You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Michael Scheidell <mi...@secnap.com> on 2010/12/09 15:58:19 UTC
Re: Odd yahoo spam
On 12/9/10 9:33 AM, Randy Ramsdell wrote:
> I have been receiving bounces to my yahoo account for email I did not
> send. From the pastebin, you see the email did originate from the
> yahoo servers but is not in my sent directory. This is an interesting
> case and I cannot determine how this happened. One thing could be my
> account was compromised, but I really doubt that given the password I
> chose and the fact they did not change it to lock me out. I did change
> the password however. Each address in this e-mail are people I have
> sent to from yahoo, but these people are not connected to each other
> except for the work accounts. The "common thread" is me. of course.
>
we have seen lots of this lately. if you catch it really quickly, you
might see it in the sent folder.
I will (under separate email since I don't want to 'spam' the list) send
you an alert we did on it.
anyone wanting it, can email me and I'll send it to you.
> Also not that sending e-mail from my yahoo account does not appear to
> route the same way. I was thinking someone used an API to interface
> with yahoo which would show different received headers. I know that
> yahoo has many servers so this point may be moot.
>
> Can anyone add insight as to how this is happening?
>
> http://pastebin.com/WYYLpEJh
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
>*| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
Re: Odd yahoo spam
Posted by Randy Ramsdell <rr...@activedg.com>.
Michael Scheidell wrote:
> On 12/9/10 9:33 AM, Randy Ramsdell wrote:
>> I have been receiving bounces to my yahoo account for email I did not
>> send. From the pastebin, you see the email did originate from the
>> yahoo servers but is not in my sent directory. This is an interesting
>> case and I cannot determine how this happened. One thing could be my
>> account was compromised, but I really doubt that given the password I
>> chose and the fact they did not change it to lock me out. I did change
>> the password however. Each address in this e-mail are people I have
>> sent to from yahoo, but these people are not connected to each other
>> except for the work accounts. The "common thread" is me. of course.
>>
> we have seen lots of this lately. if you catch it really quickly, you
> might see it in the sent folder.
>
> I will (under separate email since I don't want to 'spam' the list) send
> you an alert we did on it.
>
> anyone wanting it, can email me and I'll send it to you.
>
>
I have seen these for years but I do not see how the cracked my account
brute force. I am not implying it is impossible but ... My password uses
letters and numbers. It would take a long time to crack this and why
bother when they would get million of account before cracking my
account? It seems more like they compromised yahoo and stole accounts.
Anyway, is there any other way to send mail as in the pastebin.