cancel
Showing results for 
Search instead for 
Did you mean: 

Multiple 'Mail delivery failed - returning message to sender' messages

maranello
Pro
Posts: 1,267
Thanks: 200
Fixes: 2
Registered: ‎11-01-2008

Multiple 'Mail delivery failed - returning message to sender' messages


Looking for some help here. The email account on which these messages appear is not my Plusnet account but my old Waitrose address. As Waitrose (Greenbee) is now supported by Plusnet I'm hoping someone can help.
All the messages appear to have been sent from my Waitrose account, but the headers also mention 'plus.net' (see below)
Quote
Date: Wed, 14 Dec 2011 5:42:12 +0200
From: Aidnil Rua <me@waitrose.com>
To: walterj2002@hotmail.com
Subject: sanative factors of VjaqrRa sSupEer Acctivve ppilils

Received: from avasout05.plus.net ([84.93.230.250]) by BAY0-MC2-F47.Bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900);
          Wed, 14 Dec 2011 02:42:58 -0800
Received: from xwopehp ([72.38.108.23])
          by avasout05 with smtp
          id 8yit1i0010WKGaG01yivz6; Wed, 14 Dec 2011 10:42:55 +0000
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.0 cv=MKHiabll c=1 sm=1 a=SIXU/fWJNXTRTtrGOsD8dw==:17
a=WCk6P726yfYA:10 a=2TMPdeBznOIA:10 a=kj9zAlcOel0A:10 a=MLpmLoAJAAAA:8
a=6WqKZjukRzsJt2dbiQQA:9 a=hb23aMjhs5588i7-16YA:7 a=CjuIK1q_8ugA:10
a=vqm88MMrvCMA:10 a=SIXU/fWJNXTRTtrGOsD8dw==:117
X-AUTH: me:2520
Date: Wed, 14 Dec 2011 5:42:12 +0200
From: Aidnil Rua <me@waitrose.com>
Organization: xwopehp
X-Priority: 3 (Normal)
Message-ID: <1367763902.20111214054212@waitrose.com>
To: walterj2002@hotmail.com
Subject: sanative factors of VjaqrRa sSupEer Acctivve ppilils
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
Return-Path: morganmiller@waitrose.com
X-OriginalArrivalTime: 14 Dec 2011 10:42:59.0070 (UTC) FILETIME=[2576E9E0:01CCBA4D]
bubyy VjaqrRa sSupEer Acctivve in the event of impoettence http://www.driver4u.co.il/modules/mod_wdbanners/www.php?image21.jpg
Best regards, Aidnil Rua hat


Not all the messages are as above, some have less detail. Any advice on what is causing these messages to appear, and how to stop them, would be appreciated
My other car isn't a Ferrari
9 REPLIES 9
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Multiple 'Mail delivery failed - returning message to sender' messages

Assuming the headers you've posted are from one of the failed delivery reports (can you provide a bit more context?), then it looks to be an email that's been sent from your Waitrose address to a Hotmail account using our outbound SMTP server.
The concerning part is this bit:
X-AUTH: me:2520

If my assumptions are correct then that means the email is being sent using SMTP authentication i.e. whoever is sending the emails knows or is inadvertently using your username and password!
Have you replied to or clicked on any suspect links in emails recently that ask you to confirm certain account credentials?
I would suggest you change your password regardless via the Waitrose Internet website. Remember when doing so that it's not just your email password you're changing. You'll need to log into your router too to update your password there (failure to do this will result in you losing connectivity the next time your disconnect/reconnect).

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

maranello
Pro
Posts: 1,267
Thanks: 200
Fixes: 2
Registered: ‎11-01-2008

Re: Multiple 'Mail delivery failed - returning message to sender' messages

Thanks Bob for your prompt response
I have now changed the password on the waitrose account. It is an old dial-up account which I do not use anymore, but have kept it active in case any old contacts use it to get in touch. I have no payment details with Waitrose as it was dial-up and I was charged via my phone bill. The dial-up modem has been disconnected from the phone socket ever since I got broadband with Plusnet. I don't recall any messages received recently which I could have inadvertently clicked throgh any links or attachments, the messages only started appearing last week.
The email header I sent was from a message headed  'Delivery Status Notification (Failure)', which had the most information in the header. The majority of messages are like this
Quote
X-CM-Score: 0.00
X-CNFS-Analysis: v=2.0 cv=IcoFqBWa c=1 sm=1 a=NMmDqc1tU1jo4BdNVmqGsg==:17
a=9PV1Zsmf1toA:10 a=2TMPdeBznOIA:10 a=kj9zAlcOel0A:10 a=kc6RIJjqAAAA:8
a=wbmjlns2uZRv4yF2VoEA:9 a=dq2FiA2CxYpWZ66TTC8A:7 a=CjuIK1q_8ugA:10
a=EROw04TpSGoA:10 a=g48o5l_XxhAA:10 a=NMmDqc1tU1jo4BdNVmqGsg==:117
X-AUTH: me:2520
Date: Wed, 14 Dec 2011 12:18:36 +0600
From: Naji Hokkanen <me@waitrose.com>
Organization: ulpxdc
X-Priority: 3 (Normal)
Message-ID: <247406346.20111214121836@waitrose.com>
To: VIPDepartment@mychoicelink.com
Subject: yourself confidence with VjaqrRa piills
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
VjaqrRa pProfeEssionNal - continue your sjeexual life
http://ventureworldtravel.com/templates/beez/test.php?mylove21.html
best regards, Naji Hokkanen
afford


My router password is associated with my Plusnet account, is this likely to be compromised or has it nothing to do with the emails?
Is the simplest approach to simply cancel my Waitrose account?. I am concerned that even if I do this whatever is sending out the emails will continue to bombard both valid and invalid email addresses.
My other car isn't a Ferrari
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Multiple 'Mail delivery failed - returning message to sender' messages

Quote from: maranello
My router password is associated with my Plusnet account, is this likely to be compromised or has it nothing to do with the emails?

I doubt it's anything to do with the emails.
Quote from: maranello
Is the simplest approach to simply cancel my Waitrose account?. I am concerned that even if I do this whatever is sending out the emails will continue to bombard both valid and invalid email addresses.

The clue is with the bit you've replaced with 'me'.
X-AUTH: me:2520

That will be the username that the sender is authenticating against. If it belongs to your Waitrose account then changing the password should have sufficed. Just see how it pans out...

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

maranello
Pro
Posts: 1,267
Thanks: 200
Fixes: 2
Registered: ‎11-01-2008

Re: Multiple 'Mail delivery failed - returning message to sender' messages

Thanks again Bob.
Is the password change going to have an immediate effect of will it take a day or so for the delivery failure messages to stop appearing?
My other car isn't a Ferrari
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Multiple 'Mail delivery failed - returning message to sender' messages

Should be more or less immediate.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

maranello
Pro
Posts: 1,267
Thanks: 200
Fixes: 2
Registered: ‎11-01-2008

Re: Multiple 'Mail delivery failed - returning message to sender' messages

Update on this issue.
No new 'return to sender' messages have appeared since changing my account password.
I was still concerned how the mail account may have been hacked, so performed a virus scan on both my desktop and netbook. AVG returned a clean result for the desktop, but found a trojan on the netbook. Netbook doesn't get used often and possibly its virus signatures don't get updated as often as they should. I haven't researched the trojan to find out if it is a likely culprit for the email hack or just a red herring. If I find out anything further I will update this thread for future reference in case anyone has a similar problem.
Thanks to Bob for the helpful advice, are other ISPs this friendly (I'm still waiting for a response to an email from Waitrose)?
My other car isn't a Ferrari
bobpullen
Community Gaffer
Community Gaffer
Posts: 16,869
Thanks: 4,950
Fixes: 315
Registered: ‎04-04-2007

Re: Multiple 'Mail delivery failed - returning message to sender' messages

Glad to hear it's sorted! Smiley
How did you contact Waitrose? If it was online via their Internet portal then it's probably one of the folk here that would deal with the enquiry anyway. If it was to their head-office or a non-Internet branch of their operations then it can take some time for the enquiry to find us and get responded to.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

maranello
Pro
Posts: 1,267
Thanks: 200
Fixes: 2
Registered: ‎11-01-2008

Re: Multiple 'Mail delivery failed - returning message to sender' messages


Email sent to customersupport@waitrose.co.uk on Wednesday (14/12) - no reply received as yet.
Another mail delivery failed message appeared in Inbox yesterday evening, but from headers it appears that the original message was sent on Tuesday 13th, before the password change.
My other car isn't a Ferrari
James
Grafter
Posts: 21,036
Thanks: 5
Registered: ‎04-04-2007

Re: Multiple 'Mail delivery failed - returning message to sender' messages

Hi Maranello,
It's Waitrose Head Office that pick up those emails and then send them on to our Complaints Team.
I haven't received your email yet, so I would suggest chasing up Head Office.