Android sending out emails….

IP Address Questions and AnswersCategory: Trace An EmailAndroid sending out emails….
matt9468 asked 2 years ago

Heres the deal, I have been getting failure notices from spam emails going out without my knowledge. It looks like its coming from one of my android devices (phone or tablet). i have factory reset the phone already but not the tablet. I have only downloaded apps from the market on tablet and trying to find out how its happening so I can stop it. The weird thing is I do not have any yahoo mail, messenger, etc set up on either of my droids but it seems to be jumping to a yahoo server. Any ideas? I have been working from the bottom up on the failure notice.

The header information on failure notice:
--- Below this line is a copy of the message.

Received: from [98.139.44.101] by nm8.access.bullet.mail.sp2.yahoo.com with NNFMP; 19 Nov 2011 10:27:48 -0000
Received: from [98.139.44.88] by tm6.access.bullet.mail.sp2.yahoo.com with NNFMP; 19 Nov 2011 10:27:48 -0000
Received: from [127.0.0.1] by omp1025.access.mail.sp2.yahoo.com with NNFMP; 19 Nov 2011 10:27:48 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email][email protected][/email]
Received: (qmail 51092 invoked by uid 60001); 19 Nov 2011 10:27:48 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.net; s=s1024; t=1321698467; bh=risYimU+YEYs74rStytoYYEgrrr9+oUt7ADzCJ63xiA=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type; b=dCH5OIm9GDKLLJgfH5fGoPz7wljWfDBrKDCvqrQ97zd9OjbVZcOITb26S+b2Flz/4f51LucxF3ozP1oxrW8b8Q+Blvh/SddRVEq4oCcTUBeX5r6qMmJDa2Y3pR32egqZbIVGBaPJr0YzWC5nb9JLqGBpPMqaZqbcgxHnx8Lu1wg=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=att.net;
h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:MIME-Version:Content-Type;
b=pntxTdyyvMcc/i9X97F0eZCalb3cvImcXsRGes07F+Xy8iOew2JAofB7VFT/mCkAhcrNqQHPw+g1Dze4XJiLYjbD6HtRjiLelyQZ5ADYhiU0s6POWTuaPwTnHFdPLAJjyCmLMjssGFKapkJD5TJoLAwid0QM+wX4rE/qtKzb9+c=;
X-YMail-OSG: sCl.k7kVM1kCaSmGLLGwnA9ES4AUxa9JIxlGImkOQqr47YJ
FDlhXra1KN7b0xojDiQj0s5BPDOhA4OVlTFONHDIDtVgvc4n7JkQU_niJ20g
K1q.T8Sl6qSuCxtwLMUEArW4rHgWTosk6crzpQFPIkc9B__pZgE8mIYVdx_4
2jqLzm9PWvQqoFwfYaNFkfNxnWXfsFf7Hx_wy1wiBKD2EvkFyN8DoquWOnmE
lmOvmndJdIfZVsX8M_3Lo053PTsgB6N.tle3LFJ6nOgvrtqzuuGvgomZqrLy
OYDsLlDn7TdJ0kK8qTx0vx3Fhg40KQJPNjV6lUHWFqKTBbW6lN7LebT0F40S
W9yAw7m_tCjh6cD6f1RaPI9ytKb_jjDClrsY7wOHLculXBJIjHp27RRqnyWD
fiXJKNXb2XMMePs9AbuWdlOZ5ecjz7JkxHp8T_vnlnnpmb6bQimhar2Y5KcC
N_NdQ5eXfiHlCArmBbDfcWFn2xRo2JFocVNOO0ubhYeuxTQ--
Received: from [92.84.193.162] by web180508.mail.gq1.yahoo.com via HTTP; Sat, 19 Nov 2011 02:27:47 PST
X-Mailer: YahooMailWebService/0.8.115.325013
Message-ID: <[email protected]> Date: Sat, 19 Nov 2011 02:27:47 -0800 (PST)
From: **Name Deleted**<*****@att.net>

1 Answers
Shnerdly Staff answered 2 years ago

Thanks for your question matt9468.

Who, specifically, are the failure notices from?

All I see in the header you posted are two Yahoo IP's and the last one, near the bottom, is from Romania. Your IP is not in the header. The matching date and time would indicate to me that the reference to Android near the bottom may be the device the person in Romania is using.

"Received: from [92.84.193.162] by web 180508.mail.gq1.yahoo.com via HTTP; Sat, 19 Nov 2011 02:27:47 PST
X-Mailer: YahooMailWebService/0.8.115.325013
Message-ID: Date: Sat, 19 Nov 2011 02:27:47 -0800 (PST)"

Know the answer? Login or sign up for an account to answer this question.
Sign Up