Who Or What Is Sending Stuff From My Mailbox?

Had two 'undeliverable' notifications in the last 24 hours, both from the same domain but with different names. Both had attachments which I have not tried to open. I've had this now unused account nearly 20 years and this has never happened before, though the ISP in question has a poor security record and the account does get a lot of spam. Can anyone throw any light on the content?

 

tracert failed after just three hops so no joy there. These messages are telling me that something is sending from my account so I don't want them just disappearing into Junk, I want to know. What I would really like to know is what messages were sent successfully, but if there are any my Sent folder isn't recording them. I would simply close the account but the ISP doesn't provide the means to do so.

 

A new password should sort it.

 

Interesting point - the account is on every computer here and is an IMAP account. No way to identify which computer has been compromised or which would be safe to use.

 

I like that Tim - just hope it's right. Thanks.

 

Howdy forum, I'm Justin's dad Dan. I saw this post checking out his forums. The name that Tim found comes back to the Vietnamese Ministry of Defense. There are spiders that comb the web for old unused email accounts to take over. If this is an unused account I'd try to get it deleted. If not as suggested above change the password using a different computer and do it three times.

 

Hi Dan. As I said in #7 the account is an IMAP account so these undeliverable notices are not associated with any one computer. The two messages were received about 12 hours apart four days ago and nothing since so atm I'm inclined to think TimW may be right (#8). It isn't possible to delete the account as the ISP that issued it long since disappeared in subsequent mergers. It's quite possible though that I may be able to change the password on the server. Haven't tried yet as I want to see if it continues.

 

Yes, no response/activity is best....their bots will drop the account and move on, which it seems they may have already done so!

A password change (if possible) will also kill the motivation to re-exploit a dead end.

Smart kid you have there Dan!

 

It has been impossible for the last few days to login to this compromised account, either via a client or on the ISPs website. Not only that but a number of others using addresses at the same old domain have also found they cannot login - Incorrect Username or Password. Since all these addresses are quite old and have been running ok for years it's clearly not a coincidence. The staff there are investigating and say their system automatically disables compromised accounts. They say they will issue new usernames and passwords for affected accounts so this looks like my chance to close the account. I'm assuming it's their server that was cracked rather than any computer here but they aren't commenting on that.