On Thu, 2010-03-11 at 10:22 -0500, Kris Deugau wrote: > Ouch. :( Offhand, I'd say you might as well go ahead and blacklist > them anyway, because if the passwords on these freemail accounts have > been changed, I don't think there's much chance the original users will > get access back. It might be a different story if the accounts are > actually paid accounts. > I don't think the accounts were hijacked: the headers showed that the messages the OP posted were not sent from the domain hosting the mail accounts. It looked to me as if somebody has sold on lists of valid hotmail etc. accounts.
I smell an inside job, or at least some careful preparation, because the OP reckons that these accounts (forged as sender) were paired with valid accounts he hosts that would be used by the owner of the forged account. The messages I saw took the form: ------------------------------------------------------------------------- From: forged hotmail/yahoo/gmail account To: same person's account at the OP's ISP Subject: Help! I was ROBBED of my money and cards but not my passport. PLEASE send me $$$ via Western Union. Signed: me.myself ------------------------------------------------------------------------- A scam of this type needs to be pretty tightly targeted to work. The scammer would need at least a matched pair of addresses and a good probability that the supposed sender could be somewhere near the place where the alleged robbery was said to have happened. Martin