Thousands of bounced emails per day

Gabbitas · 12/12/10 - 10:54

I have a third-party POP3 email account and recently it's been receiving thousands of apparently bounced back emails a day. These bounced emails appear to originate from AVG for Email <avgmail@localhost>. The original emails seem to be from Euromillions Belgium seeking email address confirmation and are addressed to random email addresses, none of which I recognise. My actual email address is not referenced at all in any of these emails so the email client on my PC doesn't download them, but they're visible when I access my account via webmail.

I will be contacting my email service provider about this as I believe the problem lies not with me or my email address, but with their server. The absence of any reference to my email address suggests that to me. Can anyone think of any reason why it wouldn't be a server-side issue?

TIA.

Stig · 12/12/10 - 13:35

Your email address is being as the 'reply' address in spam email.

There is nothing you can do about it. Normally the problem goes away in a few days. This happened to my Dad some years ago.

You should change your email password and check for spyware in the rare chance that the spam is actually originating from your PC or email server.

[Deleted User] · 12/12/10 - 13:40

You need to check the full email header to be certain that it was not sent to your email address.
Fortunately my ISP filters out the most blatant spam, but when I check the emails trapped in their spam filter most of the spam emails are "to" someone else, but my address may well appear in the cc list. Also, if someone has used bcc then your email address won't be obviously in the email header at all.

Unfortunately it sounds like your email address may be on a spammers' list.

What I would do is to ask your POP3 email provided about whether or not they have spam filtering which you could turn on. If this is already on then ask them about why these emails have come through their filtering.

Gabbitas · 12/12/10 - 14:36

Thanks for your replies Stig and JPB.

I've studied the email headers extensively and my email address is definitely not referenced at all. And it's most definitely not spam being generated by any of my PCs as I'm currently at work and all my home machines are off.

Surely if my address is being used as the return address for spam, then the bounced emails would contain my address and my email client would download them? That's what makes me believe that the email server's been attacked rather than me specifically.

I've contacted my email service provider and I'm awaiting a response. In the mean time I will try changing the password.

Thanks again.

Stig · 12/12/10 - 14:50

Can you paste the email header here so we can take a look?

If the mails mention Euromillions it's no doubt a scam that being sent out to thousands of people.

Gabbitas · 12/12/10 - 15:11

Here you go Stig. I've replaced my email server's actual address with 'My_email_server'.

From: AVG for Email <avgmail@localhost>
Headers: Show Limited Headers

This message was written in a character set (X-UNKNOWN) other than your own.
If it is not displayed correctly, click here to open it in a new window.

--===AVG-6CE36702===
Content-Description: Notification
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit

Informations du programme Scanner e-mail AVG

Le message a été retourné
car il n'a pu être remis à un ou plusieurs destinataires.
Le serveur de messagerie a retourné l'erreur suivante :

alule@atcsplc.com: <alule@atcsplc.com>: Recipient address rejected: No such user [04G9OJ7DTJ00]

Votre message vous est renvoyé dans la partie suivante de ce
message. Essayez à nouveau d'envoyer ce message.

Si vous avez besoin d'aide, contactez votre administrateur ou votre
fournisseur d'accès à Internet.

Vous pouvez également contrôler les paramètres du client de messagerie, par exemple :
- la configuration de l'authentification SMTP
- le nom du serveur SMTP
- l'adresse de l'expéditeur par rapport au domaine utilisé par le serveur SMTP

--===AVG-6CE36702===
Content-Description: Undelivered Message
Content-Type: message/rfc822

Received: from 127.0.0.1 (AVG SMTP 9.0.872 [271.1.1/3309]); Sat, 11 Dec 2010 18:55:36 +0100
Received: from User ([82.128.88.100]) by My_email_server with MailEnable ESMTP; Sat, 11 Dec 2010 18:55:27 +0100
Reply-To: <fl.inc@dnsau.org.uk>
From: "Euro Millions"<postmaster@My_email_server>
Subject: Please Confirm Your Email...........
Date: Sat, 11 Dec 2010 18:55:28 +0100
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1081
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
Message-ID: <0FC0E6F63FBE4D0D813E719EE8E38398.MAI@My_email_server>

<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY bgcolor=#FFFFFF leftmargin=5 topmargin=5 rightmargin=5 bottommargin=5>
<FONT size=2 color=#000000 face="Arial">
<DIV>
<FONT size=2 face="Tahoma">                                            Euro Millions</FONT></DIV>
<DIV>
<FONT size=2 face="Tahoma">                              Date of Draw:Friday, August 13, 2010</FONT></DIV>
<DIV>
<FONT size=2 face="Tahoma">                                 Draw Number:Draw number:2010/33</FONT></DIV>
<DIV>
<FONT size=2 face="Tahoma">                       Lucky draw numbers: 4- 9 - 15 - 21 - 47 - 2- Match 5+2PB</FONT></DIV>
<DIV>
<FONT size=2 face="Tahoma">                    Winning Number:7    Match 5+2PB Winning Category 1</FONT></DIV>
<DIV>
<FONT size=2 face="Tahoma">               Amount of Winning: EUR 5,000,000.00/ US$ 6,399,500.00</FONT></DIV>
<DIV>
<FONT size=2 face="Tahoma"> </FONT></DIV>
<DIV>
<FONT size=2 face="Tahoma">http://www.euromillions.be/FR/PlayAndWin/DrawGames/Euromillions/Results/previousresults.aspx</FONT></DIV>
<DIV>
<FONT size=2 face="Tahoma"> </FONT></DIV>
<DIV>
<FONT size=2 face="Tahoma">     If you wish to claim your winnings contact your assigned claims agent as follows</FONT></DIV>
<DIV>
<FONT size=2 face="Tahoma">                  Name: Leon Deschamp Email address: fl.inc@dnsau.org.uk</FONT></DIV>
<DIV>
<FONT size=2 face="Tahoma">You will receive further instructions on your acknowledgement of this email notice.</FONT></DIV>
<DIV>
<FONT size=2 face="Tahoma"> </FONT></DIV>
<DIV>
<FONT size=2 face="Tahoma">                                              Congratulations!!!!</FONT></DIV>
</FONT>
</BODY></HTML>

--===AVG-6CE36702===--

Stig · 16/12/10 - 08:23

They aren't full headers. Anyhow, you need to see the original email and not the bounce to find out what's going on.

82.128.88.100 is an address associated with multilinks.com in Africa.

Gabbitas · 16/12/10 - 08:31

Stig wrote: »

They aren't full headers. Anyhow, you need to see the original email and not the bounce to find out what's going on.

82.128.88.100 is an address associated with multilinks.com in Africa.

Ah, OK. That's all I received. Many thanks anyway.

I've raised the issue with my email provider and they've escalated it up to their technical team. Hopefully *something* can be done as it's doing my head in!!

Gabbitas · 17/12/10 - 17:28

A wee update for anyone who's interested

.

My email provider has uncovered a 'wider issue' than just my account on one of their servers regarding these thousands of spam emails per day. Their engineers are working on it...

Hey there!

Quick Links

Thousands of bounced emails per day

Comments