Hijacked e-mail
CB
Ƹ̵̡Ӝ̵̨̄ƷDer Millionendorf- Icrontian
First off. I want to apologize to anyone who may have received a spam message from my old Nexlia e-mail address. 
Then. I want to understand how this happened. I haven't actively used that address in a few years, but it's still set-up, as it always was from the very beginning, as a simple forward to my gmail address (which I don't give out, all of my e-mail addresses just forward to that one address).
This morning it seems that many people who had previously sent mail to that old address in years past (I don't know quite how wide-spread it went) got an e-mail this morning from that address telling them to try some new weight-loss plan. This is the first time that this has happened.
It seems clear that it was not my gmail account which was hacked for two reasons: First, my gmail account is no longer set-up to send from that address. Second, whenever I would send e-mail from that address in the past, it would always show up to others as "From: [Nexlia address] on behalf of [gmail username]", and this morning's e-mail appears to be simply from the Nexlia address by itself.
The thing is: As far as I know (Zanthian is the one in charge of the Nexlia server, so I don't know exactly how it's set-up), it's not possible to send anything directly from that address because it is only a forward, it's not set-up to use any sort of client, not even webmail. So, it's not like someone somehow got my password for that address and is now using it to send mail, right? I mean, I couldn't even do that if I wanted to, so how could a spammer do it?
Does that mean that he's just using a client which allows him to spoof the "From" field on the e-mail? If so, is there anything I can do to stop it? Will deleting that old e-mail forward, (from which I do still, very rarely, receive legitimate e-mail) even do anything to stop it from happening again? And if they do have such a program, why bother even using a real address? and how did they get an address list for it? Again: I wouldn't even know where to go to get an address list for that address. It shouldn't even have one....
Ugh. This whole thing makes me feel old... Like I once knew everything there was to know about SMTP, but somehow I've forgotten something important, or something changed while I wasn't looking because as far as I understand it, this shouldn't be possible for someone to do. :/
Then. I want to understand how this happened. I haven't actively used that address in a few years, but it's still set-up, as it always was from the very beginning, as a simple forward to my gmail address (which I don't give out, all of my e-mail addresses just forward to that one address).
This morning it seems that many people who had previously sent mail to that old address in years past (I don't know quite how wide-spread it went) got an e-mail this morning from that address telling them to try some new weight-loss plan. This is the first time that this has happened.
It seems clear that it was not my gmail account which was hacked for two reasons: First, my gmail account is no longer set-up to send from that address. Second, whenever I would send e-mail from that address in the past, it would always show up to others as "From: [Nexlia address] on behalf of [gmail username]", and this morning's e-mail appears to be simply from the Nexlia address by itself.
The thing is: As far as I know (Zanthian is the one in charge of the Nexlia server, so I don't know exactly how it's set-up), it's not possible to send anything directly from that address because it is only a forward, it's not set-up to use any sort of client, not even webmail. So, it's not like someone somehow got my password for that address and is now using it to send mail, right? I mean, I couldn't even do that if I wanted to, so how could a spammer do it?
Does that mean that he's just using a client which allows him to spoof the "From" field on the e-mail? If so, is there anything I can do to stop it? Will deleting that old e-mail forward, (from which I do still, very rarely, receive legitimate e-mail) even do anything to stop it from happening again? And if they do have such a program, why bother even using a real address? and how did they get an address list for it? Again: I wouldn't even know where to go to get an address list for that address. It shouldn't even have one....
Ugh. This whole thing makes me feel old... Like I once knew everything there was to know about SMTP, but somehow I've forgotten something important, or something changed while I wasn't looking because as far as I understand it, this shouldn't be possible for someone to do. :/
0
Comments
I understand that spoofing is not tough. What I'm most confused about is where the spammer got a list of e-mail addresses to send the message to.
I would post the header for you if I knew how to tell gmail to show it to me.
Now that I can see it, it's obvious that the real sender was a throw-away hotmail account.
Still doesn't explain how they got my friends' addresses, however.
That makes sense.
But is there anything that even can be done from my end?
Unfortunately Tushon is correct, There really is nothing you can do about it.
The eternal battle against Spam rages on.
If you've ever been sent a BS chain email by one of your tard friends, and all the addresses are in the 'to' field, they know some kind of relationship exists there, and sending as one of those addresses to the entire list is likely to work sociologically.
This is why I want to stab one person I know in the face when I get the monthly super-long anti-Obama email with hundreds of email addresses on it.
Exhibit A
Exhibit B