I'm a spammer

According to my ISP, I am a spammer. They are accusing me of sending out tons of mails, and if I don't stop, they will cut my internet connection. the mail looked like that:

Sehr geehrter Kunde,

Uns liegen Aufzeichnungen vor, die belegen, dass von Ihrer IP-Adresse aus elektronische Post als Massensendung oder zu Werbezwecken verschickt wurde. Da eine solche Handlung gegen unsere Nutzungsbedinungen (http://subscriber.chello.at/support/fair_use_policy.html#email) und geltendes Recht verstoesst, moechten wir Sie bitten in Zukunft davon Abstand zu nehmen.

Sollten sich derartige Vorfaelle wiederholen oder gar haeufen, koennten wir uns gezwungen sehen Ihren Versendezugang ueber die chello-Server bzw. je nach Schwere sogar Ihren Anschluss still zu legen. (....snip)

Uh. I really didn't spam anyone. The only possibility is that a spam bot infected my PC. But I really didn't find one, and I cannot imagine how this could have happened, having all security patches installed, using a (stupid) router, firewalls, alternative browsers and other stuff like this. Hm. What now? Reinstall windows?

eleven comments, already:

Hm … how about installing a virus scanner like Kaspersky?
Maverick - 10 05 06 - 20:22

did this, but they didn’t find something. dito for antispyware tools.
niko - 10 05 06 - 20:35

How about sniffing outgoing tcp traffic, setting filters for smtp, and logging everything?
Gothi[c] - 10 05 06 - 20:52

Perhaps you should install a software firewall and take a look at the activities at your ports.
If it is spyware or something like this there must be some trafic that a software firewall can notice
Fre4LeTy - 10 05 06 - 20:53

Maybe someone have stolen your IP-address? Did you turn-off your PC?
puh - 10 05 06 - 21:34

Are they basing that judgement on traffic, or reports from recipients based on spoofed email headers? I get lots of bounced spam messages that claim to have been sent by someone with one of my domains, clearly spoofed.

Try AdAware for spyware removal, and something like AVG or BitDefender for Virus / Trojan defense.
steve () (link) - 10 05 06 - 22:12

Maybe you are answering so many mails about irrlicht that they assumed you are a spammer, because no one would send so many “real” mails. ;)
Matthias - 11 05 06 - 09:17

Dunno how good your ISP is…

Phone them up, and ask for help !! If they are any good, they’ll get the idea real quick and remove you from the blacklist. May not help with the problem, but it’ll certainly help if they are planning on banning you.
Braneloc - 11 05 06 - 12:16

The truth is much simpler.

It is possible to send an email to anyone coming from anyone in case the SMTP server does not require authorization. Even if it does, it’s sometimes possible to find another one.
Zeux - 11 05 06 - 13:05

sure, I contacted them, but no answer yet. lets see.
niko - 11 05 06 - 21:03

They should at least provide some log data (and information how they obtained it). I understand you got a dial-in conection (dsl or whatever) with changing IPs. So, the statements about possible faked sender domains or open smtp daemons shouldn’t apply here.

As said above, I’d consider
> a hijack of your pc while maybe running during the night (hey, loading pr0n again?!)
> a spam bot on your local machine

Ah, and yes, I’d re-install my system. After they prove their statements, of course.
miq - 13 05 06 - 23:05


Name:  
Remember personal info?
yes
no
Email (optional):
URL (optional):
Enter "layered" (antispam):
Comment:Emoticons / Textile

  ( Register your username / Log in )

Notify: Yes, send me email when someone replies.  

Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.
Note: If you type in your email adress above, it will be visible to other visitors, although it will be hidden for bots using javaScript.