Welcome to Xfinity Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,857,405

members

1,529

online

29,967

topics

Top

Getting a lot of bounce backs from "MAILER-DAEMON" showing my email address

Regular Visitor

Getting a lot of bounce backs from "MAILER-DAEMON" showing my email address

I am consistently getting a lot of email from Mailer Daemon with messages that my email is undeliverable. But these are not emails that I have sent. I would love some help to try to figure out what the issue is.

 

The suject of the emails is garbage like "great stuff for you" or some other spam type stuff. I found a similar case on the forum post here, which was very close to my issue. 

 

However in my case, the email addresses that have been sent spam under my email address sometimes *are* people from by address book, which leads me to believe that my account is compromised - instead of just some random spam sender impersonating my email address.

 

I have changed passwords and have ran antivirus software. 

 

Here is a example email with header and content:

 

Received: from reszmta-po-08v.sys.comcast.net (LHLO
 reszmta-po-08v.sys.comcast.net) (96.114.154.200) by
 resmail-po-791v.sys.comcast.net with LMTP; Sun, 26 Jun 2016 14:51:09 +0000
 (UTC)
Received: from resimta-po-12v.sys.comcast.net ([96.114.154.140])
	by reszmta-po-08v.sys.comcast.net with SMTP
	id HAhZbIQncbLPHHBOvbvoH6; Sun, 26 Jun 2016 14:51:09 +0000
Received: from mailex.mailcore.me ([94.136.40.143])
	by resimta-po-12v.sys.comcast.net with comcast
	id BSp71t03635KSAe01Sp8mh; Sun, 26 Jun 2016 14:49:08 +0000
X-CAA-SPAM: N00000
X-Authority-Analysis: v=2.2 cv=YsLgf8QX c=1 sm=1 tr=0
 a=EhJYbXVJKsomWlz4CTV+qA==:117 a=KiCxJD0x+Pe5VASQKmYoJrcyuOo=:19
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=ZZnuYtJkoWoA:10 a=pD_ry4oyNxEA:10
 a=1wU6dRzK5RkA:10 a=UGdR0ybiYXfMX1SO1OwA:9
X-Xfinity-Message-Heuristics: IPv6:N
Received: from exim by smtp04.mailcore.me with local (Exim 4.80.1)
	id 1bHBMx-00015E-GF
	for <Edited for violating forum guidelines:"Personal Information">; Sun, 26 Jun 2016 15:49:07 +0100
Auto-Submitted: auto-replied
From: Mail Delivery System <Mailer-Daemon@smtp04.mailcore.me>
To: <Edited for violating forum guidelines: "Personal Information">
Subject: Warning: message 1bGQsy-000AZo-MJ delayed 48 hours
Message-Id: <E1bHBMx-00015E-GF@smtp04.mailcore.me>
Date: Sun, 26 Jun 2016 15:49:07 +0100

This message was created automatically by mail delivery software.
A message that you sent has not yet been delivered to one or more of its
recipients after more than 48 hours on the queue on smtp04.mailcore.me.

The message identifier is:     1bGQsy-000AZo-MJ
The subject of the message is: great stuff for you
The date of the message is:    Fri, 24 Jun 2016 16:10:56 +0300

The address to which the message has not yet been delivered is:

  <Edited for violating forum guidelines: "Personal Information">

No action is required on your part. Delivery attempts will continue for
some time, and this warning may be repeated at intervals if the message
remains undelivered. Eventually the mail delivery software will give up,
and when that happens, the message will be returned to you.

 

 

I saved several of these messages. This is just a sample. I am concerned that my email address is being used to send spam to my contacts, but I do not know quite what's going on here. 

 

Any guidance or clues would be greatly appreciated! thanks!

Contributor

Re: Getting a lot of bounce backs from "MAILER-DAEMON" showing my email address

Usually, a bunch of emails in your "sent" folder that you did not send is almost always a sign of a hack.  When this happens, your whole email account is compromised, including your address book and contacts. 

 

The best thing to do is change your password immediately (which you have done) to something very secure and optimally a password you do not use anywhere else. 

 

I, personally, would also send a "blast" or group email to everyone in your address book with the subject line "Email compromised, please read", and then explain to your contacts briefly and let them know not to click on any links in the email.  This isn't necessary, but I would as a courtesy. 

 

You sound quite knowledgeable, and I'm not sure if you want to put in the work or effort to track your hacker.  I was able to get this data on the server (Host Europe GMBH) it was sent through:

 

Continent: Europe
Country: United Kingdom gb flag
Latitude: 51.4964  (51° 29′ 47.04″ N)
Longitude: -0.1224  (0° 7′ 20.64″ W)

 

Good luck!

 

Xfinity Forum Archive
About the archive project

Xfinity Forum Archive...

This is an archived section of the community.

Content in this area has been identified as outdated or irrelevant.

This change was done in an effort to make the forum easier to use and to keep only the most helpful and recent content active.

Post your questions in the Xfinity Community

Discussion stats
  • 1 reply
  • 667 views
  • 0 kudos
  • 2 in conversation