It appears that my primary email address has been hijacked judging from
the hundreds of - RETIRMED MAIL: DELIVERY PROBLEMS ENCOUNTERED - error
messages appearing in my inbox.

Is there a way to set up my "send" function so that all outbound email
requires an additional TIMED (send-plus) command thereby blocking and
dumping the bogus messages. (By timed, I mean allowing a brief window
to add the second command before rejecting all outbound traffic
automatically,)

optxx [at] juno.com wrote:
> It appears that my primary email address has been hijacked judging from
> the hundreds of - RETIRMED MAIL: DELIVERY PROBLEMS ENCOUNTERED - error
> messages appearing in my inbox.
>
> Is there a way to set up my "send" function so that all outbound email
> requires an additional TIMED (send-plus) command thereby blocking and
> dumping the bogus messages. (By timed, I mean allowing a brief window
> to add the second command before rejecting all outbound traffic
> automatically,)
>


I think you are confused about something. Those bogus returned messages
weren't sent by your machine - they were originally sent by someone else
with your address as the reply-to. They got to you because the address
they were sent to either doesn't exsist or they rejected the mail.

You could add any filtering/blocking you wanted to your sending, but it
wouldn't change this. What you want to do is filter and block these
bogus return messages.

--
Tony Lawrence
Unix/Linux/Mac OS X resources: http://aplawrence.com

On Sat, 25 Jun 2005 07:47:59 +0000, Tony Lawrence wrote:

> optxx [at] juno.com wrote:
>> It appears that my primary email address has been hijacked judging from
>> the hundreds of - RETIRMED MAIL: DELIVERY PROBLEMS ENCOUNTERED - error
>> messages appearing in my inbox.
>>
>> Is there a way to set up my "send" function so that all outbound email
>> requires an additional TIMED (send-plus) command thereby blocking and
>> dumping the bogus messages. (By timed, I mean allowing a brief window
>> to add the second command before rejecting all outbound traffic
>> automatically,)
>>
>>
>>
> I think you are confused about something. Those bogus returned messages
> weren't sent by your machine - they were originally sent by someone else
> with your address as the reply-to. They got to you because the address
> they were sent to either doesn't exsist or they rejected the mail.
>
> You could add any filtering/blocking you wanted to your sending, but it
> wouldn't change this. What you want to do is filter and block these
> bogus return messages.
The OP's point may be valid, depending on the OS involved. I've seen
kingdom come knows how much spam across my own e-mail accounts from
machines that have turned out to be zombied. And I have a
personal/professional interest in tracking that kind of thing, which has
resulted in a regrettably large amount of experience.

The diagnosis flow on something like this would be: 1) install and use a
firewall or other program to limit access to network services only with
explicit user intervention/permission. If mail or other services ask for
permission to send out when no message is scheduled to be sent it's a sure
sign there's something wrong somewhere. If that turns out to be the case,
then,
2) examine the system for unknown or unrecognizable executable and or
script calls and disable or delete them. N.B.: This calls for a pretty
thorough knowledge of what calls what and and what's supposed to be
installed.

Once that's happened, and the system is known to be safe/secure, then the
next appropriate step would be aggressive measures to make sure it doesn't
happen again, coupled with some stern words with the service provider on
one hand regarding provider-level filtering, and users (if there are more
than one) on the other, touching on safe surfing and system administration
habits.

M Trimble wrote:
> On Sat, 25 Jun 2005 07:47:59 +0000, Tony Lawrence wrote:
>
>
>>optxx [at] juno.com wrote:
>>
>>>It appears that my primary email address has been hijacked judging from
>>>the hundreds of - RETIRMED MAIL: DELIVERY PROBLEMS ENCOUNTERED - error
>>>messages appearing in my inbox.
>>>
>>>Is there a way to set up my "send" function so that all outbound email
>>>requires an additional TIMED (send-plus) command thereby blocking and
>>>dumping the bogus messages. (By timed, I mean allowing a brief window
>>>to add the second command before rejecting all outbound traffic
>>>automatically,)
>>>
>>>
>>>
>>
>>I think you are confused about something. Those bogus returned messages
>>weren't sent by your machine - they were originally sent by someone else
>>with your address as the reply-to. They got to you because the address
>>they were sent to either doesn't exsist or they rejected the mail.
>>
>>You could add any filtering/blocking you wanted to your sending, but it
>>wouldn't change this. What you want to do is filter and block these
>>bogus return messages.
>
> The OP's point may be valid, depending on the OS involved. I've seen
> kingdom come knows how much spam across my own e-mail accounts from
> machines that have turned out to be zombied. And I have a
> personal/professional interest in tracking that kind of thing, which has
> resulted in a regrettably large amount of experience.
>
> The diagnosis flow on something like this would be: 1) install and use a
> firewall or other program to limit access to network services only with
> explicit user intervention/permission. If mail or other services ask for
> permission to send out when no message is scheduled to be sent it's a sure
> sign there's something wrong somewhere. If that turns out to be the case,
> then,
> 2) examine the system for unknown or unrecognizable executable and or
> script calls and disable or delete them. N.B.: This calls for a pretty
> thorough knowledge of what calls what and and what's supposed to be
> installed.
>
> Once that's happened, and the system is known to be safe/secure, then the
> next appropriate step would be aggressive measures to make sure it doesn't
> happen again, coupled with some stern words with the service provider on
> one hand regarding provider-level filtering, and users (if there are more
> than one) on the other, touching on safe surfing and system administration
> habits.

Of course you are right. They *could* have been sent by his machine. I
shouldn't assume that he has firewalls and virus/spyware software in
place - his machine could be compromised.

I'm just too used to answering this question when it's asked by people
where I already know that it can't be their box.

So it could be his box - though the great majority of these will turn
out to have an outside origin.


--
Tony Lawrence
Unix/Linux/Mac OS X resources: http://aplawrence.com

In article <Dxdve.37652$rb6.19783 [at] lakeread07>,
"M Trimble" <user [at] 127.0.0.1> wrote:

> The OP's point may be valid, depending on the OS involved. I've seen
> kingdom come knows how much spam across my own e-mail accounts from
> machines that have turned out to be zombied.

But spam almost always has forged sender addresses. So if the machines
that have been zombied will almost always send mail that claims to come
from someone *else*, not the zombie's own address.

So if spam has been sent from your address, there's a 99% probability
that it was sent from someone else's computer. If your computer is
infected, you'll be causing *other* people to get bogus bounces, not
yourself. Zombie masters do it this way intentionally -- they don't
want the zombie to realize that he's being used.

--
Barry Margolin, barmar [at] alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

Thanks to Messrs. Trimble, Lawrence and Margolin for your constructive
and thoughful responses to my question. It would appear that as you
surmised my machine(s), which are behind a router's firewall have not
been compromised. However, my primary (Comcast ISP) email address is
easily accessible. So I guess I'll just grin and bear it. I assume the
partial solution would be to place headers such as "Delivery Status
Notification" and "Mail Delivery Service", etc., in the NEWS RULES
garbage dump provided by Outlook Express. (Am running XP and Office
2003).

Many thanks,
Gene


Barry Margolin wrote:
> In article <Dxdve.37652$rb6.19783 [at] lakeread07>,
> "M Trimble" <user [at] 127.0.0.1> wrote:
>
> > The OP's point may be valid, depending on the OS involved. I've seen
> > kingdom come knows how much spam across my own e-mail accounts from
> > machines that have turned out to be zombied.
>
> But spam almost always has forged sender addresses. So if the machines
> that have been zombied will almost always send mail that claims to come
> from someone *else*, not the zombie's own address.
>
> So if spam has been sent from your address, there's a 99% probability
> that it was sent from someone else's computer. If your computer is
> infected, you'll be causing *other* people to get bogus bounces, not
> yourself. Zombie masters do it this way intentionally -- they don't
> want the zombie to realize that he's being used.
>
> --
> Barry Margolin, barmar [at] alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***

In article <1119801738.074952.93080 [at] g43g2000cwa.googlegroups.com>,
optxx [at] juno.com wrote:

> Thanks to Messrs. Trimble, Lawrence and Margolin for your constructive
> and thoughful responses to my question. It would appear that as you
> surmised my machine(s), which are behind a router's firewall have not
> been compromised. However, my primary (Comcast ISP) email address is
> easily accessible.

All email addresses are "easily accessible". Forging email sender
addresses is no harder than putting someone else's address in the return
address on a snail-mail envelope.

--
Barry Margolin, barmar [at] alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***