I have a Eudoramail accout and it is set to only allow message to my inbox if the sender is in my address book. The problem is that I am getting alot of other messages. I have tried to get the administrators of Eudoramail to help but they will not return my messages. Here is the header of one of the messages that I am recieving:
------------------
Received: from gadolinium.btinternet.com ([194.73.73.111]) by whowhere.com; Thu, 18 Dec 2003 21:55:21 -0000
X-Envelope-Sender: lenore.dunne@btinternet.com
Received: from [81.131.131.10] (helo=wuld)by gadolinium.btinternet.com with smtp (Exim 3.22 #25)id 1AX5Ol-0001on-00; Thu, 18 Dec 2003 21:09:31 +0000
From: "MS Security Support" <ietpmgstzyrm@advisor.ms.com> [add to address book] [protect or block sender]
To: "User" <lqpkc_qbrklvn@advisor.ms.com>
Subject: Newest Network Security Upgrade
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="stcunodwsvisqoerx"
Message-Id: <E1AX5Ol-0001on-00@gadolinium.btinternet.com>
Date: Thu, 18 Dec 2003 21:09:31 +0000
-------------------
This doesn't appear to even be sent to me and MS Security Support is certainly not in my address book. Does anyone have any suggestions of what to do next?

DELETE IT!

MS isn't going to notify you of anything by e-mail.

This is probably infected SPAM.... definitely delete it and if you downloaded it at all, run a full deep updated virus scan....

The eudoramail is an online email accout like Hotmail. I delete the mesages in question everytime that I get them but they keep coming and I never download anything from these, such as attachments. It would be a pain to switch to a different account.
What is infected spam?
How would these messages be getting around the Eudoramail spam filters?

Infected SPAM is SPAM that comes with a worm/virus/trojan/malware attachment and has links that will take you to sites that will try to install more garbage or con you into giving them credit card numbers and such... It may also have ActiveX or scripts embedded that try to infect your system....

Would the mail being infected have anything to do with the fact that these messages are getting aroung the spam filters?

It shouldn't... It is more likely that the SPAM filters are just not picking up on the particular spoof the SPAMmer is using. SPAMmers use all sorts of tricks to try to get around filters and sometimes they succeed....

What can I do about that?

I haven't used Eudora in more than 10 years, so I can't tell you much about that. I use MailWasher to screen my email and delete the garbage before it is even downloaded from the server. You could do that, but you will still get the stuff, you just will have an easier way to dump it.

The other thing you could try if Eudora is really supposed to only allow things in your address book is run a full set of security scans to make sure you don't have something messing with your settings.

The truth of the web these days is that it is full of cool stuff, but you have to be on guard and protected at all times because it is also full of vermin.... It isn't that many individuals, but when the nasty tools they use can copy themselves indefinitely, that leads to an onslaught that can't be stopped, only slowed....

Certainly sounds like Swen/Sobig/Blaster/Etc Virus - have a read about MS Security Bulletins (http://www.microsoft.com/security/) and related matters.

If all the ones getting through are to "User" is there anyway of blocking deleting these with a specific filter??

Keep trying to inform eudora about the problem and you could also zip up one of the problem mails (should you ever decide to download one - make sure your a/v is uptodate first) and sent it to abuse@eudoramail.com

That email purports to originate at gadolinium.btinternet.com but in fact does not since 81.131.131.10 is not the correct IP address (even though 194.73.73.111 is correct - it appears after [above] the other one).

The senders address is spoofed and if you can find out where 81.131.131.10 is you might have some insight into where the mail actually originates from.

Here is a site that will allow you track this ADDY

http://www.geektools.com/whois.php

What i got when I used the 81.131.131.10


inetnum: 81.131.0.0 - 81.131.255.255
remarks: Please send abuse notification to abuse@btopenworld.com
netname: BT-IMSNET
descr: Narrowband IP pools
country: GB
admin-c: DY128-RIPE
tech-c: DY128-RIPE
status: ASSIGNED PA
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
changed: preston.dialip@bt.com 20030514
changed: preston.dialip@bt.com 20030520
source: RIPE

route: 81.128.0.0/11
descr: BT Public Internet Service
origin: AS2856
mnt-by: BTNET-MNT
changed: support@bt.net 20030615
source: RIPE

In Eudora
You should be able to add the sender to the JUNK list using the Junk Icons or using the make filter option from the text menu

I have One that keeps getting past the filter even With SITE addy blocked completely
*@sitename.com
It’s pure spam But still gets in..
I have the same site filtered using every possible variation of the name.
BUT they just keep sending

So, there is really nothing that I can do untill I get a reply from Eudoramail Help. I have run a Whois on eudoramail.com and found that they are run by Network Solutions. I am also trying to contact Eudoramail trough them but...

Who Is Eudoramail.com

Checking server [whois.crsnic.net]
Checking server [whois.networksolutions.com]
Results:

Registrant:
QUALCOMM Incorporated (EUDORAMAIL2-DOM)
6455 Lusk Blvd
San Diego, CA 92121
US

Domain Name: EUDORAMAIL.COM

Administrative Contact:
Lycos, Inc. (LN85-ORG) dns-admin@LYCOSNETWORK.COM
400-2 TOTTEN POND RD
WALTHAM, MA 02451-2000
US
781-370-2700

Technical Contact:
Lycos, Inc. (LN86-ORG) nic-tech@LYCOS.COM
400-2 TOTTEN POND RD
WALTHAM, MA 02451-2000
US
412-208-1000

Record expires on 04-Dec-2005.
Record created on 05-Dec-1997.
Database last updated on 27-Dec-2003 08:07:30 EST.

Domain servers in listed order:

NS1.HOTWIRED.COM 209.202.254.203
NS3.HOTWIRED.COM 209.202.254.202
NS4.HOTWIRED.COM 209.202.221.55
NS2.HOTWIRED.COM 209.202.220.8
NS5.HOTWIRED.COM 209.202.220.74

I finally got a reply from Network Solutons. Here is what I was told:


Dear Valued Network Solutions® Customer,

Please be informed that we cannot comment regarding the spam filtering
of the e-mail software that you are using.

Unwanted bulk email or "Spam" is a growing concern for Network Solutions'
customers, Internet users, and businesses providing Internet services.
If we determine that one of our E-mail customers is sending spam,
we can terminate their service under the terms of our Acceptable
Use Policy. Because domain names are easily replaced and many spammers
have multiple domain name registrations, deleting a domain name
will rarely stop spaming activities.

Many ISPs maintain Acceptable Use Policies (AUP) that prohibits
sending spam across their networks. If a spam source is identified
to an ISP, the ISP can also take action to ensure that the unwanted
bulk email is not delivered over its network. Visit http://www.uic.edu/depts/accc/newsletter/adn29/headers.html
to learn how to identify the ISP for spam e-mail. For additional
information to assist in the fight against spam, please visit the
following sites:
http://spam.getnetwise.org/

http://www.spamcon.org/

http://www.ftc.gov/bcp/conline/edcams/spam/coninfo.htm

http://combat.uxn.com/


Sincerely,

Christopher013
Network Solutions Customer Support

http://spam.getnetwise.org/ mentions sending forwarding spam to the FTC. That is what I have started doing. It is too soon to tell if it is helping though.