Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

My account sending hidden SPAM e-mails, i receive only mail delivery failure for e-mails that i didn't send

  • 2 replies
  • 28 have this problem
  • 3062 views
  • Last reply by jscher2000

more options

My account sending SPAM e-mails but i can't find it in sent folder, i receive only undelivered message response for messages which i didn't send and problem is not on provider server i checked it out. Examples of server response: -

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

 ginger57@optonline.net
   SMTP error from remote mail server after end of data:
   host mx1.optonline.net [167.206.4.77]: 554 5.7.1 Spam detected by Cloudmark content scanner.  Message rejected.

This is a copy of the message, including all the headers. ------

Return-path: <stanko76@neobee.net> Received: from [181.64.16.205] (helo=kiwqdljpf) by smtp2.neobee.net with esmtpa (Exim 4.74) (envelope-from <stanko76@neobee.net>) id 1WPiCY-0004IY-2G for ginger57@optonline.net; Tue, 18 Mar 2014 01:48:20 +0100 Subject: FirmViagra Date: Mon, 17 Mar 2014 18:41:36 -0700 To: <ginger57@optonline.net> From: "Sleb Icap" <stanko76@neobee.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-7 X-Spam-Score: 1.2 (+) X-Scan-Signature: 05e778587fdac215ad5fe7047e8f78ed

http://holzstark.at/opportune.htm?la -


This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

 bet512@cox-internet.com
   SMTP error from remote mail server after RCPT TO:<bet512@cox-internet.com>:
   host mx.coxmail.com [68.99.120.4]: 550 5.1.1 <bet512@cox-internet.com> recipient rejected

This is a copy of the message, including all the headers. ------

Return-path: <stanko76@neobee.net> Received: from [181.64.16.205] (helo=kiwqdljpf) by smtp2.neobee.net with esmtpa (Exim 4.74) (envelope-from <stanko76@neobee.net>) id 1WPiCk-0004IY-B6 for bet512@cox-internet.com; Tue, 18 Mar 2014 01:48:32 +0100 Subject: SweetDrugs Date: Mon, 17 Mar 2014 18:41:48 -0700 To: <bet512@cox-internet.com> From: stanko76@neobee.net Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 X-Spam-Score: 2.3 (++) X-Scan-Signature: 05e778587fdac215ad5fe7047e8f78ed

http://selapak-cambodia.com/chic.html?zogyzeno - My configuration of Thunderbird is:

Application Basics Name Thunderbird Version 24.3.0 User Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 Profile Folder Show Folder (Local drive) Application Build ID 20140131124303 Enabled Plugins about:plugins Build Configuration about:buildconfig Crash Reports about:crashes Memory Use about:memory Mail and News Accounts ID Incoming server Outgoing servers Name Connection security Authentication method Name Connection security Authentication method Default? account1 (pop3) pop3.neobee.net:110 plain passwordCleartext smtp.neobee.net:25 alwaysSTARTTLS passwordCleartext true account2 (none) Local Folders plain passwordCleartext account3 (pop3) pop.mail.yahoo.com:995 SSL passwordCleartext smtp.mail.yahoo.com:465 SSL passwordCleartext true account4 (pop3) pop.mail.yahoo.com:995 SSL passwordCleartext smtp.mail.yahoo.com:465 SSL passwordCleartext true account5 (pop3) pop.mail.yahoo.com:995 SSL passwordCleartext smtp.mail.yahoo.com:465 SSL passwordCleartext true Extensions Name Version Enabled ID Test Pilot for Thunderbird 1.3.9 false tbtestpilot@labs.mozilla.com Important Modified Preferences Name Value browser.cache.disk.capacity 358400 browser.cache.disk.smart_size.first_run false browser.cache.disk.smart_size.use_old_max false browser.cache.disk.smart_size_cached_value 358400 dom.max_chrome_script_run_time 0 extensions.lastAppVersion 24.3.0 font.internaluseonly.changed true font.name.monospace.el Consolas font.name.monospace.tr Consolas font.name.monospace.x-baltic Consolas font.name.monospace.x-central-euro Consolas font.name.monospace.x-cyrillic Consolas font.name.monospace.x-unicode Consolas font.name.monospace.x-western Consolas font.name.sans-serif.el Calibri font.name.sans-serif.tr Calibri font.name.sans-serif.x-baltic Calibri font.name.sans-serif.x-central-euro Calibri font.name.sans-serif.x-cyrillic Calibri font.name.sans-serif.x-unicode Calibri font.name.sans-serif.x-western Calibri font.name.serif.el Cambria font.name.serif.tr Cambria font.name.serif.x-baltic Cambria font.name.serif.x-central-euro Cambria font.name.serif.x-cyrillic Cambria font.name.serif.x-unicode Cambria font.name.serif.x-western Cambria font.size.fixed.el 14 font.size.fixed.tr 14 font.size.fixed.x-baltic 14 font.size.fixed.x-central-euro 14 font.size.fixed.x-cyrillic 14 font.size.fixed.x-unicode 14 font.size.fixed.x-western 14 font.size.variable.el 17 font.size.variable.tr 17 font.size.variable.x-baltic 17 font.size.variable.x-central-euro 17 font.size.variable.x-cyrillic 17 font.size.variable.x-unicode 17 font.size.variable.x-western 17 mail.openMessageBehavior.version 1 mail.winsearch.firstRunDone true mailnews.database.global.datastore.id d3f7cbbc-ff7c-49f8-8265-081ff16f23e network.cookie.prefsMigrated true places.database.lastMaintenance 1394703331 places.history.expiration.transient_current_max_pages 104858 plugin.importedState true plugin.state.flash 0 plugin.state.java 0 plugin.state.npauthz 0 plugin.state.npbrowserplugin 0 plugin.state.npctrl 0 plugin.state.npdeployjava 0 plugin.state.npgeplugin 0 plugin.state.npgoogleupdate 0 plugin.state.npnokiasuiteenabler 0 plugin.state.nppdf 0 plugin.state.npspwrap 0 plugin.state.npvlc 0 security.default_personal_cert Select Automatically security.disable_button.openCertManager false security.disable_button.openDeviceManager false security.OCSP.require true Graphics Adapter Description Intel(R) HD Graphics Family Vendor ID 0x8086 Device ID 0x0116 Adapter RAM Unknown Adapter Drivers igdumd64 igd10umd64 igd10umd64 igdumdx32 igd10umd32 igd10umd32 Driver Version 8.15.10.2462 Driver Date 7-26-2011 Adapter Description (GPU #2) NVIDIA GeForce GT 630M Vendor ID (GPU #2) 0x10de Device ID (GPU #2) 0x0de9 Adapter RAM (GPU #2) 2048 Adapter Drivers (GPU #2) nvd3dumx,nvwgf2umx,nvwgf2umx nvd3dum,nvwgf2um,nvwgf2um Driver Version (GPU #2) 9.18.13.3165 Driver Date (GPU #2) 10-23-2013 Direct2D Enabled false DirectWrite Enabled false (6.2.9200.16571) ClearType Parameters ClearType parameters not found WebGL Renderer false GPU Accelerated Windows 0 AzureCanvasBackend skia AzureFallbackCanvasBackend cairo AzureContentBackend none JavaScript Incremental GC 1 Accessibility Activated 0 Prevent Accessibility 0 Library Versions Expected minimum version Version in use NSPR 4.10.2 4.10.2 NSS 3.15.4 Basic ECC 3.15.4 Basic ECC NSS Util 3.15.4 3.15.4 NSS SSL 3.15.4 Basic ECC 3.15.4 Basic ECC NSS S/MIME 3.15.4 Basic ECC 3.15.4 Basic ECC

Please help me to solve this problem.

All Replies (2)

more options

One possibility is that your address was "spoofed" and these are not originating from your computer or even being sent out through your email account. As far as I know, there is no way to stop that; it's a weakness of the design of email.

Another possibility is that someone is using your mail account and not saving the outgoing message in sent items. I assume you have already changed your password with your mail service but, if not, go ahead and do that now.

A third possibility is that your computer is infected with a "bot" or other malicious software that is generating spam in the background. Often this is the most effective way to send spam because your ISP trusts mail sent from within its network. This article recommends some scanners for Windows systems: Troubleshoot Firefox issues caused by malware.

more options

By the way, some non-delivery receipts (NDRs) are themselves spam messages with malicious attachments designed to infect your computer, so be cautious about opening any of those.