Join 3,500 readers in helping fund MetaFilter (Hide)


How do I keep hotmail from sending spam from my closed email acct.
September 1, 2010 6:42 PM   Subscribe

How can I get hotmail to stop sending spam to all of my contacts even though I have closed the acct.?

I searched the older questions but they seemed gmail specific. I closed my hotmail acount and people are still getting spam (or something else) from it. I have not had any luck from customer support. I'd appreciate the help.
posted by let444 to Computers & Internet (15 answers total) 1 user marked this as a favorite
 
actually i think my account was "spoofed" which i know even less about
posted by let444 at 6:55 PM on September 1, 2010


your account got hacked. spammers have all the contacts in your address book. they're sending from hacked computers (not from hotmail). they're using a fake "from" address, unfortunately, your address.

there's nothing you can do. the accounts gathered by the spammers will continue to receive spam until the end of time, especially if the list gets sold to other spammers. they won't always be spoofing you as the sender, but there is nothing to stop them from doing it. Probably best, since you deleted the account, to have all your contacts set up anything from the old address in a blacklist, filter it directly to the spam folder.
posted by brenton at 7:03 PM on September 1, 2010


One thing you could have tried was deleting all of your contacts from Hotmail
posted by KokuRyu at 8:23 PM on September 1, 2010


You can't. Most modern mail readers have some kind of filter, so you just have the people from your contact list automatically send email from the bad address directly to the trash can. It will always be spam from now on.
posted by rhizome at 9:02 PM on September 1, 2010


A lot more common that actually using your account to send spam email, spammers are just faking the address their sending from. So it seems the email is sent from your address, but it's actually not. (Yes, that is pretty easy to achieve). That happens a lot without your account being hacked.

If that is the case, there's nothing you can do but ask every of the recipients to use decent spam filters. Those usually filter such faked addresses pretty well.
posted by oxit at 10:56 PM on September 1, 2010


How do spammers fake the sending address?
posted by aniola at 11:17 PM on September 1, 2010


Basically, email was designed by scientists in the 70's for sending messages to each other. There's no security or verification built into it. The 'sent' field can be anything you want it to be. You can even change it in most email clients.

Why on earth would you put the wrong address in the sent field? They thought. You'd never get the replies!

That commercial penis enlargement pills spammers would see that as a feature never occurred to them.

The term for this particular problem - a spammer using your address as the sender, so you get all the bounces and complains - is known as a 'joe job' in the business.

There are a couple of systems by which companies can specify which servers are allowed to send email for their domain (SPF and DKIM) but that only helps the receiver mail server spot the message may be faked. Implementation is spotty at best, so it's not that reliable.

In your particular case, there's very little you can do. Given your account is now closed, the best thing your friends and family can do is put that address in their blacklist, so it always go to trash. Since that mail was never coming from hotmail in the first place, just being faked to look like it was, there's nothing they can do either.

Welcome to the war between server admins and spammers, where 95-99% of all email worldwide is spam/virus, mostly sent from botnets spewing out millions an hour per pc.
posted by ArkhanJG at 12:16 AM on September 2, 2010 [2 favorites]


How do spammers fake the sending address?

The computer equivalent of whiteout, basically.
posted by mkultra at 7:17 AM on September 2, 2010


If I hadn't closed the hotmail acct. would there be another remedy. Additionally, if it is my computer itself that was hacked, how long until it messes with my other email accts?
posted by let444 at 4:06 PM on September 2, 2010


Well, if you computer itself is hacked then it is probably already too late for your other email accts. Anything you type on your computer (login/passwords) can be read by the hacker.
posted by Iax at 12:29 AM on September 3, 2010


If I hadn't closed the hotmail acct. would there be another remedy.

No. It's like somebody walking around in the streets claiming they are you and working for your previous employer. There's no connection between you and this guy, just like there's no connection between your previous email account and the spammer.
posted by oxit at 3:15 AM on September 3, 2010


On the client's end, they could look into some basic mail firewall/antispam technolgies. Even though the email "appears" to be coming from you, the MIME header of that email will attest to something different entirely. Take for example this e-mail header:

---

Received: from pool-72-67-203-40.lsanca.dsl-w.verizon.net [72.67.203.40] by mail01.ozline.net with ESMTP
(SMTPD-8.22) id AC0D0DC4; Thu, 10 Apr 2008 22:25:17 -0400
Message-ID: <000a01c89b7b$05eea358$d988ba94@xwhhef>
From: "hezekiah nancy" <taylor@spamtest.com>
To: <holliecantuauhqg@avatarfl.com>
Subject: X-IMail-SPAM-Statistical Medications Coupon for holliecantuauhqg
Date: Fri, 11 Apr 2008 00:37:58 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative
boundary="----=_NextPart_000_0007_01C89B7B.05E96FE6"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
---

You can immediately see some inconsistencies, such as the message-ID not having a fully qualified domain name at the end (example of a spoofed Message-ID). More importantly however, you can see that the From: email address does not come anywhere close to the Received: header's originating server. Here's another one for good measure pulled from my yahoo spam folder:

---

X-Apparently-To: me@yahoo.com via 206.190.48.131; Fri, 03 Sep 2010 03:21:40 -0700
Return-Path: <robertmueller@fbi.gov>
X-YahooFilteredBulk: 211.76.241.6
Received-SPF: none (mta1113.mail.sk1.yahoo.com: domain of robertmueller@fbi.gov does not designate permitted sender hosts)
X-Originating-IP: [211.76.241.6]
Authentication-Results: mta1113.mail.sk1.yahoo.com from=fbi.gov; domainkeys=neutral (no sig); from=fbi.gov; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO mailreg.nctu.edu.tw) (211.76.241.6) by mta1113.mail.sk1.yahoo.com with SMTP; Fri, 03 Sep 2010 03:21:40 -0700
Received: from User (220-138-97-224.dynamic.hinet.net [220.138.97.224]) by mailreg.nctu.edu.tw (Postfix) with ESMTP id 8C027A3148; Fri, 3 Sep 2010 18:27:15 +0800 (CST)
Reply-To: <andrewkelly43@gala.net>
From: "Federal Bureau Of Investigation"<robertmueller@fbi.gov> Add sender to Contacts
Subject: FINAL NOTICE FROM FBI
Date: Fri, 3 Sep 2010 04:23:21 -0600
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20100903102717.8C027A3148@mailreg.nctu.edu.tw>
To: undisclosed-recipients:;
Content-Length: 4574

---

This one is particularly easy to pick apart, you can see right away that the From: and Reply-to: do not match, essentially redirecting all replies to a possibly hijacked account. You can also see that the Received: header and Message-ID: are from Taiwan's specialized branch of the FBI of course ;)
posted by samsara at 6:29 AM on September 3, 2010


aniola: "How do spammers fake the sending address?"

The same way you'd fake a return address when sending postal mail: you just put something else in that blank spot.

There are enough people sending email with @gmail addresses through their Comcast cable mailservers that server admins can't just require that the email address match the sending server's domain. Too much legitimate email would get refused and bounced back to the sender.
posted by rhizome at 10:47 AM on September 3, 2010


I guess I'm going to send an email to my entire contact list telling them to dismiss or report as spam anything coming from that address and get a good anti-virus program. All the technical stuff is great to learn, thanks.
posted by let444 at 1:23 PM on September 3, 2010


When you do please add their email addresses to the BCC field, not the TO field. Not following this is part of the reason an individual gets more spam or their email address is used as a from-address.

Still, I wouldn't do nothing at all. They will see it's spam, they should know to have anti-virus anyway.
posted by oxit at 4:19 PM on September 3, 2010


« Older Where can I find work-appropri...   |  Does an artist equivalent of e... Newer »
This thread is closed to new comments.