Over the past couple of weeks, I have been getting bombarded with a bunch of “Undeliverable Mail” messages on one of my private email accounts. Sometimes, I would receive hundreds of them a day.
At first, it seemed to be a nuisance that could be eliminated by setting up a rule for received messages in my email client. The rule would detect one of several senders and/or subjects that were common to the messages and would summarily delete the message on the server – I would never see them again in my inbox. But, as it turned out, that was not the end of it. My mail server then started rejecting my outbound emails with a message indicating that I had exceeded my daily limit of 500 emails.
So. it was not as simple as I originally thought. The returned emails were a product of some phishing spammers spoofing my email address to send their crap through my server. I was only seeing the rejected emails that did not make it to the intended address.
I did some research on-line and found that I needed to change the password for the hacked email address. I also ran anti-virus scans on my computer to see if malware here was originating the spam. Norton AV advised me that it found nothing.
Since there was no malware, I assumed that my address book had not been compromised. The spams had to be originating from a source that knew my email password. How was that compromised? I have to assume that at some time during our recent trips to PRK (Kalifornistan), someone monitoring the unsecured wifi at the hotel where we were staying picked up on the username/password transactions for the email address. I do have a private wifi device which is secure, but the 3G service it provides is pretty slow, hence the use of the hotel wifi.
Since I changed the password for that email address, the problem has gone away. From now forward, I will not be using the hotel house wifi on future visits for anything other than browsing – no shopping, no banking, no emailing – period.