Geek News: Latest Technology, Product Reviews, Gadgets and Tech Podcast News for Geeks

Phantom AOL eMail

Posted by susabelle at 7:34 AM on June 14, 2011

I’m still getting mail from dead people.  An AOL account belonging to a friend of mine who passed away almost three years ago has been hijacked and sends me at least one spammy email a day.  I tried to block her emails using my spam blocker, but some still get through.  She had three or four AOL email addresses, and all of them send me spam email.

Now I’m getting spam email from a mechanic I used a few years ago.  The same type of spam email, and I’ve tried to call him, but he appears to be out of business.

But good old AOL, they aren’t out of business, and they never delete email addresses in their system, so I’m destined to get multiple emails a day from these defunct accounts.  And seriously, mail from the dead is just creepy!  AOL doesn’t seem to be responsive to requests to shut down these accounts (I’ve tried that) and they don’t even want to talk to you unless you have an AOL ID to sign on with.  There is no way I want to sign up for an AOL account just so I can complain about another AOL account.

Short of turning on blocking, spam filtering, etc., what is the solution?  How many of millions of AOL (or Yahoo, or Hotmail) email addresses are really defunct, but still sending out spam email because they’ve been hacked?  And why does it seem so hard for these emails to get turned off or deleted?  I sure wish I knew the answer.

5 Comments

  1. From georgied at 6:01 am on June 15, 2011

    I doubt you’d be able to initiate the deactivation of an account unless you had power of attorney or possibly a court order, and for good reason.

    So you will have to rely on blocking, not just at the spam content level but also at the sender lever.

  2. From J Platts at 9:29 am on June 15, 2011

    Actually it doesn’t really work that way, as a Sys-admin I have done tons of research on the subject. The emails are probably not coming from Aol, you can check the http header for the IP address of the relay server, then do a “whois ip” to see where its coming from. These email addresses are being spoofed like every other piece of spam on the internet. Once an email address is found by a spam crawler, which are automated programs that spend all day crawling websites looking for posted email addresses in websites, forums, business webpages, etc, ones that are not hidden using java or other scripts and they also get them from those viral emails with cute animations that say things like “send this to ten people and then send this back to me”, these email addresses end up in huge spammer databases. The spammer then has software to send mail to everyone in that database and it can choose an address from the database to make it appear to come from anyone in the database, which if you happen to know that person ensures that it gets past your spam filter. The spammer is on a completely different Internet Service Provider. Its automated and it can send spam throughout the day choosing a different sender each time.

    Generally its all untraceable because they use unsecured relay servers to relay the emails through. Back in the day (pre exchange 5.5) unsecured relay servers were everywhere, because relaying was turned on by default, even though the number of open relays has decreased greatly in recent years there are still plenty around. And some are even put in place by spammers and so called marketing companies for the purpose of spamming. So even if Aol removed the addresses they would still keep coming.

  3. From GNC #680 The Copyright Police - Geek News Central at 8:46 pm on June 16, 2011

    [...] Twitter gets first Politician. Mozilla and HTML5 Cloud and Killing Set Top Box. Nuclear in Alabama? AOL Phantom Email. Deep Shot. Parrot scores in New Zealand Nissan Lead Spying Lulzsec Email Check. War with Lulzsec. [...]

  4. From susabelle at 3:06 am on June 17, 2011

    JPlatts, thank you for the information, but this is email coming through AOL’s servers. The header shows the complete path, including server names and relays. There is not a single relay or server name that doesn’t have AOL in it. I have gotten spam mail from myself (my own address) that from the header I can tell was spoofed. This is not the case with the AOL spammy emails I get. This is most definitely an AOL problem.

  5. From J Platts at 9:14 am on June 27, 2011

    Oh well wait then, thats a different story and your problems are solved. If you are positive its hijacked and positive that the IP addresses in the header are all AOL, then you can use the AOL support page and report that an AOL account is being used to send spam and violating their Terms of Service. Report all of the email addresses and once they contact you they will ask for copies of the spam source code, they don’t usually want just forwarded copies but right click and choose view source on the spam, then copy and past the source and send to them. Once they investigate and verify that the user is using the account for spam and in violation of their TOS, they will ban the account and lock out all the email addresses so they can’t be used again because they were used for spamming. So in this case you have the upper hand. Yes anytime you can trace ANY spammer to his Internet Service Provider you can get them banned. I am shocked because that usually never happens, he is obviously a novice. Good Luck.