Someone's spoofing my email address
 

So how can I find out who it is?

I know it's happening because for the past 3 days I've been getting Failed delivery emails, all of which are coming from the same email address whicjh I have never ever contacted. They're coming from a site called http://www.hucardguys.com/. Basically, they sell shit to program cable satellite cards. Now here's the thing, there are only 8 or 10 people who have my email. I generally give out my hotmail or yahoo email, and don't give out my email which I use most often to contact friends. Even more interesting, 2 of those so called friends program these fucking satellite cards. I emailed the person who they were contacting in hopes that they can give me enough info to find out who it is. I don't wanna ask one of the 2 guys because it's not like they'll tell me, and then they'll be able to cover their ass. All I know is if it is one of these 2 people I think it is I'm gonna kick somebody's fucking ass. :mad: I hate when I find out I can't trust people...... :mad:

Any help would be appreciated.

Something else I just thought of. On the 24th I got an email which was supposed to go to one of the 2 guys in question. Now, if he was spoofing my email could he have fucked something up to where I would recieve an email which was directed to him, not me?

im not to smart about this but couldnt this also been some spyware/virus thing...

It sounds like one of the 8 or 10 people with your email address were infected with netsky. It spoofs the "From" line with an address randomly selected from the address book. I think you just got lucky.

/me agrees with Peetster

I've got 188 messages sitting in an undeliverable folder because of this. Netsky sucks.

Happened to me too. Had me scratching my head for a while. It's like I have to update my virus protection every day now, if not more, just to stay safe.

It's netsky or one of the variants, without a doubt. Work for an ebay company and we get 100's of undeliverables a day thanks to it.

So I should be emailing the 8-10 people to tell them they may have a virus? Because I know I don't have it.

it is easy to spoof email, all you have to do is run an email server and send waht you wnt where you want. there are programs out there that let you spoof the senders name.

it is probubly just some jack ass who wants to mess with you.

let your freinds know and switch you email address. there is little you can do.

It would likely be a waste of time. They'll figure it out and fix it or they won't. Chances are your email would alarm/piss off/frighten the ones that aren't infected.

I agree, probably one of your two card-programming buddies has the virus and it's latched onto your address to spoof in the "From" field. It's then trying to send mail to somebody else in their address book (which is probably loaded with card-programming folks), which is failing because of who knows why, and bouncing back to you.

This happens a lot with email viruses--they circulate in pockets of community. I was getting it from the other resellers of the hosting service I resell. I heard about very specific pockets of people passing it back and forth. Scientists at distant universities who are researchers in the same field, for instance. It'd be sort of an interesting social connectivity experiment, if it weren't so damn annoying.

What the hell, though. Post some headers, we'll take a look and see if it looks more suspicious than that.

Obviously, I deleted all entries with my email and domain with ------------------------
I have 3 headers which are exactly like the first 2, and the 3rd one I recieved while I was sleeping.


Return-Path: <>
Delivered-To: ----------------------------------
Received: (qmail 20043 invoked from network); 28 Apr 2004 14:20:12 -0000
Received: from cpe002078d1af34-cm014490002869.cpe.net.cable.rogers.com (HELO --------------------) ([24.102.138.211]) (envelope-sender <>)
by mail-4.---------------------------- (qmail-ldap-1.03) with SMTP
for <--------------------------->; 28 Apr 2004 14:20:12 -0000
MIME-Version: 1.0
Message-Id: 408FBD45.000003.17633@VAIO
Date: Wed, 28 Apr 2004 10:18:45 -0400 (Eastern Daylight Time)
Content-Type: Multipart/report;
report-type="delivery-status";
boundary="------------Boundary-00=_93XVG6G0000000000000"
From: MAILER-DAEMON@------------------- (Mail Delivery Subsystem)
Message-Id: E1BIo1v-0002VL-H6@mx1.-----------------------
Auto-Submitted: auto-generated (failure)
To: -------------------------------------------
Subject: Undelivered mail: User unknown

Along with this first one a .txt was attatched. This is what it said:

Reporting-MTA: dns; mx1.------------------------------
Received-From-MTA: dns;
Arrival-Date: Tue, 27 Apr 2004 14:51:26 -0700
Final-Recipient: rfc822; <maxine@hucardguys.com>
X-Actual-Recipient: rfc822; maxine@hucardguys.com

Action: failed
Status: 5.1.1
Last-Attempt-Date: Tue, 27 Apr 2004 14:51:26 -0700
Diagnostic-Code: smtp; 550 <maxine@hucardguys.com>: User unknown in virtual mailbox table




Return-Path: <>
Delivered-To: -------------------------------
Received: (qmail 7356 invoked from network); 28 Apr 2004 11:57:56 -0000
Received: from mail-3.------------------------ ([63.67.120.3]) (envelope-sender <>)
by mail-4.--------------------------(qmail-ldap-1.03) with QMQP
for <>; 28 Apr 2004 11:57:56 -0000
Delivered-To: CLUSTERHOST mail-3.----------------------- --------------------------
Received: (qmail 23299 invoked from network); 28 Apr 2004 11:57:57 -0000
Received: from 69-28-195-132.waterhosting.com (HELO server1.waterhosting.com) ([69.28.195.132]) (envelope-sender <>)
by mail-3.------------------------- (qmail-ldap-1.03) with SMTP
for ------------------------------; 28 Apr 2004 11:57:56 -0000
Received: from mailnull by server1.waterhosting.com with local (Exim 4.24)
id 1BInhM-0002AD-5x
for -----------------------------; Wed, 28 Apr 2004 07:57:56 -0400
X-Failed-Recipients: maxine@hucardguys.com
Auto-Submitted: auto-generated
From: Mail Delivery System Mailer-Daemon@server1.waterhosting.com
To: -----------------------------------
Subject: Mail delivery failed: returning message to sender
Message-Id: E1BInhM-0002AD-5x@server1.waterhosting.com
Date: Wed, 28 Apr 2004 07:57:56 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server1.waterhosting.com
X-AntiAbuse: Original Domain - ---------------------------
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -




Return-Path: trickofmind@earthlink.net
Delivered-To: -------------------------------
Received: (qmail 9162 invoked from network); 28 Apr 2004 17:21:45 -0000
Received: from unknown (HELO ChrissyLewgood.org) ([207.195.108.66]) (envelope-sender <trickofmind@earthlink.net>)
by mail-4.--------------------------- (qmail-ldap-1.03) with SMTP
for ------------------------------; 28 Apr 2004 17:21:45 -0000
Date: Wed, 28 Apr 2004 11:21:42 -0600
To: "-----------" ------------------------------------
From: "Trickofmind" trickofmind@earthlink.net
Subject: Fax Message Received
Message-ID: <ikdnmdknuzqkpozvyb@-----------------------------
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------iuoyozfzjjanhzpfjugi"


This was a message sent with one of the Failures:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

maxine@hucardguys.com
This message has been rejected because it has
a potentially executable attachment "Joke.vbs"
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it.

------ This is a copy of the message, including all the headers. ------

Return-path: <----------------------------------->
Received: from [24.64.178.237] (helo=bill.org)
by server1.waterhosting.com with smtp (Exim 4.24)
id 1BInhJ-0002A8-Io
for maxine@hucardguys.com; Wed, 28 Apr 2004 07:57:53 -0400
Date: Wed, 28 Apr 2004 05:54:57 -0700
To: "Maxine" <maxine@hucardguys.com>
From: "------" <--------------------------->
Subject: Re: Thank you!
Message-ID: <cbhszpucazwbieuibwt@hucardguys.com>
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="--------mrbcympdjopcrugpcusy"

----------mrbcympdjopcrugpcusy
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit

html body


br
body html

----------mrbcympdjopcrugpcusy
Content-Type: application/octet-stream; name="Joke.vbs"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Joke.vbs"

Yeah, that looks like a return from a virus-spoofed email. I wouldnt worry about it. I get them all the time, and I *know* that I dont have any viruses. No worries :)

Dude, I know it's probably just an email virus... but I suggest you change your email password. Let's say one of your "buddies" needs an email address and just happened to know your password.... he uses your box and your password to check back later to see if anyone replied.

For your sake though, I hope it is just a virus and none of your friends would be such an asshole.

I'll echo Peetster & hrdware etc. here.

I get about 20-50 a day. Nowadays they just get filtered into my spam mailbox.

lucky... i get more then a hundred per day now :(

Well, it seems that both of the dudes in question are also getting this shit, but nobody else who has my email address is getting it. I know my system is clean. I hope they get theirs clean soon.

Yup. Here's the giveaway in the message you posted: