I've received over 140 emails like this:
Subject: failure notice
Date: December 2, 2005 6:22:55 PM CST
Received: from server88.tchmachines.com ([126.96.36.199]) by mx-pinchot.atl.sa.earthlink.net (EarthLink SMTP Server) with ESMTP id 1eIkxu3in3Nl34d0 for <email@example.com>; Fri, 2 Dec 2005 18:42:04 -0500 (EST)
Received: from notini.ktc.com ([188.8.131.52] helo=linux-ww1.ktc.com) by server88.tchmachines.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.52) id 1EiKWB-0007Oc-Fh for firstname.lastname@example.org; Fri, 02 Dec 2005 18:40:44 -0500
Received: (qmail 17242 invoked for bounce); 3 Dec 2005 00:22:55 -0000
X-Antiabuse: This header was added to track abuse, please include it with any abuse report
X-Antiabuse: Primary Hostname - server88.tchmachines.com
X-Antiabuse: Original Domain - pearlandjrs.com
X-Antiabuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-Antiabuse: Sender Address Domain -
Hi. This is the qmail-send program at linux-ww1.ktc.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
Sorry, no mailbox here by that name. vpopmail (#5.1.1)
--- Below this line is a copy of the message.
Received: (qmail 16973 invoked by uid 108); 3 Dec 2005 00:22:55 -0000
Received: (qmail 16594 invoked by uid 108); 3 Dec 2005 00:22:52 -0000
Received: from unknown (HELO wmlcwgcwe.com) (184.108.40.206)
by 0 with SMTP; 3 Dec 2005 00:22:52 -0000
Date: Fri, 02 Dec 2005 23:28:31 GMT
Subject: Registration Confirmation
X-Priority: 3 (Normal)
Content-Type: multipart/mixed; boundary="====fb93f9a85069db6c9ab36ad9"
This is a multi-part message in MIME format.
Account and Password Information are attached!
Content-Type: application/octet-stream; name=reg_pass-data.zip
Content-Disposition: attachment; filename="reg_pass-data.zip"
then more of these lines in what appears to be an enclosed virus or other file.
Has mail from my account been hijacked? I am not running any mail stuff that I installed. Just stock stuff.