How do I keep hotmail from sending spam from my closed email acct.
September 1, 2010 6:42 PM   Subscribe

your account got hacked. spammers have all the contacts in your address book. they're sending from hacked computers (not from hotmail). they're using a fake "from" address, unfortunately, your address.

there's nothing you can do. the accounts gathered by the spammers will continue to receive spam until the end of time, especially if the list gets sold to other spammers. they won't always be spoofing you as the sender, but there is nothing to stop them from doing it. Probably best, since you deleted the account, to have all your contacts set up anything from the old address in a blacklist, filter it directly to the spam folder.
posted by brenton at 7:03 PM on September 1, 2010

One thing you could have tried was deleting all of your contacts from Hotmail
posted by KokuRyu at 8:23 PM on September 1, 2010

You can't. Most modern mail readers have some kind of filter, so you just have the people from your contact list automatically send email from the bad address directly to the trash can. It will always be spam from now on.
posted by rhizome at 9:02 PM on September 1, 2010

A lot more common that actually using your account to send spam email, spammers are just faking the address their sending from. So it seems the email is sent from your address, but it's actually not. (Yes, that is pretty easy to achieve). That happens a lot without your account being hacked.

If that is the case, there's nothing you can do but ask every of the recipients to use decent spam filters. Those usually filter such faked addresses pretty well.
posted by oxit at 10:56 PM on September 1, 2010

How do spammers fake the sending address?
posted by aniola at 11:17 PM on September 1, 2010

Basically, email was designed by scientists in the 70's for sending messages to each other. There's no security or verification built into it. The 'sent' field can be anything you want it to be. You can even change it in most email clients.

Why on earth would you put the wrong address in the sent field? They thought. You'd never get the replies!

That commercial penis enlargement pills spammers would see that as a feature never occurred to them.

The term for this particular problem - a spammer using your address as the sender, so you get all the bounces and complains - is known as a 'joe job' in the business.

There are a couple of systems by which companies can specify which servers are allowed to send email for their domain (SPF and DKIM) but that only helps the receiver mail server spot the message may be faked. Implementation is spotty at best, so it's not that reliable.

In your particular case, there's very little you can do. Given your account is now closed, the best thing your friends and family can do is put that address in their blacklist, so it always go to trash. Since that mail was never coming from hotmail in the first place, just being faked to look like it was, there's nothing they can do either.

Welcome to the war between server admins and spammers, where 95-99% of all email worldwide is spam/virus, mostly sent from botnets spewing out millions an hour per pc.
posted by ArkhanJG at 12:16 AM on September 2, 2010 [3 favorites]

How do spammers fake the sending address?

The computer equivalent of whiteout, basically.
posted by mkultra at 7:17 AM on September 2, 2010

Well, if you computer itself is hacked then it is probably already too late for your other email accts. Anything you type on your computer (login/passwords) can be read by the hacker.
posted by Iax at 12:29 AM on September 3, 2010

On the client's end, they could look into some basic mail firewall/antispam technolgies. Even though the email "appears" to be coming from you, the MIME header of that email will attest to something different entirely. Take for example this e-mail header:

---

Received: from pool-72-67-203-40.lsanca.dsl-w.verizon.net [72.67.203.40] by mail01.ozline.net with ESMTP
(SMTPD-8.22) id AC0D0DC4; Thu, 10 Apr 2008 22:25:17 -0400
Message-ID: <000a01c89b7b$05eea358$d988ba94@xwhhef>
From: "hezekiah nancy" <taylor@spamtest.com>
To: <holliecantuauhqg@avatarfl.com>
Subject: X-IMail-SPAM-Statistical Medications Coupon for holliecantuauhqg
Date: Fri, 11 Apr 2008 00:37:58 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative
boundary="----=_NextPart_000_0007_01C89B7B.05E96FE6"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
---

You can immediately see some inconsistencies, such as the message-ID not having a fully qualified domain name at the end (example of a spoofed Message-ID). More importantly however, you can see that the From: email address does not come anywhere close to the Received: header's originating server. Here's another one for good measure pulled from my yahoo spam folder:

---

X-Apparently-To: me@yahoo.com via 206.190.48.131; Fri, 03 Sep 2010 03:21:40 -0700
Return-Path: <robertmueller@fbi.gov>
X-YahooFilteredBulk: 211.76.241.6
Received-SPF: none (mta1113.mail.sk1.yahoo.com: domain of robertmueller@fbi.gov does not designate permitted sender hosts)
X-Originating-IP: [211.76.241.6]
Authentication-Results: mta1113.mail.sk1.yahoo.com from=fbi.gov; domainkeys=neutral (no sig); from=fbi.gov; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO mailreg.nctu.edu.tw) (211.76.241.6) by mta1113.mail.sk1.yahoo.com with SMTP; Fri, 03 Sep 2010 03:21:40 -0700
Received: from User (220-138-97-224.dynamic.hinet.net [220.138.97.224]) by mailreg.nctu.edu.tw (Postfix) with ESMTP id 8C027A3148; Fri, 3 Sep 2010 18:27:15 +0800 (CST)
Reply-To: <andrewkelly43@gala.net>
From: "Federal Bureau Of Investigation"<robertmueller@fbi.gov> Add sender to Contacts
Subject: FINAL NOTICE FROM FBI
Date: Fri, 3 Sep 2010 04:23:21 -0600
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20100903102717.8C027A3148@mailreg.nctu.edu.tw>
To: undisclosed-recipients:;
Content-Length: 4574

---

This one is particularly easy to pick apart, you can see right away that the From: and Reply-to: do not match, essentially redirecting all replies to a possibly hijacked account. You can also see that the Received: header and Message-ID: are from Taiwan's specialized branch of the FBI of course ;)
posted by samsara at 6:29 AM on September 3, 2010

aniola: "How do spammers fake the sending address?"

The same way you'd fake a return address when sending postal mail: you just put something else in that blank spot.

There are enough people sending email with @gmail addresses through their Comcast cable mailservers that server admins can't just require that the email address match the sending server's domain. Too much legitimate email would get refused and bounced back to the sender.
posted by rhizome at 10:47 AM on September 3, 2010 [1 favorite]

When you do please add their email addresses to the BCC field, not the TO field. Not following this is part of the reason an individual gets more spam or their email address is used as a from-address.

Still, I wouldn't do nothing at all. They will see it's spam, they should know to have anti-virus anyway.
posted by oxit at 4:19 PM on September 3, 2010

This thread is closed to new comments.