topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:17 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Spammer Question with Webmail server  (Read 7546 times)

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Spammer Question with Webmail server
« on: December 05, 2013, 03:53 PM »
My wife has a yahoo account, and every so often, people get spam that looks like it came from her.

It isn't in her outbox, and the headers look like it came from Yahoo servers, but it does include contacts from her contacts list?

Do spammers harvest e-mails/passwords and then use the mail servers directly?  Is that even possible with webmail, and is it a practice that anyone has seen?

I've advised her to change her password, but I was just wondering for general information.

Thanks!

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #1 on: December 05, 2013, 07:16 PM »
The only time I ran into that was when a client had her personal Yahoo account hijacked and was spamming everybody in her (very large) contact list. But whoever did it also changed her password thereby locking her out. And the spam was so ridiculous that it was obviously from somebody else. So it was pretty obvious somebody was playing games with her account. Unfortunately, working with Yahoo to get her access back was a study in patience and aggravation.

Email headers can be spoofed however, so it doesn't automatically follow that the header info reflects the actual origin of the email in question. Email addresses can be harvested as well so that's not anything unusual. But having her header on spam to one of her contacts is somewhat bothersome.

She should definitely change her passwords - and enable two factor authentication if she's in the habit of getting her email in public places - or going through coffee shop and other insecure public routers. She should also do the usual checks for resident malware on all the devices she uses for email.

If it's only occasional, and the frequency of occurrence isn't increasing, I wouldn't be too concerned.

In my client's case, her problems started shortly after she used a machine at one of her own client's offices to access her email via the web. There was something on that machine that likely scooped her credentials, and it was downhill from there for her.

That's about all I can suggest. Luck!

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #2 on: December 05, 2013, 07:48 PM »
Thanks for the suggestions!

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #3 on: December 05, 2013, 08:08 PM »
I don't have any answers but to a casual receiver, anyone can make email look like it came from anyone else.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #4 on: December 05, 2013, 08:38 PM »
I received it, and am not exactly casual :)  I can't decipher the yahoo DKIM, but it looks the same as one that's legitimately from her, and a couple of the keys for the yahoo SMTP server are exactly the same.  Wouldn't that tend to mean in some way it came through their server?  Or can someone legitimately sign the DKIM with someone else's SMTP key?

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #5 on: December 06, 2013, 07:01 AM »
It isn't in her outbox, and the headers look like it came from Yahoo servers, but it does include contacts from her contacts list?

Classic spam trick is to use the first half of an address book to validate spam sent to the second half of the address book. This is actually fairly easy, because most people in any social circle have many contacts in common. Chances are your wife's account and machine are fine...but one of her friends got hit and her address is just cyclically bubbling to the top for "validation". And if that person is also on a Yahoo account it adds veracity to the appearance of the headers by "legitimately" pushing it through their hijacked Yahoo account.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #6 on: December 06, 2013, 07:40 AM »
Probably not a spam trick - Yahoo servers have been under attack for at least 2-3 years and regularly hacked into. Accounts have been compromised without passwords being needed.

I have had many Yahoo customers (and BT/Yahoo users) in the UK who have had spam sent out to their entire contact list and I know this has been an issue worldwide for a long time.

Also check any email addresses attached to your account - one other trick from this hacking I have seen is a bogus email address added in to your account settings which means that if you try to change the password the spammers are informed too!!!

I have also seen some people locked out of their account by passwords being changed by unknown parties - so far managed to get their accounts reinstated.

Best advice at the moment is find an alternative email provider and make sure you backup you address book from Yahoo and then delete your entire content list from their servers otherwise it will continue to happen.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #7 on: December 06, 2013, 08:00 AM »
Best advice at the moment is find an alternative email provider and make sure you backup you address book from Yahoo and then delete your entire content list from their servers otherwise it will continue to happen.

Good advice. Especially since it's so inexpensive to register a domain name these days. Most registrars throw in one free POP email account as part of the deal. GoDaddy wants something like $3/mo for single and $5/mo for 5-address e-mail hosting. I'm sure there are better and cheaper providers out there too.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #8 on: December 06, 2013, 09:09 AM »
Oh... I have a domain.  And have her an address on it.  And on gmail.  And on a google hosted domain.

But since she's been using this for over 10 years, none of my efforts to get her off of it have worked...  :-\

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #9 on: December 06, 2013, 09:30 AM »
^Yup. I deal with that too. I still have two clients that insist on using their AOL accounts for their main business email address.   :-\

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #10 on: December 06, 2013, 10:33 AM »
Tell her to sort out the problems and not to complain in the future!!!

Nothing like withdawal of free support to provoke a response ... she can always pop mail from the old Yahoo account if she wants to but she needs to get rid of the online contact list on Yahoo otherwise her contacts will be getting pretty fed up with the spam!

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #11 on: December 06, 2013, 10:35 AM »
^ i don't like sleeping on the couch  :tellme: :'(

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #12 on: December 06, 2013, 11:09 AM »
^ i don't like sleeping on the couch  :tellme: :'(

LOL! :Thmbsup:

Or worse...

in-the-doghouse.jpg

 ;)

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #13 on: December 06, 2013, 12:28 PM »
 :-* LOL - I forgot you are whipped!  :-\

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #14 on: December 06, 2013, 02:22 PM »
I wouldn't call it so much that as very aware of the married condition  ;)  :Thmbsup:

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #15 on: December 06, 2013, 05:57 PM »
I wouldn't call it so much that as very aware of the married condition  ;)  :Thmbsup:

+1 - Kids can talk what they wish...but I'm coming up on a 22 wedding anniversary the 21st of this month, so I know from where you come on that. ;)

clk4suport

  • Participant
  • Joined in 2013
  • *
  • Posts: 12
    • View Profile
    • Donate to Member
Re: Spammer Question with Webmail server
« Reply #16 on: December 19, 2013, 03:44 AM »
Hi there,

its all depend upon how security you get in your wife's account..

Thank You