"Mail Delivery Failed" Spam

Question

Level 1

36 points

"Mail Delivery Failed" Spam

Hi,

Over the past few weeks I have received an increasing number of Spam emails. We all get the occasional rogue spam message and I have been luckier than most only getting a couple a week. However the number is now 20 to 30 a day! There are two common features with 90% of these emails.

1. They always start off with Mail delivery failed: returning message to sender. (Of course I had not sent the emails!).

2. Just about all come from one of two servers. Avasout 2 and Avasout 4

The remaining 10% do not come from those two servers (as far as I can tell) but include abusive replies (understandably), because supposedly I am sending out money claims and the like!! (Which I am not!)

So what have I done so far? I have used Rules in Mail Prefs and had emails containing "Mail delivery failed" routed to my Spam folder. This appears to work altho some seem to go to Junk instead. This is a bit of pain, particularly with Junk because you never know whether a valid email has ended up there, so there is the temptation to check just in case!

I presume someone has "stolen" my email identity. Do I assume that if I change my email address that will sort things out, albeit a bit of a draconian step?

Is there any other filter/firewall/whatever that I can put in place to prevent this happening in future?

Friends have said my "network is infected". If that is correct (and I am not sure what that means!). Can such an "infection" be removed?

Many thanks

Posted on Nov 10, 2016 3:39 AM

Reply

Answer 1

Best reply

tygb

Level 9

64,588 points

Nov 10, 2016 8:34 AM in response to crutchy

Hi ,

As , you have stated in the post that mail inbox rules have been set , but still some mails are undelivered .

There could be many factors : correct settings of mail box behavior , correct port settings or if you are using IMAP account it could be corrupted .

Also if you are concerned about securities of network and using air port express - open air port utility via spotlight - on the globe icon ( internet ) it should be X.A.B.1 and when you click on base station it should be X.A.B.2 and if more devices are attached the IP addresses will be shown .

Monitor the IP addresses if they are changing frequently .An old article is there to flush DNS cache poisoning .

Reset the DNS cache in OS X - Apple Support

In case if it is yes , hard reset your air port express , ISP modem and change the passwords of them and also for your web mail .

Generally , firewall should be turned on but some users set as - stealth mode , block all incoming connections .

Reply

Answer 2

crutchy Author

Level 1

36 points

Nov 10, 2016 8:48 AM in response to tygb

Hi,

Thanks so much for the help. A few clarifications. When I open Airport Utility and click on the Globe (Internet) I cannot see any X.A.B.1, only router/server addresses. I have a TC version 7.7.7 when I open the base station I can see a bunch of info but no X.A.B.2 either. Am I looking in the wrong place?

I have both POP and IMAP accounts. The spam is coming down to both. If they are both corrupted how do I correct that or is it up to my ISP? Incidentally my wife's account with a slightly different mail address than mine (same root as @abcd) but with her name beforehand, not mine, no problem at all, does not know what spam is!

I have not yet attempted to reset DNS cache nor review settings under S & P.

Many thanks

Reply

Answer 3

tygb

Level 9

64,588 points

Nov 11, 2016 4:19 AM in response to crutchy

Screen shots are attached , when you open airport utility via spotlight & click on globe icon , the last character should be always 1 .

And when you click on base station the last character must be 2 , 3 , 4 it depends upon how many gadgets are attached with your network . Means no fake IP addresses ( DNS servers ) must be shown . if ISP modem is attacked via internet the IP addresses changes frequently , I don't know what modem you are using and it all depends upon its inbuilt settings and it is wiser to do factory default reset for modem + air port express .

In some modems we have to select firewall & set as automatic and create a long tough password for it .

You can hold option key & double click on base station wireless clients will be shown for security reason verify the hardware addresses with your laptops , mobiles etc that are attached on the same network .

If , hardware addresses are different other than your devices attached on the same network it means some thing is phishy .

Regarding , mails ( For IMAP account ) are corrupted you can take back up of all data by going to user library ~/Library and take back up of all data on V3 folder for El - Capitan ( I have already posted a method previously in communities if you permit I can post the method in next post) .

And an article for phishing mail : Identifying fraudulent "phishing" email - Apple Support

Reply

Answer 4

crutchy Author

Level 1

36 points

Nov 11, 2016 4:37 AM in response to tygb

Hi again,

I thought I should update you! Last night the email situation changed. I noticed my spam folder had over a dozen emails in but my inbox had none. Out of interest I opened up my spam folder and noted half of them were valid emails. I moved these to my inbox and then low and behold they were downloaded again to my spam folder. Over the next half hour 567 emails were downloaded to my spam folder i.e. my entire inbox. That was enough for me so I contacted my ISP. His first comment was what email programme are you using and my first thought was here we go "Apple Mail is to blame". But no, he asked me to open up webmail. I rarely use this, maybe twice a year. Fortunately I remembered the password. There were1630 emails in the junk folder (no spam folder) and none in the inbox. Your earlier post appeared 17 times. The problem was acknowledged by my ISP and it has now been turned over to their network team because it is apparent the problem is almost certainly at their end. The other interesting thing is I have not had any "Mail Delivery Failed" returns for the last 24 hrs. (Hope I have not spoken to soon!)

Many thanks I will update you as things progress. I have not yet run the tests/checks you propose, I need to lay down with a cold flannel on my head!

Reply

Answer 5

crutchy Author

Level 1

36 points

Nov 18, 2016 6:34 AM in response to crutchy

Hi Again,

Well I did speak to soon because I began getting may be 100 or so spam emails which were redirected to my Spam folder. As my ISP does not appear to know what to do altho he has agreed there is a problem with Webmail and others are suffering also, I decided to change my email address, which I have now done on two computers and an iPad leaving an old MBP to receive emails directed to old address in case I have missed out some addressees.

Things are working well with new address (i.e. no spam!) but I have a minor problem. When I open up a new message page for sending an email the choice of my old address is still there (as well as my new one). How do I get rid of that old address? The old email account has gone completely together with all emails that were in it.

Many thanks

Reply