multiple,identical email from a known sender

[dunnjt]

Recently my computer has been getting multiple copies of an email from a sender known to me whose email I actually do want to get.

I am using Outlook Express. About 2 weeks ago I set up a message rule to simply block all email from this sender. That of course, blocked everything from the sender so this was not a really acceptable solution to getting multiple copies (as many as 14 copies in one sending. I removed the message rule and multiple copies again began to come to my computer. (Didn't know or expect computer virus problems could affect my relationships.)

I am certain that the known sender is not actually sending the email herself to me, because I get email from her when she is not even home, not on, or even near her computer.
My conclusion is that some one has a computer who has my email address in their address book and am being sent this multiple copy stuff by a computer virus/worm or some such.

My ISP scans for virus infections, I use Mcaffee, Spybot and Adaware. None of these multiple copies cause a virus or any other alert so I assume that the multiple copies are not themselves, infected. ( I could be making a very wrong assumption here. These files might be slipping under my protection radar and could be infected themselves, couldn't they?)

My question is this. Can I do anything to determine what machine might be sending this mess my way? Can I do anything to block just multiple copies from this sender and let her other email come on through? Does this sound like a known, familiar virus acion.

Any suggestions are welcome and very much appreciated.
Thank you, Have a great Sunday
Jerry

 

[jbrackett]

Jerry,

Can you give us a little more to go on? For instance, do most of the messages have the same subjects, and if so, what are the subject lines? Do they have the same message body, and again if so, what are they?

Fro what you've said so far, I would tend to agree with your diagnosis of the problem. Assuming that your virus definitions and scan engine are up to date, and combining that with your statement that you are not getting any kind of notification of infected messages, I would guess that the messages are likely passing through someone's protected exchange server along the way, and are being stripped of their payloads before they reach your pc.

As far as tracing the messages back to their origins, I think that would be extremely difficult. As you said before, it is now common for viruses, worms, and trojans to spoof their origins, and send themselves via internally coded smtp engines, so that even the person infected quite often isn't aware of it until proliferation gets so bad as to negatively affect their pc operations.

However, you MIGHT be able to sort through the full message header to find a common origin point for the spoofed messages. Below is a sample from Monster Technology. I will edit for privacy, but there's enough for you to get an idea of what you're looking for...

Received: from mailman1.ma.tmpw.net [63.112.170.12] by npointsrv.XXXXXXX.net
(SMTPD32-8.12) id A82editBA; Wed, 14 Jul 2004 07:50:23 -0700
Received: (qmail 24147 invoked from network); 14 Jul 2004 08:50:59 -0000
Received: from campaiedit.ma.monster.com (10.50.xxx.xxx)
by mailman1-q1.ma.tmpw.net with SMTP; 14 Jul 2004 08:50:59 -0000
Received: from mail pickup service by campaiedit.ma.monster.com with Microsoft SMTPSVC;
Wed, 14 Jul 2004 03:50:59 -0500
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/html
MIME-Version: 1.0
X-Sender: cm.newsletteredit.monster.com
X-Mailer: MIME::Lite 2.111 (B2.12)
Date: Wed, 14 Jul 2004 08:50:58 UT
From: "Monster Technology" <monster_newsletter@route.monster.com>
To: jbrackett@edit.net
Subject: Monster Technology News, 7/14/2004
Message-ID: <edit.monster.com>
X-OriginalArrivalTime: 14 Jul 2004 08:50:59.0182 (UTC) FILETIME=[AF0CA0E0:01C4697F]
X-IMAIL-SPAM-HTML-FEATURES: (482e07f500ba0a2d, Nested Table, Hyperlink, Image Tag)
X-RCPT-TO: <jbrackett@edit.net>
Status: U
X-UIDL: 3edit5

Look for this header information and compare the suspect emails with the legitimate ones. Perhaps you will be able to find a difference that will allow you to sort them out. At that point, you'll have to determine if the differences are enough to allow you to set up a rule to keep the crap out and allow the legit emails in.

Good luck.

"The Crystal Wind is the storm, and the storm is data, and the data is life. You have been slaves, denied the storm, denied the freedom of your data. That is now ended; the whirlwind is upon you . . . . . . Whether you like it or not."

"Trent the Uncatchable" in The Long Run by Daniel Keys Moran

 

[dunnjt]

JBRACKETT- Thank you for responding to my question abou tmultiple emails.

As I pointed out in my post, the email is actually identical copies, same subject, same sender. For example I might get 15 identical copies of an email from the known sender, say from Jane Doe all with a subject like maybe "when not to take your picture". The email seems to be legitimate and not infected but I don't need so many copies of it. I can not comment on the body of the message since I have never opened any of these multiple copies. I just delete them. I assujme that the body is the same in all these identical emails.
I make sure that my virus,addaware,spybot programs are as up to date as possible and religiously run these programs 2 -3 times a week.
Any other suggestions? Thanks for your help,
Jerry

 

[jbrackett]

Sorry, I misunderstood.

Have you spoken with the person listed in the "From" field to confirm that she has sent the original message? Assuming that you have, and that she did, (otherwise we're back to virally originated messages) then check to see if she has any other people complaining of receiving multiples from her. If so, the problem may be with an errant setting in her Outlook client, her provider and/or mail server. If not, then quite honestly, I'm at a loss as to what is causing it.

And I'm afraid I'm not any help with any idea on how to use Outlook rules to block all but the first message, either. I've looked through every variation I can think of and can't think of a way to let one through while blocking repeats.

All in all, I suppose I'm wasting your time here. Sorry.

"The Crystal Wind is the storm, and the storm is data, and the data is life. You have been slaves, denied the storm, denied the freedom of your data. That is now ended; the whirlwind is upon you . . . . . . Whether you like it or not."

"Trent the Uncatchable" in The Long Run by Daniel Keys Moran

 

[2ffat]

Does the subject change every day? You can setup Outlook to delete all emails with the same subject but if they change daily, then it would be more difficult.

Just what is the subject(s)? That could help ID the virus if that is what it is.

James P. Cottingham
[sup]
There's no place like 127.0.0.1.
There's no place like 127.0.0.1.
[/sup]

 

[jbrackett]

2ffat,

From what I understand, dunnjt wants to let in ONE copy of the message, and block out the repeats. That's the tricky bit.



"The Crystal Wind is the storm, and the storm is data, and the data is life. You have been slaves, denied the storm, denied the freedom of your data. That is now ended; the whirlwind is upon you . . . . . . Whether you like it or not."

"Trent the Uncatchable" in The Long Run by Daniel Keys Moran

 

[2ffat]

I see says the blind man as he picks up his hammer and saw..." My mistake, still it would be helpful to know the subject(s) since I beleive it may be a virus on another machine. Possibly someone who has both their email address on the infect machine.


James P. Cottingham
[sup]
There's no place like 127.0.0.1.
There's no place like 127.0.0.1.
[/sup]

 

[dunnjt]

Good Morning - Jbrackett and 2ffat, Thank you for responding to my "multiple emails post". Please do not feel as if you are wasting my time. I sometimes feel as if I am wasting the time of the folks on this board. But, I learn so much along the way while solving problems such as this one. Your help is very much appreciated.

I have asked and have been told by the known sender that she has never sent the original copy when my computer gets multiple copies of an email from her computer. This frequently happens when she is not home and thus not even near her computer.

The subject lines are not conspicuously or suspiciously a "viral subject" like "Jesus loves you" or "Ebay verification needed" or "PayPal needs information" and the like. The email content is usually just the same kind of familiar humorous email that we all send back and forth to each other. The subject lines might be "when not to have your picture taken", "Abott and Costello buy a computer". The subject lines are the Usual, Standard subject lines referring to the email content that we all use for humorous emails.

Hope I have answered your questions !
Thank you again for your help,
Jerry

 

[2ffat]

I have asked and have been told by the known sender that she has never sent the original copy..." Since the emails are not coming from the known person, I would be very suspicious of these emails. Is it possible that any attachments are being stripped by your ISP?



James P. Cottingham
[sup]
There's no place like 127.0.0.1.
There's no place like 127.0.0.1.
[/sup]

 

[dunnjt]

2FFat- So far, Every instance of a multiple email also has an attachment like a humorous picture, humorous story, etc. So it looks as if my ISP is not stripping away any attachments. I would also assume that if an attachemnt were stripped or quarantined, the ISP would send an alert or report of this fact. But there have been no such alerts or reports. I can get up to 17 multiple, identical copies of an email message and they each have an attachment and none of them are triggering any of my malware protection.
The only way to prevent these multiple copies is by blocking ALL email from that particular sender. I don't want to block ALL the mail from this sender so I may, if I want to get email from her, just learn to live with this little annoyance. But, it certainly makes me curious to know how/what is going on.
Thanks for helping,
Jerry

 

[ecobb]

Every instance of a multiple email also has an attachment like a humorous picture, humorous story, etc.

Could it be that the sender has signed you up for some type of "joke of the day" email and all of the emails look like they're coming from her?

I had someone do that crap to me one time. They signed up for some type of stupid daily emailing service and listed my email address as someone that might be interested...I got junk mail from there for months that looked like it was coming from my friend's email address!!



Hope This Helps!

Ecobb

&quot;My work is a game, a very serious game.&quot; - M.C. Escher

 

[dunnjt]

Ecobb- It is certainly a possibility but not at all probable. This is now how this lady would act. It is not something she would be doing. Possible but highly improbable. Assume, However that I had been signed up somewhere as a prank, I don't think that the emals would be multiples but rather a single email like a "joke of the day" type thing. Thanks for the suggestion though. Anything is popssible!
Jerry