Virus or spam?

UKworkshop.co.uk

Help Support UKworkshop.co.uk:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.

RogerS

Established Member
Joined
20 Feb 2004
Messages
17,921
Reaction score
271
Location
In the eternally wet North
I'm a bit stumped. A friend of mine uses dial-up to access her MailZone email account on OneTel. This is a web-based email system...so all the mail etc is left on their server.

She's recently been receiving failure notice emails from their Mailer-Daemon saying that a message can't be sent to ...then a list of email addresses with various error messages such as unknown recipient. At the very end is the original email that she sent.

All the hallmarks of spam but where/how is it originating from? She runs the latest version of Norton and, as far as I can see, does not run an email client...so is it coming from the person she sent the email to? OneTel?

EDIT: two more Failure Notices...the original email destination in all three was to addresses at either .gov.uk or nhs.uk and I did hear rumours of them being targetted recently so maybe it's that
 
There should be a option to see the email headers. From that you can see the mail servers where the email was sent from. I would guess that her email address is being spoofed in which case I’m afraid there is nothing you can do.

If the email address is being spoofed then the spamer hasn’t got access to your friends account but is just making it look like your friend is sending the emails by putting her email address as the 'reply to' address.

But if the mail headers indicate that the email was sent from the MailZone servers I would get your friend to change her password and contact MailZone.
 
Sorry just re-read your post. Are you saying it's an email that she's actually typed out and sent to some one or a spam email?
 
Charley":o08j5ujx said:
There should be a option to see the email headers. From that you can see the mail servers where the email was sent from. I would guess that her email address is being spoofed in which case I’m afraid there is nothing you can do.

If the email address is being spoofed then the spamer hasn’t got access to your friends account but is just making it look like your friend is sending the emails by putting her email address as the 'reply to' address.

But if the mail headers indicate that the email was sent from the MailZone servers I would get your friend to change her password and contact MailZone.

Hi Charley

I thought of that but anaylsis of the header appears OK. Also, how could the spammer pick up her original email? I think in retrospect that it's come from the nhs servers being hacked.
 
have you tried sending test messages through from a different email account? i.e. your own?
 

Latest posts

Back
Top