Is my email address being abused? I'm receiving replies to messages I didn't send!

If you're getting bounce messages for dozens of messages that you didn't send, odds are that a spammer has used your email address as the From: address for some of the spam that they've sent.

Viruses

Some viruses will borrow an address in order to propagate themselves via email ... we have seen a tremendous increase in virus transmission by email. These viruses attempt to spread by making a list of all email addresses that they find on infected PCs, and then sending email with infected file attachments to those addresses. To increase the chances that recipients of these messages will open the file attachments (and thus get the infection), some of the addresses in the To: list are used to forge the From: address, so that the "sender" will appear to be somebody that the recipient knows and trusts.

If you're seeing bounce messages to email that you didn't send, it may be that the PC of somebody you've sent email to has become infected and is sending out email, trying to spread the infection.

You can get more information on these viruses at http://securityresponse.symantec.com/.

Spammers

We've had quite a few queries from folks who've been surprised to see spam (either in their inboxes or in their Postini message centers) that has their own email addresses as the "From:" address.

Getting replies doesn't mean anyone actually sent anything from your account, or hacked into your account.

Your email address can easily be forged in a 'from' or "reply-to" field, in much the same way that somebody could put your name and address in the upper-left corner of an envelope and mail it from the Post Office.

This has become a common spammer trick. Spammers need to use real (or at least possibly real, using real domains) addresses as the From: address when they send their junk, since many mail servers will reject mail from internet domains that don't exist. Some spammers cycle through their To: list 'borrowing' innocent email addresses for this purpose.

Unfortunately, there isn't much you can do about this. Spammers do everything they can to hide their identities, often signing up for email accounts under fake names, and many are overseas, out of reach of U.S. authorities. A high percentage of spam is sent through PCs connected via cable modem or DSL that have been compromised by a worm that makes them available to spammers as email relays.

The good news is that if this has happened to you, it isn't likely your address was used to send mass quantities of spam. Spammers who 'borrow' addresses like this usually change the From: address frequently, since they know that if they use one address very long, the pattern of abuse will be detected by spam filters and mail from that address will be blocked by many systems.


Properties ID: 000044   Views: 8933   Updated: 15 years ago
Filed under: