Inoundated with message "message could not be delivered"... but I never sent it

SheriffG_Guirguis · January 25, 2012, 7:42pm

A friend of mine is hosting his site on a shared hosting.

All was good, until yesterday when he got maybe 200 emails saying:

“A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:…”

The problem is he never sent these emails!!

The return addresses are to addresses he never created like: mike@websiteName.com, charlie_bean@websiteName.com, etc. I substituted the real domain name with “websitename.com” to keep the website secret for now.

He never sent emails under these nonexistent email addresses.

I can only think of 3 possibilities, but It would appreciate your help in figuring exactly where the problem lies:

One is spamming a whole lot of people with a return address as name@websitename.com. And he’s constantly changing the first part of the return email address. He is using his own server, but use the return address to confuse people on who is sending the email address. Is that possible?
The hosting email server has been hacked.
Her computer has been hacked, although I doubt that. He said to me that he’s not able to send emails using outlook for some time. If his outlook was not configured properly, then a virus or a malware wouldn’t be able to send emails either.

How can I resolve that issue as these error messages are jamming his inbox.

Thanks

Doug_G · January 25, 2012, 7:58pm

If his outlook was not configured properly, then a virus or a malware wouldn’t be able to send emails either.
Don’t assume that. Most viruses do their own SMTP without needing anything from Outlook.

Running a thorough malware and virus scan on your friend’s computer would be the first thing I’d do.

SheriffG_Guirguis · January 25, 2012, 8:18pm

really?? Ok, let me do this on his computers.

Thanks

SheriffG_Guirguis · January 25, 2012, 8:40pm

ok, correction.

I assumed he was using outlook, or such a service, but he’s login in to the website and then emailing with webmail.

He’s also using his blackberry to send emails. But that’s it.

Any ideas?

SheriffG_Guirguis · January 25, 2012, 10:14pm

the hosting company says that it wasn’t sent through their email server. So whoever is doing this is using their servers.

So I guess all i have to do is set up a spam filter to filter these error messages. If anyone else knows anything else on how we can stop this, then please feel free to share.

EastCoast · January 25, 2012, 11:41pm

Ideally you’d want to set up SPF / [URL=“http://en.wikipedia.org/wiki/DomainKeys”]domainkeys to help protect against malicious spoofed emails.

TimIgoe · February 2, 2012, 1:23pm

SPF is only useful IF the recipients server supports it too - setting it up will reduce it partially.

I get a lot of bouncing emails in the same format - its spammers setting you as the returning email, annoying and theres not much that globally works currently .