Help! I'm getting flooded with bounceback emails from a hacked or spoofed email address.

The Issue:


I am receiving dozens (possibly hundreds) of bounceback messages.

What is the cause of this?

Likely, your email address has been exploited and is being used to send spam, or your email address has been spoofed. This is resulting in these bouncebacks and may also result in the entire server landing on a blacklist.

If you email address is actually being used to send spam, it means a hacker has access to your email username and password, or a machine checking and sending messages for this email account has a virus or malware.

If your address has been spoofed, a spammer has forged (or spoofed) your email address as the FROM address on spam and you are the recipient of the bounce back messages. The important thing to know about this is that anyone can forge anyone else's email address. It's the digital version of forging a return address on an envelope. Your email account has not been compromised and these messages weren't sent from our server.

If you are unsure whether your address has actually been hacked or if it has simply been spoofed, we still advise you to go through the steps in section A below, and then contact us with one of your bounceback messages so we can look into that deeper for you.

What do I need to do?

A) If you believe your email address has been compromised, please follow the below steps in order:

1) Close all email applications on every computer with access to send or receive messages for this email account.

2) Change the password for this email account right now. You will be retiring the current password (as it may be being used by a hacker) in favor of an entirely unique password. Instructions for changing your email password can be found here.

3) You will need to a run a scan with no less than 2 anti-virus/anti-malware programs on every computer with access to send or receive messages for this email account. Please see the recommended titles below:

 

Mac: Sophos Anti-Virus Home Edition Mac
Mac: ClamXav

PC: Avira
PC: Bitdefender
PC: AVG

4) You will now want to start each email program that you closed in step 1. Be sure to update the password for the email address in question. Please ensure that you are both sending and receiving your email with SSL enabled. Instructions for doing this on Apple's Mail app can be found here.

NOTE: You may continue to receive bounceback emails for up to the next several days, depending on the volume of emails that left the servers. Treat these messages as you would any other spam.



B) If you believe your email is being spoofed.

Spam is intentionally meant to confuse you because spammers are con-artists at heart. If you believe your email account was not hacked, and is simply being spoofed, there isn't much you can do besides wait it out. unfortunately.

 

The most frequently asked question when this happens is: Can you do anything to stop it? The answer is no. Because the emails aren't being sent via our servers, we can't prevent them. The bounce backs will stop and the spammer will move on to forging someone else's email address. Adding spam filtration may block these bounce back messages, as the content of the messages will be what is typically considered spam.

 

The hows and whys of email spoofing are explained clearly and in detail in this article: http://www.windowsecurity.com/articles/Email-Spoofing.html (external link)

Did this answer your question? If not, please let us know what issues you're having in the MacHighway User Forums.

 

  • 28 Users Found This Useful
Was this answer helpful?

Related Articles

What is Greylisting?

Short Explanation: The greylists forces messages sent via a Windows server to validate the...

I'm getting bounce back messages from email I've never sent.

This has likely happened because a spammer has forged (or spoofed) your email address as the FROM...

7 simple things you can do reduce spam

Below we have tips and tools you can use to help reduce the amount of Spam you receive in...

My site is not showing the changes I uploaded

If your site is not displaying the recent content you uploaded to the server you may be looking...