Odd, strange e-mail messages?

[jcarter]

About 2 months ago I started getting these strange emails, from addresses I have never heard of, they are never the same. But all of them have some sort of attachments, I delete them immediatly.  But they keep coming.


My ISP, adelphia.net has not a clue about them either, they helped me set up filters, but that only helped a little.
I do assume these are harmless, but I would guess the attachments have virus or bad stuff in them for PCs.  As most of them do say "Permanent fatal errors", whatever that means.

jcarter11 at adelphia.net is the address my cable ISP gave me, but I dont use it much.  Though I could use their webmail if I was away from home if I wanted to.

A lot of them say "This message was undeliverable due to something or other"

Do you have any idea what these are?  Or how to stop them?
They really dont bother me, except I have to hit delete about 15 times a day.
Thank you in advance,
Jane

[kbeartx]

JC -

You are correct - these are virus-generated msgs, designed to trick you into opening the Payload containing the virus [the .zip file attachment].

Someone who has your email address is using an infected Peasea.  

They can't do any harm to your Mac, even if you try to open the .zip, but they are annoying.

Depending on your email app, you might be able to write a filter or rule to send such msgs directly to the Trash w/o appearing in your inbox.

 - KB

[jcarter]

Hi KB,  Thank you for explaining.  Glad they are harmless to Mac.
I would be interesting to see how this happened, perhaps someone with an infected PC could be sending these out to lots of people?  
Gee, that would be nasty, as they have my address on them.  I sure wonder how this happened.  Do you think that these are being sent as if they are actually from me?  And wonder why they come back?
Very very odd, or is this somewhat common?
Jane

[D76]

Hi, JC

If you use Apple's Mail, and you want to see the email (without opening it), set up a rule such as this from Mail's Rules in the preferences:

Description: Fatal Error

If any of the following conditions are met:
Message Content     Contains      permanent fatal error

Perform the following actions:
Move Message      to mailbox   Trash (or Junk or somewhere else)

If you don't care to see the email, change "Perform the following actions" to Delete.

Permanent fatal error seems to be the only consistency in all the emails if the sender's address and the subject always change, so I used that. But I doubt you get any other mail with permanent fatal error in the message.

If you don't use Apple's Mail, the other mail apps can do the same with their filters.

[Mayo]

Would expanding the message headers allow JC to see the originating e-mail address so that she can alert the person?  Or does the virus mask that info?

Unfortunately, it is not uncommon for infected PCs to distribute these kinds of messages to folks in their address books.  A family friend's PC began doing this several years ago and we were inundated with e-mail messages with various attachments. But we were able to easily see where the e-mails originated and we alerted him to the problem.

It turned out that our friend had not one but two viruses infecting his home PC.

[jcarter]

Wow,  Thank you!  I will set these filters up just as soon as I can, probably will set them up in both Apple Mail and my ISP, Adelphia.
Yes, this is the only time Ive ever seen the permanent fatal error thing anywhere.
Some of the emails look like this,

Gibberish, eh?
I wonder if somebody with in infected PC had my email address in their book, and thats what is happening?
Thanks again for the help, I am curious of how these things happen.  Darn glad we have Macs!
Jane

[Mayo]

It is very possible that your address is in someone's address book using an infected PC.  That is why I suggested expanding the e-mail headers and seeing if you recognize an e-mail address.

When my friend's PC was infected he didn't have a clue until I alerted him about the problem.

To expand the e-mail headers in Apple Mail: Go to the View menu and select Message and then Long Headers.

[Klaus1]

Jane

Bounce those messages. You will get a message back saying that the sender does not exist, but you have alerted whomsoever about their existance and they will soon stop, as their ISP will be alerted.

'Bouncing', as you probably know, gives the recipient a message saying that your email address does not exist.

They are as described above, but will not harm a Mac user. Just don't open them.

[jcarter]

Hi Mayo,
Tried that and never recognized anything at all, nothing even close.
I would love to be able to track down how and where this all started!

Sent the expanded headers to my ISP but they still did not know anything. Finally I got another tech support guy on the phone who seemed to know more, he told me to set up the filters which I did.  But beyond that, they knew nothing?

Would Tacit know?  He seems to be good in tracking down stuff.

It is somewhat scary to know that they actually have my proper ISP mail? So this sort of goes beyond spam, now that it has gone on for months.
An infected PC, wow, that makes me think that I would never ever want one after this.
This is really interesting, I want to keep looking at this, and I thank you all for your input.
Its almost FUN to work on troubleshooting like this! Educational for someone like me, who has not been in the PC world much.
To be continued,,,,,,,,,
Jane

I must learn how to Bounce!  Sounds like a good idea.
Can you do this with Mac Mail, or have to use my ISP mail?
Jane

[Klaus1]

QUOTE(jcarter @ May 27 2006, 11:48 PM) <{POST_SNAPBACK}>

I must learn how to Bounce!  Sounds like a good idea.
Can you do this with Mac Mail, or have to use my ISP mail?
Jane

You have two choices:

1, A trampoline, and

2. Go to 'Message' in mail's menu and click on Bounce!

 

[Mayo]

If the headers on JC's mail are forged, then bouncing the messages won't accomplish anything. She would get better results using Spamcop to report the messages to the actual ISPs where the e-mail originates.

One thing to consider doing is to create a new e-mail account at Adelphia (which can probably be done online without having to call your ISP), and then sign-up for an e-mail forwarding service like Pobox.com.

For $20/year you can create up to three Pobox.com addresses and have mail forwarded from them to the new Adelphia account. (For example, you can create a personal e-mail adddress, a biz address and a "public" address for Web site registrations, etc.)  Pobox.com has excellent spam filters should you begin receiving any spam; I used the service for over five years before I began receiving spam that required filtering.

Don't use the Adelphia account to send any mail; it will be "secret." Create an Adelphia account name that will be very difficult for spammers to guess,like a password with letters, numerals, etc. Set up Mail to just check the Adelphia account and use your Pobox.com addresses to send mail.

Let your correspondents know about the change in your address and start off fresh.   You can sign-up online for a free thirty day trial at Pobox.com to see if it works for you.

[jcarter]

Actually, I dont use the Adelphia address to send anything anymore.
But I think this address is where all my mail comes into?
So if I change it, I might not get my mail, or some of it?
Yet I get most mail with janec3 at .mac and jane at jcarter.net
But I do think that these others that I use all the time could have been compromised, as Ive seen them once in a while in the Long Headers of this horrid stuff?
Tried bouncing before and it didnt make any difference at all.
This is really interesting!
Jane

[Mayo]

It sounds like you have e-mail accounts at two ISPs (assuming Adelphia is where your Web site is hosted) and unless you have the mail at .Mac forwarded to Adelphia, then it is likely that Mail is set-up to check for mail at Adelphia and .Mac. It would be simple to find out which accounts Mail is checking/sending and where you receive mail. (Mail will have settings for checking and sending via your e-mail accounts and the e-mail headers will indicate which account they were sent to...)

It is possible that both accounts are compromised.  If you place an open e-mail link on your Web page it is easy for spammers to automatically scan your Web site and add your e-mail address to their lists. While there are some methods for disguising an open e-mail link, it is much better to use a "form" when you want to be contacted through your Web site, preventing spammers from gaining access to your active e-mail accounts. E-mail accounts that are linked to a Web site should not be "generic," such as "administrator at jcarter.net." It should be possible to set-up your Web site e-mail account to refuse any mail that isn't addressed to specific addresses you have created.

It sounds to me that your e-mail set-up is a little complicated.  Have you considered simplifying it?

[jcarter]

Mayo, I think that you have the solution. My email comes into 3 accounts. And its always been just great until these things started coming in.  Mac mail grabs my mail from my cable ISP and also the site that is jcarter.net
And it is so easy for me, just click and my mail comes in fine, not really complicated.  Just one click.
If I could only figure out which they have compromised, then we could work on a solution.  
I do know my .mac mail has very little trouble, and the jane at jcarter.net is new.
But I do think that its the @adelphia.net that is the problem target.
As it seems to be the email address that all this crap comes to.
Oh, almost forgot, my original email address, jcarter at capecod.net is not compromised as far as I know.
It has been bought by Earthlink and they told me that this is not where these bad things are getting their entrance. It is the cable ISP, Adelphia.  Thats what they say anyway.
I cant decypher the long headers, to see what is the way these have gotten into my email system.
Im not at all techie enough, thats why I decided after several months of the DELETE everyday, that I would run this mess by you experts here.
I really cant give up the capecod.net and the .mac.com ones nor the .jcarter ones as they are the ones that my kids and family dont block. They block adelphia.net so its almost useless to me, cept it is webmail.
Gee, this gets complicated, just wish I could TRACK the original leak, so if perhaps if it comes in thru the ISP adelphia, I could change it to jcarter(whatever) at adelphia.net.
Whew, this is rather an interesting thing.  If it is what you say, some PC person who has my adelphia address in their infected address book, then the way to figure out who this is and help them dis-infect their PC or whatever they have to do, would be the end of this?  
Yes, this is really educational!  Its not perhaps worth me changing all my email, if all I have to do is hit delete 20 times a day. But its the way this got going in the first place that intrigues me.
Jane

[jcarter]

Oh, this is working, just set up the filters and have not gotten any more for a good while!
You all are wonderful!  This has been a pain for months, and I think youve solved it, get rid of Fatal Errors and whatever by the filter set up.

I dont think I have my email on any of my anemic websites, and would not know how to set up a form anyway, perhaps not needing it.
Oh, yes, I do have 'contact me' on the .mac ones.
Working on this!  Tis fun for me to learn, and this seems to have slowed the tide a lot.
Jane