Spoof emails going to addresses deleted years ago

  lostinfrance 08:44 22 Sep 2015

My email address is sending out "spoof" emails which I am working on correcting but one thing I can't understand is that the spoof email is going out to addresses that we have not used in many years and were deleted from our address book a long time ago. Our email provider is 1and1 UK. Any thoughts would be welcome.

  spuds 10:17 22 Sep 2015

If this is happening, then obviously there is something clearly wrong.

Are your details held on the 1&1 servers or your 1&1 account dashboard. Perhaps a word with 1&1 first, might bring an answer to the issues you are having?.

  lostinfrance 10:25 22 Sep 2015

Thanks for the response spuds. Our address book held on the 1and1 server contains a different set of addresses to that on our Windows Mail contact list and it doesn't appear that is where the spoof email is finding its addresses. I will contact 1and1 but just wanted to be armed with any info/suggestions that others may have before doing so. It is almost as though the spoof email is able to read email addresses from emails sent years ago and since deleted??

  spuds 11:12 22 Sep 2015


It would be very interesting to hear what 1&1 might have to say on the issue, so please keep us informed.

Out of pure curiosity, I have just done a Google search into this subject, and some interesting facts have appeared. Here is one particular article click here

  spuds 11:17 22 Sep 2015

For some reason, the very long address link wouldn't let me finish what I wanted to say.

I was going to add, that I have a number of domains with 1&1, and have never had any problems with their service, so it would be interesting, if they know something, that perhaps their customers do not!.

  lostinfrance 12:26 22 Sep 2015

Thanks again spuds. Another interesting point is that we have two 1and1 email addresses and both are accessed using Windows Mail and share a common address book. However looking at some of the bounce backs we are receiving, the spoof emails seem to be going specifically to those addresses used by the email address that is being spoofed. I will post any response I get from 1and1.

  lostinfrance 07:34 23 Sep 2015

Contacted 1and1 and as expected they say it is nothing to do with them. The usual advice - change password (already done but spoof still happening) and scan computer (already done and no result). I guess there is very little else I can do other than change our email addresses.

  lostinfrance 07:40 25 Sep 2015

If anyone is still following this thread, here is the latest reply I got from 1and1. Are they seriously expecting their customers to understand such nonsense??

"We appreciate that you provide as the copy of the bounceback. As we have checked from our end, the reason for this message as far as we can tell is because the MX record(s) resolve to an alias. The domain name used as the value of a NS resource record, or part of the value of a MX resource record must not be an alias. Thus, our system cannot find an IP address for the MX record and it returns an error “no valid mail exchanger”. Please be informed that we have recently decided to strictly follow the RFC 2181 standard thus making our Mail servers RFC compliant. It may be that the other providers have not strictly implemented the mentioned RFC standard yet in which we no longer have control. We suggest to contact the email provider for the domain to verify if the MX records is pointing to a cname."

Definitely in the running for the Plain Speaking Awards!!

  spuds 08:37 25 Sep 2015

Basically what they seem to be telling you that its spam, with the problem of trying to verify where its coming from or even the email address of the culprit.

Perhaps to make it slightly clearer what RFC 2181 is all about, have a look at the following link, which I have just looked up. Haven't checked it out fully, but intend to follow it later, time permitting click here

  lostinfrance 10:43 25 Sep 2015

That's what I manage to interpret as well spuds but have asked them to translate it all into a language an average customer might be expected to understand. They are still not answering my question as to how the spoof emails are going to email addresses we deleted years ago. I checked another bounce back and there are quite a number of very old contacts on there.

  Ihgnelrob 05:38 03 Oct 2015

I'm having the same issues with my 1an1 uk email, so far they haven't been of any help. The spoofed emails seem to have been sent to all in my sent and received messages. I have now deleted all of these from the 1an1 webmail portal, but the mails are continuing... I'm considering changing away from 1an1, but I don't know if that will stop the spoofed emails...

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

EE 5G review: How fast is 5G in the UK?

How to Brand a Film Festival, Saul Bass style

How to install the iOS 13 beta on iPhone or iPad

Les meilleurs ├ętuis et housses pour Kindle (2019)