returned mail not from me

[NoahM]

I have recently received some returned emails that I did not send. I am not sure who they are going to or if someone is using my info to cover tracks with spam. I am not experienced in reading headers but the full header looks like this:

Return-Path: <Jovoni@4jetconnection.com>
Delivered-To: nmiller@ltponline.com
Received: (fqmail 7428 invoked from network); 14 Dec 2002 00:51:48 -0000
Received: from mx02.futurequest.net (69.5.6.172)
by pt01.futurequest.net (63.151.147.170) with FQDP; 14 Dec 2002 00:51:48 -0000
Received: (qmail 6926 invoked from network); 14 Dec 2002 00:54:45 -0000
Received: from mx02.futurequest.net (69.5.6.172)
by mx02.futurequest.net (69.5.6.172 ); 14 Dec 2002 00:54:45 -0000
Received: from unknown (HELO lakecmmtao03.coxmail.com) (68.99.120.43)
by mx02.futurequest.net (69.5.6.172) with ESMTP; 14 Dec 2002 00:54:45 -0000
Received: from Rhxnhevi ([68.15.187.2]) by lakecmmtao03.coxmail.com
(InterMail vM.5.01.04.05 201-253-122-122-105-20011231) with SMTP
id <20021214004820.NZNV1289.lakecmmtao03.coxmail.com@Rhxnhevi>
for <nmiller@ltponline.com>; Fri, 13 Dec 2002 19:48:20 -0500
From: postmaster <postmaster@ltponline.com>
To: nmiller@ltponline.com
Subject: Returned mail--"cellpadding"
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=E08t582t370fXfjd46nee62
Message-Id: <20021214004820.NZNV1289.lakecmmtao03.coxmail.com@Rhxnhevi>
Date: Fri, 13 Dec 2002 19:48:23 -0500

I am not sure if perhaps my computer is sending these out without my knowledge or someone is using my info.
Any help would be greatly appreciated.

[Bruce]

From what I can see in the headers, Noah, this is not in fact a real bounce message. Bounce messages are characterized by having an empty envelope sender (visible as the Return-Path: line), and almost always have the From: address in the headers set to either postmaster@ or MAILER-DAEMON@. At this point it looks like a forgery. This message (the return) was sent by a coxmail.com subscriber.

However, I would have to see the full email body to make a complete determination of what exactly happened in this case. If it is a real bounce, it will contain at least the headers of the original message. If the message does not contain anything that you would have a problem with making public, post it here for discussion.

[NoahM]

Bruce,
This is everything in the body when I view the message in Outlook:

The following mail can't be sent to HMonroe1@ci.tucson.az.us:

From: nmiller@ltponline.com
To: HMonroe1@ci.tucson.az.us
Subject: cellpadding
The attachment is the original mail

I am not sure if this helps, but thanks for the help.

[PaulKroll]

Just off the top of my head, that subject line of "cellpadding" looks suspiciously like one of the generic subjects that Klez uses.

If it >IS< a Klez-virus message, then the chances are good that your (NoahM) machine didn't send it. One of the many ways Klez sends out viruses is faked bounces: it could have been sent from anyone who has your address. (Destination was almost certainly faked too.) If the "original" message has several screens worth of text like "08t582t370fXfjd46nee" (about 70-80 characters across, though) then it's almost certainly Klez. If you can post some of the raw text in the "original" message, or just the name of the attachment (for heavens sake, don't execute the attachment or double-click on it!), that'll probably settle the issue.

The webmaster box at my place of work gets a few of those faked-bounce Klezes each day, out of the 20-30 Klez e-mails it gets.

[NoahM]

Actually my last post contained everything that was in the email. I am not sure if Outlook or my antivirus removed something, but there are no other clues to post.....