the recipients.
>
> The actual source and destination are embedded in header information of
> the message, which your email client won't show you unless you ask it
> nicely.
>
> If you read your email via a Web interface, you probably have no way to
> see this routing information.
the raw header. You might have to hunt for it, though, it's not
typically in the toolbar with Reply, Forward, and Delete.
--
Barry Margolin
Arlington, MA
afos...@gmail.com
Mar 31, 2013, 9:40:03 PM3/31/13
to
>>I checked the address book on the Comcast webmail interface. All the
>>invalid addressees and a some valid ones for these spam mails are coming
>>from THAT address book. They are not on my local e-mail client address
>>book. So my question is how did my on line account, which I don't use
>>routinely, get hacked. Seems like a Comcast security issue.
>>invalid addressees and a some valid ones for these spam mails are coming
>>from THAT address book. They are not on my local e-mail client address
>>book. So my question is how did my on line account, which I don't use
>>routinely, get hacked. Seems like a Comcast security issue.
>An invalid address is in your Comcast on line address book? I'm confused.
Yes. I haven't used the web interface to send e-mail for years and many of those (to which spam was sent) no longer exist. Anyway...I have deleted the entire contents of the address book on the webmail app as well as all the sent and inbox e-mails generated by this spambot. Will see what happens next.
0 new messages