Someone jacked / spoofing my yahoo email account?

Yakoob on 10/12/2010 at 04:15

So I just got the following message in my yahoo mail:

Quote:

FROM: "MAILER-DAEMON@mail12.ispfr.net" <MAILER-DAEMON@mail12.ispfr.net>
SUBJECT: failure notice

Hi. This is the qmail-send program at mail12.ispfr.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

[ [email]falconcjb@hotmail.com[/email] ]:
65.55.37.72 does not like recipient.
Remote host said: 550 Requested action not taken: mailbox unavailable
Giving up on 65.55.37.72.

[ [email]etienned@goddess-gate.com[/email] ]:
212.227.15.169 does not like recipient.
Remote host said: 550 [etienned@goddess-gate.com]: invalid address
Giving up on 212.227.15.169.

[ [email]jimpaint@mac.com[/email] ]:
17.148.17.41 does not like recipient.
Remote host said: 550 5.1.1 unknown or illegal alias: [email]jimpaint@mac.com[/email]
Giving up on 17.148.17.41.

[ [email]plaliberte@ustrust.com[/email] ]:
171.161.161.178 does not like recipient.
Remote host said: 550 5.1.1 [plaliberte@ustrust.com]... User unknown
Giving up on 171.161.161.178.

--- Below this line is a copy of the message.

Return-Path: [ MY EMAIL ]
Received: (qmail 5953 invoked from network); 9 Dec 2010 23:12:33 -0000
Received: from cl4.ispfr.net (195.114.18.148)
by mail12.ispfr.net with SMTP; 9 Dec 2010 23:12:33 -0000
To:
[email]alexandra.wales@skim.com,chronicletours@africaonline.co.ke,plaliberte@ustrust.com,pinder.basi@rogers.com,nerak_076@hotmail.com,lorenitahico@hotmail.com,falconcjb@hotmail.com,etienned@goddess-gate.com,jimpaint@mac.com[/email]
Subject: jwells1075zyyeyv.us
From: erende [MY EMAIL]
Date: Thu, 09 Dec 2010 23:12:20 -0000
Customer-Id: 1216
Abuse: [email]abuse@ispfr.net[/email]

(http://algerie-medical.com/welcome.php) caniozzibrowneh1

Looks like someone sent a spam email to a bunch of email and the sender was my email. WTF? Could someone have hacked into my account (my password hasn't been changed, so I doubt that)? Or is someone spoofing my email? Any ideas?

Also, the spam email from, erende, is NOT my email's sender name, even though the actual email address matches (hence why I suspect spoofing rather than hijack).

Digital Nightfall on 10/12/2010 at 04:54

It's possible. Change your password.

Enchantermon on 10/12/2010 at 05:41

Yeah, account hijackers don't always change the passwords of the accounts they break into. It's actually better if they don't, because then the owner doesn't have a clue that they've been hacked, except in this case since you're actually paying attention.

Al_B on 10/12/2010 at 07:35

It's more likely that it's simply a case of them forging your email address as the return address. Some mail servers (qmail is particularly bad) send a copy of the email back to the sender which as its forged meaning you get a a copy of the spam email. It's known as (http://en.wikipedia.org/wiki/Backscatter_(e-mail)) backscatter.

Does the host name or IP address mentioned: cl4.ispfr.net (195.114.18.148) relate to your ISP? If so then you may have cause for concern and there shouldn't be any harm with changing your email password in any case.

Yakoob on 10/12/2010 at 14:57

I did change my password, it was the first thing I did of course.

The ping traces back to Azura Networks, located in France. I am currently at Queens University in Belfast, North Ireland so doesn't seem to be a relation there.

Al_B on 10/12/2010 at 21:04

In that case you're probably safe. If you're not in France then there's little reason for the emails to be routed through that server so they probably originated there and not at your ISP. They probably picked up your email address either because you've posted it somewhere or someone who you've sent email to was compromised. I've had it happen to me a couple of times and it's annoying but unfortunately there's little you can do about it.

june gloom on 15/12/2010 at 20:04

Oh the irony.

Sulphur on 15/12/2010 at 20:37

Tell me about it. :rolleyes:

I'm too lazy to click on that report button this time. Strange that it's an actual person instead of a bot in this day and age.