Protect yourself online
drjwj6432's profile

Contributor

 • 

1 Message

Friday, September 13th, 2013 2:01 PM

Hundreds of spam emails

Overnight, I got 370 emails in my spam folder stating that email was undeliverable.  All of them from "different people".  I haven't sent any email.  How do I stop this?

Accepted Solution

Official Solution

Employee

 • 

581 Messages

11 years ago

Hello drjwj6432.  Thanks for registering for the forums, however I am sorry for the troubles you have encountered.  It sounds like your account may have been hacked.

 

Please review My AT&T email account may have been hacked, phished, or compromised for steps to help you recover control of your account.  For future reference, I also want to include Ways you can avoid email spam to help you with understanding how to protect your personal information.

 

I sincerely hope this information is helpful to you!  Thanks so much for your post.  ~Delia

Tutor

 • 

4 Messages

9 years ago

f you're serious, and want the loneliest spam folders on the internet, you'll have to start over.

 

Read the following over a couple times and see if it makes sense:

 

99.99999% of the spam problem comes from "woodpeckers", spammers with automated programs who change their addresses, domains, and IP addresses so that traditional blockers and blacklists don't stop them.


The problem is not Bed, Bath, and Beyond selling our email addresses to so called partners 
such as Fishing Tackle, Sporting Goods, and Beyond. They obey the unsubscribe instruction.

The problem is the veritable roulette wheel of ever changing fake addresses that spammers 
toss out into cyberspace each day with the same old messages. Over and over again.

If we nail the woodpecker, we solve our problem.

Zero tolerance is the policy, and my spam folders are the loneliest on the internet...literally! 

Here's what I've been doing after starting over with fresh accounts:

I have 4 webmail accounts whose logins are managed by the LastPass password manager. They are Outlook webmail, GMail. and 2 AOL webmail accounts.

All have scrambled usernames that are little more than extensions of the webmail password; 
they're for log in purposes only and are never used to send mail. Usernames like Larry007 
and Mary2014 are not used. Rather, something like t9W4x?Bt@gmail.com is used to foil brute force attempts to crack the username and pair it off with all the best known webmail domains. 

All sent mail comes from various alias email addresses provided by Outlook webmail. Outlook's primary username is never used to send mail. And even the alias usernames are scrambled. However....it's obvious that our personal contacts are not going to like 
t9W4x?Bt@outlook.com, so we put our first name up front, plus one other word...and 
then scramble it to foil the dictionary attacker.

For example: Judy has a boyfriend named Jeff. She gives him an exclusive alias address 
like judyjefft9W4x?Bt@outlook.com. Should the address ever become compromised somehow, she sends him a new one to copy and paste into his Contact list, one that changes 
the second word and the random string, such as judyjeffreyx5t7%zJw@outlook.com. Jeff 
sees that jeff is now jeffrey and easily distinguishes the new from the old without having 
to examine the random string. He copies the new one to Contacts.

Alias addresses give us absolute veto power over any woodpecker that might get hold of the 
alias address. We simply delete it and issue a new one if necessary. This veto power is 
post-emptive or after the fact; but it is absolute.

The GMail/AOL trinity is different. It gives us pre-emptive veto power. It works like this:

GMail has mail fetchers that fetch mail from each of 2 AOL webmail accounts. Aol has 
the only blocker on the internet that is worth using. The Exclusive Blocker. The AOL 
accounts are used for initial registrations only. We don't send mail from them.

The Exclusive Blocker does not look for an address to reject; it looks for an address to accept. 
It accepts mail only from the AOL Contacts list. Another setting below the Blocker setting 
allows the choice of sending the blocked mail to the spam folder or blocking it at the 
server. This latter option keeps it out of AOL's spam folder, as well as out of AOL's inbox.

However, the Exclusive Blocker has one weakness. Spoofing.

If a spammer can guess any of our contacts and pretend to be that contact in the "From" 
field of his message, he will land right in our inbox. And all he has to assume is that the user 
pays his bills online. He then programs all of the billing addresses of every credit card 
company, every bank, every auto insurance company, every phone and utility company 
into his automated spam program and pairs it off with AOL.com, and he's in.

We can stop him by setting up the second AOL webmail and populating it only with trusted, 
but spoofable, contacts, such as our banks and the others mentioned above. We keep 
them separate from the AOL 1 webmail where there may be some possibility of someone 
there selling our scrambled AOL 1 email address. The AOL 2 contacts won't do that.

Now we set up mail 2 fetchers in GMail to fetch mail from the 2 AOL webmail accounts. With 
these fetchers we can direct the AOL 1 mail to the inbox folder and the AOL 2 monthly bills to 
a GMail folder we've created, such as "bills" or A-Monthly. Or we can fetch it all to GMail's 
inbox.

Note that the 2 AOL webmail accounts are little more filter/blockers. We spend most of our 
non-social time in GMail, whose scrambled username once again, is never used to send mail.

To see how it works, imagine a hypothetical user who plays the horses. He subscribes to 
various advisory newsletters who give him recommendations of horses to bet on at various 
tracks around the country. These newsletters cover a wide range of ethics, some respecting 
the user's privacy, some not.

He has 20 newsletters in AOL 1. One of them, abchotponies@yahoo.com sells his address 
to xyzevenhotterponies@yahoo.com. XYZ is a woodpecker. He has a roulette wheel of 
changing return addresses. He is also a spoofer. He has another roulette wheel of spoofed 
banks, auto insurance companies, etc.

He launches the first wheel and AOL 1's Exclusive Blocker scrutinizes the spammer's "address of the day" and finds no address in AOL 1 Contacts to match it. Next day, different fake address from the wheel, same result. The XYZ spammer is left in cyberspace.

Then he launches the second wheel with the banks, etc., and AOL 1's blocker again finds no address in AOL 1 Contacts to match the address submitted by the wheel that day. Or the next day. Or the next.  Again the spammer is left in cyberspace.

Why? Because the banks, etc are in AOL 2. XYZ needs 3 things to barge into this user's 
webmail. He needs the username, a user Contact address, and a webmail common
to both. He has AOL 1's username, AOL 2's Contact(s), but no common webmail. 
He can't get in. Unless he spoofs abchotponies, the one who sold him the AOL 1 username 
and address in te first place. He won't.

So....to summarize: the GMail AOL trinity is used for non-social daily and periodic business 
and gives us absolute, pre-emptive veto power over woodpecker spammers by way of 
scrambled usernames, AOL's Exclusive Blocker, and the bulletproofing of that blocker by 
separating ethics-challenged Contacts in AOL 1 from trustworthy, but spoofable, Contacts 
in AOL 2. The mail is gathered in one place by the 2 GMail fetchers.

Outlook aliases are used to send mail and they allow for receiving mail from people we don't 
know; old classmates trying to find us on facebook where we've posted an alias that can 
be deleted if necessary. All social mail, commerce, and anything potentially fishy is handled 
with aliases; indeed, all sending of any mail is from aliases. (Alias mail can also be fetched 
to GMail).

 

The trinity of Gmail and the two AOL accounts keeps us from spending too much time deleting and creating alias addresses in Outlook.  Our regular non-social business is covered by the Exclusive Blocker.  Our newer business and social business is covered by the aliases.

I'm going on 3 years now using this system. The difference is night and day! No aggravation, 
none of the stress that comes when someone has control over you. This approach doesn't 
"fight" spam, or "reduce" it. It keeps us under the radar, where the woodpecker spammer can't find us, and eliminates it!

Read this over a couple of times and adapt it to your situation. You may even be able to 
simplify it.

Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.