Email hijacked?

Today, Sunday at 16:00 GMT I received a dozed failed delivery notifications in my inbox. I haven't been using my email. I host a couple of websites with Zyma.com and use EMAP email and Thunderbird. My desktop is secured with AVG and Malwarebytes running all the time and spot scans by other software when I feel the need. Always clean.

I wonder if my host email has been hacked? Here is the start of the returned notification.....

This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

See this site explaining what is going on:

Domain has exceeded the max defers and failures per hour (5/5 (100%)) allowed. Message discarded. | HostingXtreme

Yes thanks I understood the reason, what I don't understand is why! I have not sent out lots of emails - ever. So someone is using me to spam??? If so how to stop it. Is it my end or the host?

I have had this type of thing in the past, it might not be that your account has been hacked, check your deleted/sent items see if anything strange is there, I would also recommend changing password just to be sure

When you set up an email account you have the option of specifying your email address (doesn't have to be your actual email address for the account)
so for example I could have my email sent out from mine, but have it look like it has come from joebloggs@spamme.com (made up address so not sure if this is allowed to be posted), these spammers seem to get valid email addresses and then use this as the email for their account (you don't need access to the account to pretend to be it), so anything I send would show as coming from that account and any replies would go to it, I would never see them as my correct email is not shown

Unfortunately there is no way of stopping this, the best you can do is have a look at the mail headers and see if you can work out what domain it has come from and report it to them

Can you post the full mail headers (taking out anything that relates to your email address)

Header:


From - Sun Jul 27 17:01:40 2014 X-Account-Key: account1 X-UIDL: UID3160-1400167536 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-path: <> Envelope-to: xxx@briansphotoblog.com Delivery-date: Sun, 27 Jul 2014 16:53:38 +0100 Received: from mailnull by scorpion.zyma.com with local (Exim 4.82) id 1XBQlW-0039ir-47 for xxx@briansphotoblog.com; Sun, 27 Jul 2014 16:53:38 +0100 X-Failed-Recipients: assistant@responsecenters.org, fara-dix@hotmail.fr, loveuse42115@live.com, lassad124@hotmail.com, othmanemarzougui@yahoo.fr Auto-Submitted: auto-replied From: Mail Delivery System <Mailer-Daemon@scorpion.zyma.com> To: xxx@briansphotoblog.com Subject: Mail delivery failed: returning message to sender Message-Id: <E1XBQlW-0039ir-47@scorpion.zyma.com> Date: Sun, 27 Jul 2014 16:53:38 +0100 This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: assistant@responsecenters.org Domain briansphotoblog.com has exceeded the max defers and failures per hour (5/5 (100%)) allowed. Message discarded. fara-dix@hotmail.fr Domain briansphotoblog.com has exceeded the max defers and failures per hour (5/5 (100%)) allowed. Message discarded. loveuse42115@live.com Domain briansphotoblog.com has exceeded the max defers and failures per hour (5/5 (100%)) allowed. Message discarded. lassad124@hotmail.com Domain briansphotoblog.com has exceeded the max defers and failures per hour (5/5 (100%)) allowed. Message discarded. othmanemarzougui@yahoo.fr Domain briansphotoblog.com has exceeded the max defers and failures per hour (5/5 (100%)) allowed. Message discarded. ------ This is a copy of the message, including all the headers. ------ Return-path: <brian@briansphotoblog.com> Received: from [37.214.237.86] (port=29299 helo=briansphotoblog.com) by scorpion.zyma.com with esmtpa (Exim 4.82) (envelope-from <xxx@briansphotoblog.com>) id 1XBQlV-0039ZY-Ca; Sun, 27 Jul 2014 16:53:38 +0100 Message-ID: <86716e5c87f5$99f28383$5e70d6aa$@hotmail.com> From: lassad <lassad124@hotmail.com> To: <assistant@responsecenters.org>, <fara-dix@hotmail.fr>, <loveuse42115@live.com>, "MARZOUGUI OTHMANE"
<lassad124@hotmail.com>, "miss misss" <othmanemarzougui@yahoo.fr> Subject: Date: Sat, 27 Jul 2014 04:53:38 +0000 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_26F9_C9C9F16E.2C3DA2CA" X-Priority: 3 X-MSMail-Priority: Normal Importance: Normal X-Mailer: Microsoft Windows Live Mail 16.4.3522.110 X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3522.110 X-Antivirus: avast! (VPS 140727-0, 27.07.2014), Outbound message X-Antivirus-Status: Clean This is a multi-part message in MIME format. ------=_NextPart_000_26F9_C9C9F16E.2C3DA2CA Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable https://www.google.com/url?pl n0Iqp9N6-q4EgwH&q8%74tp%3a%2f%2Fl1%2egs%2Fet= JsdaN&sa=C3=90usg=C2=AFQjCNEjpg_wHR9779MXCbG9IOY6LqTSmQ --- =D0=AD=D1=82=D0=BE =D1=81=D0=BE=D0=BE=D0=B1=D1=89=D0=B5=D0=BD=D0=B8=D0=B5 = =D1=81=D0=B2=D0=BE=D0=B1=D0=BE=D0=B4=D0=BD=D0=BE =D0=BE=D1=82 =D0=B2=D0=B8= =D1=80=D1=83=D1=81=D0=BE=D0=B2 =D0=B8 =D0=B2=D1=80=D0=B5=D0=B4=D0=BE=D0=BD= =D0=BE=D1=81=D0=BD=D0=BE=D0=B3=D0=BE =D0=9F=D0=9E =D0=B1=D0=BB=D0=B0=D0=B3= =D0=BE=D0=B4=D0=B0=D1=80=D1=8F =D0=B7=D0=B0=D1=89=D0=B8=D1=82=D0=B5 =D0=BE= =D1=82 =D0=B2=D0=B8=D1=80=D1=83=D1=81=D0=BE=D0=B2 avast! AVAST 2014 | Download Free Antivirus Software for Virus Protection ------=_NextPart_000_26F9_C9C9F16E.2C3DA2CA Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <HTML><HEAD></HEAD> <BODY dir=3Dltr> <DIV dir=3Dltr> <DIV style=3D"FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000"> <DIV><A href=3D"https://www.google.com/url?pl n0Iqp9N6-q4EgwH&q8%74tp%3a%2= f%2Fl1%2egs%2FetJsdaN&sa=C3=90usg=C2=AFQjCNEjpg_wHR9779MXCbG9IOY6LqTSmQ">ht= tps://www.google.com/url?pl n0Iqp9N6-q4EgwH&q8%74tp%3a%2f%2Fl1%2egs%2FetJs= daN&sa=C3=90usg=C2=AFQjCNEjpg_wHR9779MXCbG9IOY6LqTSmQ</A></DIV></DIV></DIV>= <br /><br /> <hr style=3D'border:none; color:#909090; background-color:#B0B0B0; height: = 1px; width: 99%;' /> <table style=3D'border-collapse:collapse;border:none;'> <tr> <td style=3D'border:none;padding:0px 15px 0px 8px'> <a href=3D"http://www.avast.com/"> <img border=3D0 src=3D"http://static.avast.com/emails/avast-mail-stamp.= png" /> </a> </td> <td> <p style=3D'color:#3d4d5a; font-family:"Calibri","Verdana","Arial","Helv= etica"; font-size:12pt;'> =D0=AD=D1=82=D0=BE =D1=81=D0=BE=D0=BE=D0=B1=D1=89=D0=B5=D0=BD=D0=B8=D0= =B5 =D1=81=D0=B2=D0=BE=D0=B1=D0=BE=D0=B4=D0=BD=D0=BE =D0=BE=D1=82 =D0=B2=D0= =B8=D1=80=D1=83=D1=81=D0=BE=D0=B2 =D0=B8 =D0=B2=D1=80=D0=B5=D0=B4=D0=BE=D0= =BD=D0=BE=D1=81=D0=BD=D0=BE=D0=B3=D0=BE =D0=9F=D0=9E =D0=B1=D0=BB=D0=B0=D0= =B3=D0=BE=D0=B4=D0=B0=D1=80=D1=8F <a href=3D"http://www.avast.com/">avast! = Antivirus</a> =D0=B7=D0=B0=D1=89=D0=B8=D1=82=D0=B0 =D0=B0=D0=BA=D1=82=D0=B8= =D0=B2=D0=BD=D0=B0. </p> </td> </tr> </table> <br /> </BODY></HTML> ------=_NextPart_000_26F9_C9C9F16E.2C3DA2CA-- Thread-Index: AV72inpvbTh0MDk2dWczeGt6cmowNg==