Tell me more x
, there is a new speed test available. Give it a try, leave feedback!
dslreports logo
    All Forums Hot Topics Gallery
Search Topic:
share rss forum feed

I gave her time to steal my mind away
San Jose, CA
·Pacific Bell - SBC
reply to mmainprize

Re: DynDNS Hacked?

said by mmainprize:

That interesting, The only e-mails like those i get are in my Hotmail inbox (I get those in outlook, i don't use the web interface).
So did that e-mail you sent with a wild-card in the address work or was it rejected as invalid address.

I did not use a 'wildcard' in the send. TTBMK, the '*' is not a valid symbol for an SMTP transaction. Perhaps I sould just have used a line of dots? I just wanted to redact the complete user name to avoid some spammer scraping the email addresses. The two user names in the example share a common initial letter, but are otherwise different; as, 'xact', and, 'xtra'.

I do not know how they do it but i get e-mails with one or more addresses in the To: line but it is not my address listed. Like you stated it don't have to be there or was removed, and maybe it is a blind copy of some sort.

Indeed, it is. The spammer has suppressed the list of recipients. Yahoo! Mail, and I believe the German service GMX Mail include the actual RCPT email addresses; most others do not.

But SMTP is very "literal"; if an email is delivered to your mailbox, the SMTP "RCPT TO:" command included that mailbox email address.
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

+1 on that. I am getting spam on my dyndns@mailhell.[...].[...] Mail Alias. The domain has a catch-all defined, but I only get spam on aliases I used online, so we can be close to 100% sure there was a breach of some kind. I noticed this just today as the USPS Spam made it pass SpamAssassin into my Inbox, but there might be more spam in my Junkbox since a week (e.g. since the first report here).

On a second thought maybe an attacker used an exploit on home routers and got our dyndns passwords from there. Those could be used to get the emailaddress.
But I think that's rather improbable - there are more lucrative things one can do when messing arround with routers than selling the emailaddresses for a few cents.