Results 1 to 9 of 9

Thread: SPAM from YourHostingAccount.com or is the provider compromised?

  1. #1
    Registered
    Join Date
    May 2014
    Location
    Virginia
    Posts
    1
    Rep Power
    0

    SPAM from YourHostingAccount.com or is the provider compromised?

    I've been receiving emails from YourHostingAccount.com for emails I have not sent that the site reports as undeliverable.

    Has anyone else been receiving notifications from the YourHostingAccount.com provider?

    Reviewing my Powweb managed POP3 email account activity and my Outgoing SMTP from my ISP, I can not locate the source emails the YourHostingAccount.com identified as undeliverable or ever being sent.

    Just in case anyone thinks this may be a SPAM site, look at your email headers for the email you use through your POWWEB provided email service - they go through YourHostingAccount.com - Be careful blacklisting the site as it may affect the rest of your email accounts.

  2. #2
    target='_blank' snowmaker's Avatar
    Join Date
    Nov 2002
    Location
    West Virginia
    Posts
    3,443
    Rep Power
    21
    Welcome to the Forum. YourHostingAccount.com is not a spam site. They are Powweb's mail servers. You might have been Joe Jobbed - https://en.wikipedia.org/wiki/Joe_job, and the spammer is using your email address as the From: address, so you would get the 'undeliverable reports'.
    -bruce /* somdcomputerguy */
    'If you change the way you look at things, the things you look at change.'

  3. #3
    Registered
    Join Date
    Feb 2007
    Location
    Minneapolis
    Posts
    17
    Rep Power
    0
    i have the same thing happening to me. Is there anything i can do to prevent this from happening?

  4. #4
    target='_blank' snowmaker's Avatar
    Join Date
    Nov 2002
    Location
    West Virginia
    Posts
    3,443
    Rep Power
    21
    Unfortunately, there is nothing but time that stops a Joe Job, AFAIK. I am a member of another forum - http://www.emaildiscussions.com, and it is full of 'email knowledgable' folks. Ask over there if you want want a better answer than I can give you, it might be the same though.. I'm sure you will get a few more replies here as well, but those might be the same too..

    edit:

    ya, I forgot that you can set up some filters..
    Last edited by snowmaker; 6-19-14 at 01:33 AM.
    -bruce /* somdcomputerguy */
    'If you change the way you look at things, the things you look at change.'

  5. #5
    Custom User Title entrecon's Avatar
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    2,742
    Rep Power
    16
    I had that happen to one of my e-mail addresses here a couple months back. Not much you can do. I just put a filter on the e-mail to automatically route the undeliverable e-mail to the trash.
    ________________________________
    Find me on twitter: @entrecon

  6. #6
    PowWeb Staff
    Join Date
    Jun 2012
    Location
    Phoenix
    Posts
    122
    Rep Power
    6
    It definitely does sound like spoofing. A method to help prevent this is to have proper SPF records on your DNS. When the receiving party compares the data received with your information then they will know that it is not valid. It's not a sure thing, but it definitely helps. Our systems automatically make sure this is setup with domains hosting with us - it is always a good idea to check however, in case it was deleted during some manual changes.
    Melissa
    Technical Support

  7. #7
    linnetwoods's Avatar
    Join Date
    Apr 2003
    Location
    Everywhere! Currently Mallorca, Balearic Islands
    Posts
    1,470
    Rep Power
    16
    Hi there! Not sure if this is the right thread but I've been receiving emails from one of my domain addresses to the same address and I am wondering how it is possible for this to happen. Should I post here, or send elsewhere, the header information?
    The pen is mightier than the sword. Except when the other guy has the sword
    LinnetWoods.com

  8. #8
    Thinkin' out loud again Builder's Avatar
    Join Date
    Nov 2002
    Location
    Illinois
    Posts
    2,088
    Rep Power
    19
    Hey linnetwoods! Good to see you post even if it is with a problem.

    If you post headers I or someone can trace the IP (maybe) and you can blacklist it in OPS. Or do it yourself if you can figure out the absolute originating IP. Other than that, time wounds all heels (or something like that... ). Wait around and they move on.

    Kevin
    A good friend will come and bail you out of jail...
    but a true friend will be sitting next to you saying,
    "Damn... that was fun!"

  9. #9
    linnetwoods's Avatar
    Join Date
    Apr 2003
    Location
    Everywhere! Currently Mallorca, Balearic Islands
    Posts
    1,470
    Rep Power
    16

    Header

    Hiya Kevin! Sorry about the delay in replying - my Internet connection is totally hopeless at the moment - the boat keeps swinging and bouncing about so I haven't even tried lately! Here's the header on the latest one... I've never blacklisted anything before so that will be exciting if I can do it before my connection drops again... LOL It might be useful, anyway, for someone at Powweb to know who is succeeding in doing these things...

    Return-path: <SRS0=FqsPI5=CO=linnetwoods.com=paypal@linnetwoods .com>
    Envelope-to: paypal@linnetwoods.com
    Delivery-date: Tue, 27 Jan 2015 06:21:00 -0500
    Received: from [10.114.3.13] (helo=smtp.maileig.com)
    by walmailscan03.yourhostingaccount.com with esmtp (Exim)
    id 1YG4CZ-0004jw-Vp
    for paypal@linnetwoods.com; Tue, 27 Jan 2015 06:20:59 -0500
    Received: from smtp.aju.edu ([76.79.81.79])
    by walimpinc13 with bizsmtp
    id kzLy1p01B1igmt001zLzZx; Tue, 27 Jan 2015 06:20:59 -0500
    X-EN-OrigIP: 76.79.81.79
    X-EN-IMPSID: kzLy1p01B1igmt001zLzZx
    X-MDAV-Result: clean
    X-MDAV-Processed: smtp.aju.edu, Tue, 27 Jan 2015 03:14:52 -0800
    X-Spam-Processed: smtp.aju.edu, Tue, 27 Jan 2015 03:14:52 -0800
    X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mx
    X-Spam-Level: *****
    X-Spam-Status: No, score=5.3 required=6.0 tests=BAYES_50,DEAR_FRIEND,
    HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY, NO_RELAYS shortcircuit=no
    autolearn=disabled version=3.3.2
    Received: from INET5 by smtp.aju.edu (MDaemon PRO v13.0.4)
    with ESMTP id 14-md50000007821.msg
    for <paypal@linnetwoods.com>; Tue, 27 Jan 2015 03:14:42 -0800
    X-MDRemoteIP: 76.79.81.104
    X-Return-Path: paypal@linnetwoods.com
    X-Envelope-From: paypal@linnetwoods.com
    X-MDaemon-Deliver-To: paypal@linnetwoods.com
    MIME-Version: 1.0
    From: paypal@linnetwoods.com
    To: paypal@linnetwoods.com
    Date: 27 Jan 2015 03:13:54 -0800
    Subject: American Jewish University | Emailing a link
    Content-Type: text/html; charset=us-ascii
    Content-Transfer-Encoding: quoted-printable
    Reply-To: paypal@linnetwoods.com
    Message-ID: <MDAEMON-F201501270314.AA1440298md50000000051@lists.aju.edu >


    I can't figure out who/what exactly it is that I would be blacklisting either... I've never seen anything like this before!
    Last edited by linnetwoods; 1-27-15 at 04:45 PM. Reason: Forgot last sentence
    The pen is mightier than the sword. Except when the other guy has the sword
    LinnetWoods.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •