Email Scam Help

[ZiprHead]

So here's the situation. Started getting emails from people complaining of email from my and others accounts saying "stop sending me this spam!" Funny thing is, my email address is not listed in the sent to field. They have other people's emails and, so far, three different sketchy, sometimes hidden, web site addresses. Tried to access one of them directly by both domain name and IP and cannot reach them. All the people affected by this are charter.net or charter.com users. I've already replaced the password on my email account but it has done no good so I don't think my account has been hacked.

Any ideas?

 

[Jimmy Higgins]

Install Linux. [emoji2957]

Isn’t this just a *.charter.net header thing. It isn’t your account they are spoofing the from.

 

[Cheerful Charlie]

Google email spoofing. There are lots of ways to do this and new ways are being invented all the time.

Example:
https://lifehacker.com/how-spammers-spoof-your-email-address-and-how-to-prote-1579478914

 

[bigfield]

So here's the situation. Started getting emails from people complaining of email from my and others accounts saying "stop sending me this spam!" Funny thing is, my email address is not listed in the sent to field. They have other people's emails and, so far, three different sketchy, sometimes hidden, web site addresses. Tried to access one of them directly by both domain name and IP and cannot reach them. All the people affected by this are charter.net or charter.com users. I've already replaced the password on my email account but it has done no good so I don't think my account has been hacked.

Any ideas?

Most email providers will provide an SPF record that tells the world which IP addresses are allowed to send emails from a given domain. It's an anti-spam feature that was added because the original email protocol (SMTP) lets senders put anything they want as their FROM address.

For example, talkfreethought.org publishes an SPF record that only allows emails from @talkfreethought.org to originate from 68.169.46.29 and 68.169.46.29, which is where the mail server and the vBulletin website can be found. Anything else is declared to be spam (AKA "soft fail"). Receivers are supposed to check all incoming mail against these SPF records to make sure each email is coming from a permitted IP address.

My guess is that either that:
a) Your email provider doesn't publish an SPF record, which is letting everyone spoof your email address.
b) charter.com (and .net) isn't filtering incoming spam correctly.

Your can check the former by doing the following:
1. Visiting mxtoolbox.com
2. Enter spf:youremaildomain.com in the domain box. It should show you a nice green box that has something like this:

v=spf1 +a +mx +ip4:68.169.46.29 ~all

(That's the SPF record for talkfreethought.org, as an example)

 

[ZiprHead]

Looks like charter has caught up to the issue. Just tried to send warnings to other users and the email was rejected by charter as spam so problem solved.

 

[bigfield]

Looks like charter has caught up to the issue. Just tried to send warnings to other users and the email was rejected by charter as spam so problem solved.

Seems like they've potentially created a new problem. By blacklisting your email address, Charter has made it impossible for you to legitimately email anyone with a Charter email address.

 

[Loren Pechtel]

What probably happened is some spammer forged your address for the origin address.

What's happened now is you're blacklisted from any domain they control, you can't email any of their subscribers.

 

[barbos]

What probably happened is some spammer forged your address for the origin address.

What's happened now is you're blacklisted from any domain they control, you can't email any of their subscribers.

I thought that shit was fixed in the last century.

 

[Bronzeage]

I thought everybody knew better than to reply to a spam email. What better way to compile a list of valid email addresses than to send out computer generated emails which say, "Stop sending me spam," and wait to see who writes back.

 

[Loren Pechtel]

What probably happened is some spammer forged your address for the origin address.

What's happened now is you're blacklisted from any domain they control, you can't email any of their subscribers.

I thought that shit was fixed in the last century.

If 99.99% of e-mail servers correctly validate the forged stuff gets routed through the remaining .01%.