Tech Support Guy banner
Cancel
Create thread New Forums
Status
Not open for further replies.

Solved: Email sent from my email that I didn't send

Jump to Latest
4.9K views 10 replies 4 participants last post by  Razman1983  
R
#1 ·
So weird thing just happened. I got 8 emails in a row which were along the lines of 'mailer-daemon return address' or 'out of office' replies meaning I sent emails, but the thing is I didn't. I then went to my sent email folder and no new sent emails show up except for the ones I did send over 3 days ago. This is a gmx.com email address. I then got a new email along with those other 8 from my gmx email to my gmx email but it was listed as being sent on april 8 so it was kind of lower on the page due to read emails being ahead of it. I have absolutely no contacts saved on that account so after looking through the bounced back emails I realized it may have sent emails to everyone I sent an email to since creating the account (a year ago). I even got one on my other email address from myself which I had once sent an email to. The email message is just an url that leads to some chinese website --> url here: sizenha.com/eitw9v.php I apologize in advance if I shouldn't have pasted that url. I use bit defender total internet security 2013 so I don't think I have any malware or spyware. I haven't clicked on any odd links or anything lately so I don't know what would have caused this. I ran malware bytes and super anti spyware to be sure and super anti spyware found a bunch of cookies which it said weren't really threats but it may track some stuff I do so I got rid of it anyway. I don't think that had anything to do with it. Just curious as to what happened and why if anyone has experience with this. Was it something on GMX's side? I also have my gmx email on my phone so I removed it from there in case. I also ran an anti-spyware and malware on my phone to be sure. It's pretty embarrassing because some of those emails I sent from that account were business related and a ton of others for job opportunities so now they'll be getting some random url in an email. Anyway thought I'd post here to see if anyone knows what's going on. Thanks!

Edit:

I'm attaching the header of one of the emails. Notice how it also says april 8. I removed my name and email address. Looking at my sent emails the last time I sent an email to anything related to craigslist was back on December 27, 2012.

message undeliverable01:40 AMLess info"craigslist remailer daemon" <remailer_daemon@craigslist.org>

---- The original headers appear below this line ----
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21])
by craigslist.org (Haraka/1.3.3) with ESMTP id A84C2658-7E14-4DAA-8BB6-D45E2F471C26.1
(envelope-from <myemailremoved@gmx.com>);
Sat, 04 May 2013 22:40:42 -0700
Received: from localhost ([108.243.233.142]) by mail.gmx.com (mrgmx101) with
ESMTPSA (Nemesis) id 0M2ojS-1UGW1J3akg-00saoA for
<bqjxv-3497086331@craigslist.org>; Sun, 05 May 2013 07:40:40 +0200
Date: Mon, 8 Apr 2013 05:37:55 +0100
From: "My Name Removed" <myemailremoved@gmx.com>
To: <bqjxv-3497086331@craigslist.org>
Subject: FW:
Content-Type: text/plain;
Message-ID: <0MUUWN-1UzREJ1xIZ-00RGoV@mail.gmx.com>
X-Provags-ID: V03:K0:fDIZxQDA4O4uAw5nG5fLptrl2o+pjCXjyx4zeHWZGhKhIjOUEnC
Uw8dKvCoOvpHQ8q1sgiIrDtQ/q+6N79LSaD4UZvDgWi+b2zjYmI0Kp8742JbnzzUO1XIJgU
iNLuxWod1AKexyDgTb3yKuAwQy/uGp+TJU59AGrvkS9wZq8hLpdtiV2KQT+Om9WTKe+f0vG
waUvqSBYNe6t75A23XXvw==
X-CL-ID: A84C2658-7E14-4DAA-8BB6-D45E2F471C26.1
 
R
#3 ·
Well I assumed someone spoofed my email since the local host points to someone in tulsa oklahoma on at&t, but what I'm curious about is how this person (or bot?) was able to send it specifically only to people I had once sent an email to using that particular email address? And it wasn't people on my contacts list, just people I once sent an email to since opening the account. Wouldn't that mean someone got access to my account or something? I changed my password in case, but I just don't get it.
 
G
#4 ·
Hi Razman1983,
i have known exactly the same thing with my orange.fr mailbox (more than 10 years old mailbox).
attack happened last end of april 2013, all senders of my old mails are scanned... and same mail with sizenha.com/eitw9v.php url send from US by :
X-ME-IP: 166.181.66.206
X-ME-Entity: ofr
Message-ID: <bea197ef9fa051039bcb84ae14722cd6@mwinf5d31.me-wanadoo.net>
Date: Tue, 2 Apr 2013 22:14:45 +0100

For me, I think i had used an old web navigator where i accept to save my password to access my webmail orange. maybe the password was hacked...and after a bot maybe used imap access???
what do you think about?
Regards
Gilles
 
R
#5 ·
This could very well be the situation. I have a bad habit of allowing my web browsers to remember my password because well..it's just convenient. I can't remember what exactly I was doing around the time it happened except that I was logging into facebook and maybe replying on some hockey forums. It very well could have been that I saved my password on a particular forum where it somehow got access to it. I should start using decoy passwords for stupid things like that.
 
R
#7 ·
No Couriant that's the thing! As soon as I got all the bounce back emails and stuff I logged in and clicked on sent to see what was going on and there were no new sent emails whatsoever since the last one I had actually sent a few days prior. I changed my password and as far as I know it seems to be ok now. It only sent it once to everyone I had once sent it to. For safety reasons I ended up deleting all my sent emails in case it would somehow access it again to send more stuff. I tested it out by sending a few emails to myself on other emails and they are not getting the spam email so it seems to be fine now. I just don't get how it did it the first time.
 
#10 ·
Razman1983 said:
Right, but a spoof is not capable of sending emails to ONLY people you've once sent an email to. It sends it to just random people. This is what I'm curious about.
Click to expand...
Well in that case you may have gotten one yourself and then sent one to your contacts. How do you check for your emails?
 
R
#11 ·
Couriant said:
Well in that case you may have gotten one yourself and then sent one to your contacts. How do you check for your emails?
Click to expand...
I use firefox or my phone using the mail app. I have since removed it from my phone as an account so I only use firefox now. I never got one, it just randomly started sending emails out with my email but particularly only to people I had once sent an email to.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Guy
posts
9.9M
members
873K
Since
1998
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking