How to troubleshoot getting hundreds of post master emails
If you have noticed that you are receiving a large amount of emails from the post master (firstname.lastname@example.org), it could be due to a number of reasons but the two most likely are;
A third party has used your email address as a reply to address and the messages you are receiving are referred to as backscatter. These parties pretend to be you or “spoof” your email address to trick others into trusting the email that they send.
A third party has access to your BigPond mailbox login details and is using your mailbox to send spam. These are the type of emails that will trigger the spam alerts and which will result in your account being suspended unless you take action straight away.
It is this second scenario that we are most concerned with.
How do I know if my account is compromised or if it is just backscatter?
Within the post master email will be the header information of the email that was sent. You want to look for any indication that the email was authenticated which would indicate that your password has been compromised.
Towards the bottom you will see something like the example below. I have put the key lines in Bold. We can see from this information that it was sent from 103.225.x.x IP address, and authenticated using your BigPond mailbox. The presence of this information is a warning sign that your account has been compromised.
Received: from smtp.telstra.com ([10.10.24.4])
by nsstlfep08p-svc.bpe.nexus.telstra.com.au with ESMTP
for <email@example.com>; Wed, 22 Feb 2017 03:57:23 +1100
Received: from localhost (103.225.x.x) by smtp.telstra.com (9.0.019.11-1) (authenticated as firstname.lastname@example.org)
id 58208632134X5260 for email@example.com; Wed, 22 Feb 2017 03:57:23 +1100
Backscatter, where they are only using your mailbox as their reply to address, will not contain the lines showing that it was authenticated.
My email account has been compromised, what should I do?
The first thing that you should do is update your internet security on any device that is used to access your email account and perform a thorough scan. Once this has been done, you will need to log onto https://www.my.telstra.com.au/myaccount and personalise your password to something completely different to any that you have previously used.
Once your password has been changed, you will need to update the password stored in your email programs. If the mailbox is the primary mailbox for your internet account, you may also need to update your modem.
As an added precaution, you may wish to also change the password for any banking or social networking sites as these logins may have been acquired while your account was compromised.
As a courtesy, you can let your contacts know that your account had been compromised so that they can take the same precautions to protect themselves.
Why do you suspend compromised mailboxes?
If your email address has been identified as a source of ‘spam' emails (unsolicited emails sent from your email address) we will suspend your account if we believe that your account has been compromised.
We do this to protect you and the reputation of our servers. If other providers determine our mail servers to have a poor reputation, they may block all mail being sent from our servers which would include legitimate email. Stopping spam at the source is beneficial for everyone.
My Account has already been suspended, what do I need to do?
After you have updated and scanned your devices for possible virus activity, you will need to contact Tech Support on 133 933 or 1800 834 273 for services on NBN. Our consultants will be able to reactivate your account and provide you with a randomly generated password.
When you personalise your password, it is important that you do not set it to the same password that was previously used for this account. This will allow the spammer access to your account again and cause your account to be suspended again.
What steps can I take to prevent my account from being compromised?
The following steps are a guide to make sure that you minimise the opportunities for third parties can gain access to your account by figuring out your password.
Guard your password. Do not store passwords in easy to find locations, such as sticky notes. Do not select “remember password” when logging into your account unless it is on your personal computer. If you do log into someone else’s computer or internet café, remember to use the log out link and clear the browser cache/cookies before leaving.
Regularly change your passwords and don’t use the same password for each account.
Be aware of phishing emails. These emails are designed to trick the unsuspecting to enter their login details, credit card details. No legitimate service will ask you via email to enter in these details. If in doubt, log onto the main website for your bank or other service.
Make sure your internet security is up to date. Viruses, Trojan and malware can be used to gather details or send emails from your service.
Check the privacy levels on social networking sites such as Facebook. Limit who can view your information. This includes 3rd party apps such as games.
Don’t install free software from random sites. Make sure that any free software is from a reputable source.
What can I do to stop backscatter?
Unfortunately as a user, there is nothing to stop a third party from showing the emails as coming from your mailbox.