Skip navigation

Sigh, it’s amazing how little investigative work these monkeys do when trying to point the finger of who sends spam.  Note, their ‘quoted message’ tells me NOTHING because it fails to include email HEADERS which have all the relevant details (like IP address it was ACTUALLY sent from…).  You can read my response below it.

***

Your contract number:  XXXXXXXXX
Your customer ID:  XXXXXXXXXXX
Our reference:  [Ticket XXXXXXXX]
Note:  Your personal 1&1 contract number and your name certify that this e-mail was sent by 1&1 Internet Inc.

Dear Mr. Don Belmore,

This is an urgent notice regarding the security of your 1&1 account.

In the minutes before this e-mail, your 1&1 mailbox “XXXXXXXXXXXXXXX”
had been sending Spam e-mails.

We assume that a virus on your local computer spied out the password to your
mailbox and transferred it to the hackers. Having thus gained access to your
mailbox, the hackers misused it to send Spam e-mails through it.

How did we detect this? In order to protect your security, we use so called
spamtraps. Whenever they receive an e-mail that has been sent from your 1&1
mailbox, we know your mailbox was hacked. We will then alert you so that the
security of your account and data is quickly reestablished.

For your full information, you will find a copy of the Spam e-mail at the end of
this message.

******************************************************************************
Important: In order to protect your security, we have set the password of
“XXXXXXXXXXXXXXXXX” to a random value.

This impedes further malicious access to your mailbox.
******************************************************************************

To reestablish the security of your account and personal data, please
observe the following indications:

****************************************************************************
1. Check your computer for viruses
****************************************************************************
Perform a thorough anti-virus scan on all computers which have been used to
access the mailbox.

As immediate measure, get a free safety scan on

– Microsoft Safety Scanner:
http://www.microsoft.com/security/scanner/en-us/default.aspx

– MacScan (for MAC users):
http://macscan.securemac.com/download.html

As a permanent solution, 1&1 recommends Norton Internet Security, which you can
sign up for in your 1&1 Control Panel.

****************************************************************************
2. Inform other users of “XXXXXXXXXXXXXX”
****************************************************************************
Please inform everybody who had access to the mailbox of the possible virus
infection of their computer.

Note: The virus may be on any computer that was used to log-in into the mailbox.

****************************************************************************
3. Choose a new password for “XXXXXXXXXXXXXXXXXX”
****************************************************************************
In order to access your mailbox again, please simply change your password via
your 1&1 Control Panel.

Note: Please choose a new and secure password – do not enter the old value once
again.

For a guidance, follow the instructions in your 1&1 Help Center on:

http://help.1and1.com/e-mail-c37589/standard-e-mail-c37590/troubleshooting-c85089/how-can-i-reset-a-forgottenlost-e-mail-account-password-a604402.html

****************************************************************************

If you should require further information, please reply to this e-mail, leaving
our reference [Ticket XXXXXXXXXXXXXX] in your message.

Thank you for your attention to this matter. We appreciate your cooperation and
look forward to continue providing you safe and secure hosting.

*** COPY OF SPAM E-MAIL ****************************************************

FROM: Katie Cahoon
DATE: 2013-09-27 21:55:12
BODY: Affected Mail Account: ‘XXXXXXXXXXXXXXXXXXX’
Country code of delivering IP: EG (XXXXXXXXXXXXX)

——————————————————

Content checks:

RAZOR:
Listed in Razor2 (http://razor.sf.net/)

——————————————————

This is an email abuse report for an email message with the message-id of 0MVeOF-1VMY103M59-00YEC1@mrelay.perfora.net received from IP address 74.208.4.195 on Fri, 27 Sep 2013 15:55:14 -0400 (EDT)

For information, please review the top portion of the following page:
http://postmaster.aol.com/Postmaster.FeedbackLoop.php

For information about AOL E-mail guidelines, please see
http://postmaster.aol.com/Postmaster.Guidelines.php

If you would like to cancel or change the configuration for your FBL please use the tool located at:
http://postmaster.aol.com/SupportRequest.FBL.php
|—–*—–*—–*—–*—–*—–*—–*—–*—–*—–*—–*—–|
Feedback-Type: abuse
User-Agent: AOL SComp
Version: 0.1
Received-Date: Fri, 27 Sep 2013 15:55:14 -0400 (EDT)
Source-IP: XXXXXXXXXXXXXXXXX
Reported-Domain: XXXXXXXXXXXXX
Redacted-Address: redacted
Redacted-Address: redacted@
|—–*—–*—–*—–*—–*—–*—–*—–*—–*—–*—–*—–|
Hi. How are you? Cool website http://pcguard247.com/rnt/

Sent from my iPhone

*** END OF COPY *************************************************************

Kind regards,

Abuse Team

***

 

Greetings,

There seems to be some confusion as to how my email is accessed.  Right now all my email goes through Google.  Google grabs the email from 1&1.  I do NOT run any sort of email client as all my email access is done via the web/Gmail.  You are essentially blaming Google as being infected but are trying to blame my computer system.  Good luck with that.
Point 2:  Neither Microsoft Safety Scanner NOR MACScan will work on my LINUX operating system.  Thanks for the suggestion though.
“1&1 recommends Norton Internet Security”
This is very sad to see and you ONLY recommend it because Norton pays you to do so.  No real computer professional would ever trust his system to such bloated and insecure software.  OH, it too does NOT run on Linux.  For which I am eternally grateful.
What is totally ironic is that Google flagged YOUR email as spam.  Apparently you haven’t checked it against a spam checker.
 
I suspect that someone reported my email to abuse@ and you automatically sent this pre-generated email to me.  Despite the fact that email addresses can easily be faked, it is amazing how many people are unaware of this.
 
I would highly recommend you trace down exactly where this email is coming from.  Please feel free to forward me HEADERS
***********
Sadly my system seemed to have taking a random keystroke as I was typing up the email.  so my email kinda got cut off before I officially finished.  Oh well.

 

Advertisements

One Comment

  1. After this, I suddenly am no longer getting any ‘bad’ or ‘faked emails’. Hmm, I wonder why…..


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: