my x10 email hacked, evidently

Status
Not open for further replies.

floaters

New Member
Messages
22
Reaction score
0
Points
1
Today I found in my in-box, some 1000 emails undeliverable "sent by me" from my x10 email address. Evidently, this is the kind of security i can expect from x10 hosting. My site doesn't get much traffic, but imagine trying to do business with this kind of account. As it is, this only makes my domain look untrustworthy, to say the least.
 

caftpx10

Well-Known Member
Messages
1,534
Reaction score
114
Points
63
Do you use software like WordPress for your site by any chance?
 

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
Are you sure the emails are actually being sent from your service? It's not exactly hard to "spoof" the origin of an email by setting a false From flag, which looks to be what happened when I'm reading some of the bogus emails you're referring to. In particular, one email has this:

Mon 2017-05-22 11:58:05: [5749:40] <-- 421 4.7.0 [TSS04] Messages from 108.248.227.100 temporarily deferred due to user complaints

108.248.227.100 is not an x10hosting IP address, and instead traces to a website which shows up in the email headers several times (not yours, but one hosted elsewhere). Another email has a separate IP address from another hosting company, with the exact same error (temporarily deferred due to user complaints).


The main issue you'll run into here is that we have no control over emails not being sent from x10hosting; these emails do look to be spoofed-header emails, which is also why you're getting bounce-back notifications as the recipient email provider (which in this case looks to be Yahoo for most of them) is sending you the notice because you were listed as the From address.

To the best of my knowledge, these rejections will cause no actual problems other than the bouncebacks - the email provider themselves would block the actual sending mail server because of the ease of spoofing a From address. This matches what we're seeing in the errors in those bouncebacks as well - the sending server IP addresses were deferred due to complaints, but not your email address.

The most you'll be able to do in this case is to go through the bouncebacks and contact each Abuse team for the original sending server; the issue here is many less legitimate hosts won't actually act on it at all, so it may be a lost cause. The other option is to ignore them and see if they stop coming - the spammers that like to do this cycle email-addresses more often than underwear, so there's a good chance they've already moved on to spoofing others in an attempt to get through spam filters.
 

basewars

New Member
Messages
10
Reaction score
0
Points
1
Are you sure the emails are actually being sent from your service? It's not exactly hard to "spoof" the origin of an email by setting a false From flag, which looks to be what happened when I'm reading some of the bogus emails you're referring to. In particular, one email has this:



108.248.227.100 is not an x10hosting IP address, and instead traces to a website which shows up in the email headers several times (not yours, but one hosted elsewhere). Another email has a separate IP address from another hosting company, with the exact same error (temporarily deferred due to user complaints).


The main issue you'll run into here is that we have no control over emails not being sent from x10hosting; these emails do look to be spoofed-header emails, which is also why you're getting bounce-back notifications as the recipient email provider (which in this case looks to be Yahoo for most of them) is sending you the notice because you were listed as the From address.

To the best of my knowledge, these rejections will cause no actual problems other than the bouncebacks - the email provider themselves would block the actual sending mail server because of the ease of spoofing a From address. This matches what we're seeing in the errors in those bouncebacks as well - the sending server IP addresses were deferred due to complaints, but not your email address.

The most you'll be able to do in this case is to go through the bouncebacks and contact each Abuse team for the original sending server; the issue here is many less legitimate hosts won't actually act on it at all, so it may be a lost cause. The other option is to ignore them and see if they stop coming - the spammers that like to do this cycle email-addresses more often than underwear, so there's a good chance they've already moved on to spoofing others in an attempt to get through spam filters.

Hi, can you please start a direct message/conversation with me please? Many thanks.
 

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
Closing this as that's not related to the original topic; it's not in good form to hijack someone else's thread.
 
Status
Not open for further replies.
Top