I recieved an read email receipt back from a client and it had "VSMail
mx4" attached to the subject line? What does this mean? I have a
feeling its virus related. If so, how do I correct it?

I've been having other problems such as this:
----- Original Message ----- 
From: "Mike P. via RT" <dul@mail-abuse.org>
To: <XXXX@XXXX.com>
Sent: Thursday, December 09, 2004 9:01 PM
Subject: [MAPS #152XXX] Re: your DUL remove request


> End user information about MAPS LLC and the DUL is available from
> http://www.mail-abuse.com/support/enduserinfo_dul.html
>
> The IP address in question appears to still be in use as a dial-up or
> dynamically assigned IP address. You appear to be running a mail
> server on a dial-up or dynamically assigned IP, and some people
> don't want to accept email sent directly from these types of IPs. You may
> want to review http://www.mail-abuse.com/support/an_rteoutgoing.html
> for information on running a mail server on a dial-up or dynamically
> assigned IP on the DUL.
>
> If you believe that your IP address is no longer dynamically assigned,
> please have your ISP contact us directly at dul@mail-abuse.com to discuss
the listing.
>
> --
> Mike P.
> RBL+ Investigator
> MAPS, a division of Kelkea, Inc.


I run a small business (executive recruitment) and believe my email
address may have been hijacked by a hacker.

If this is indeed the case how does a person with average techincal
skills correct this problem?

---

Request for Question Clarification by denco-ga on 07 May 2005 10:55 PDT

Howdy robogeorgia-ga,

First, I do not believe that the "VSMail..." being attached to the
subject line has anything to do with a virus, but rather how the
client is reading their email.
http://download.bot.nu/VsMail-Client/03.9150.html

"VsMail is a unique product that retrieves e-mails from multiple
e-mail accounts using a simple express setup."

As for the second situation, it would help researchers to know if
indeed you are running a mail server on a machine that is either
using a dial-up account to access the internet, or something else,
such as a cable modem, etc. that might have a dynamically assigned
IP, that is, not a fixed IP.

If that is the case, then the "solution" to the latter condition
is for you to send your email, assuming it is receiver requested,
through an email server that has a fixed IP.

As well, if you are sending email through a mail server that indeed
has a dynamically assigned IP, then I do not see any evidence of
someone hijacking your email address without more information.

Even if this is the case, it would depend on the email being sent,
and having the headers of such email, etc. before a course of action,
if any, could be ascertained.

Looking Forward, denco-ga - Google Answers Researcher

---

Clarification of Question by robogeorgia-ga on 09 May 2005 05:18 PDT

Denco-ga,

Thank you for the reply. 

The "VsMail is a unique product that retrieves e-mails from multiple
e-mail accounts using a simple express setup? link was very helpful
and makes complete sense. My company recently completed a ?rebranding?
that included a new company name and web site (naturally with new
email addresses as well). The gentleman who made the switch obviously
used the VsMail software to forward email going to our old addresses
to our new addresses. My concern is with ?VsMail mx5? added to the
subject line of 30% of emails (example: Re: Commercial Banker:  VsMail
mx5) is that is the age of viruses and security that many people will
think its virus related. Id there any way to insure that the ?VsMail
mx5? tag isn?t included in outgoing emails?


In regards to the question of our email server, since we are a small
business and I (and all of our employees respectfully) work out of our
homes I do utilize a wireless Internet connection that is networked to
my home cable/broadband account. Ideally, for cost and simplicity
purposes I would like to leave it as such. Will this be possible?

Thank you for your assistance and let me know if you (or others)need
further information.

---

Request for Question Clarification by denco-ga on 09 May 2005 16:14 PDT

Howdy robogeorgia-ga,

The solution to both of your problems might be the same thing, an email
service.  These come in various forms, for instance, this small business
email service from Yahoo.
http://smallbusiness.yahoo.com/email

"Get 10 email addresses that include your domain name and all the other
features found in Custom Mailbox."

DomainMail - Personalised email
http://homepageuniverse.com/domainmail/

"Never again be forced to change your email address because you changed
ISP's or your ISP changes it for you. With DomainMail you control your
on-line identity."

The above type of services would get rid of the "VSMail..." header as
well as the ongoing, and more problematic, dynamically assigned IP email
server situation which could lead to you being blacklisted.

If the above would work as an answer for you, I could put together an
expanded list of email services for you.  Thanks!

Looking Forward, denco-ga - Google Answers Researcher

I agree with the above posts WRT the Read Receipt.  This is not an issue.

While it is possible that your email server has been hijacked, in
which case you  should restrict who (specifically those who should be
allowed) can send emails through your email server.  How this is done
is dependent on the email server in use.

However, based on the description you gave, I suspect that this is not the case.

There may not be any hanky panky going on with your mail servers at all.

A number of trojans and virii raid the email address books of systems
they infect and either use them as spoofed senders to propagate
themselves or send them back to whoever is using the trojan/virus to
collect information.

It's also possible (and more likely) that your email address was
snagged off a website or other internet site somewhere by a spammer
who is using it to disguise the source of their emails.

In any case, it's a simple matter to claim to be someone else when sending emails.
A detailed look at the email headers from the original email will
determine the IP address the email oroginated from.  Unfortunately, it
looks like (based on the info in your question) a dial up account
(possibly hacked or hijacked) is being used.  this makes it *very*
difficult to track it down.

Even if you do, the spammer will just move to another account to spew
his/her filth.

It's really very simple to insert whatever email address you want in
the From: section of an email I could (in about 90 seconds) send you
an email which, for all intents and purposes, appears to be from
George W. Bush asking you to contribute to the DNC.

In a nutshell, if someone is using your email address, there's not
much you can do about it.

I'd suggest several options: 
1.  Change your email address (this is a huge pain, I know).
2.  Do nothing.  Unless the spammer starts sending emails to your
clients (which is possible) using your email address, little harm is
done.

whether you use option 1 or 2, definitely get a copy of GPG (free) or
PGP email security (not free), and use it to cryptographically sign
your emails.  This won't interfere with the ability of others to read
your emails, but will provide you and those you send email to a way to
verify that the emails you send are actually from you and have not
been modified in transit.

I wish I could give you a better answer, but that's the way it is.


Richard

Denco-GA,

I'm sorry for the time its taken to get back to you but this should
like the best answer. If possible, please prepare a list of comapnies
that offer this service.

Many Thanks.

I ran across this news item and I thought it might be apropros to your situation:

http://www.nytimes.com/cnet/CNET_2100-1030_3-5723497.html