Alexander: Getting e-mail warnings from a good demon

  • Article by: STEVE ALEXANDER
  • Star Tribune
  • March 27, 2012 - 3:50 PM

QI think someone has stolen my Yahoo e-mail contact list and is sending out e-mails that appear to be from me. I received an e-mail from "" that refers to an e-mail I supposedly sent to three people in my Yahoo contact list. But I never sent that e-mail, or others that have come back to my Yahoo address. How did this happen, and what should I do?


AIt's probably not just your contact list that's been stolen. Your Yahoo e-mail account has most likely been taken over by someone who's sending e-mails to your contacts.

The typical purpose of that is to perpetrate a scam by sending spam (junk e-mail) or phishing attempts (which try to trick people into disclosing valuable personal information).

When an e-mail from your account couldn't be delivered to one of three intended recipients, you got an automated warning from a widely used e-mail-monitoring program called the "mailer-daemon" (pronounced "demon" and meaning "guardian spirit" in Greek mythology).

The undelivered e-mail might have bounced back to your account because the recipient's address was wrong or no longer exists. Alternatively, the recipient's e-mail server may be temporarily blocking Yahoo e-mail because of an outpouring of malicious e-mail from compromised accounts like yours. (In Yahoo's defense, any e-mail provider can have hackers briefly take over accounts.)

How does someone take over your e-mail address? One way is by guessing your password, which isn't hard if you've used something personal, such as a street address, or a real word that's in the dictionary (hackers can run what's called a "dictionary attack" that tries out real words as passwords).

Or you could have innocently given your e-mail information to someone running a phishing attack. It's also possible that you have a malicious program called a key-logger on your computer that can record keystrokes to learn an e-mail user name or password.

Here's what you should do:

On your Yahoo e-mail account: Change your password. Make sure the alternate e-mail address on the account (you provided one when you signed up with Yahoo) hasn't been changed to a hacker address. Check the contact list to make sure nothing has been changed. For details, see

On your computer: Make sure your firewall and anti-virus software are up to date. Download the free version of the security program Malwarebytes Anti-Malware. (Go to and click "download now.")

In general: Watch for any other undeliverable warnings from the mailer-daemon.

E-mail tech questions to or write to Tech Q&A, 425 Portland Av., Minneapolis, MN 55488. Include name, city and telephone number.

© 2018 Star Tribune