Over the last few days I’ve been receiving “bounce back” email messages that appear to indicate my email address is being used to generate messages to addresses unknown to me.
If my email address is being used to generate messages are they being sent from my computer or from another source that is just using my address?
If they are coming from my computer, I don’t know why my virus protection program didn’t prevent it. If they are originating from somewhere else, what if anything can I do about it?
One way malware works is once it has infected a computer, it builds a list of all the email addresses it can find, from whatever source.
Next, it picks one at random from the list and pokes in into the “sent to” field. Then it picks another at random and pokes that into the “sent from” field, and it mails it out.
So you see that a message can be sent from someone who isn’t in the “sent from” field of the email. There is no verification that the person sending is the person who claims to be sending.
About the only thing you can be sure of is that both the apparent sender and recipient exist as email addresses in someone’s computer at the same time. I’m sure that will be obsolete soon, too.
Can you do anything about it? Probably not. Just encourage your friends to practice safe computing.
It basically works the same way as the return address on an envelope sent through the US mail. The sender of a letter can put anything they want in that space, and there’s basically no enforcement to ensure that whatever it is is correct. Most people don’t bother to lie about their return address, but they could, very easily.
Of course with your own rogue server anything can be spoofed. But some legitimate email servers won’t accept an arbitrary return address in a client message without some form of pre-existing authorization (“return address” being different than the arbitrary “reply-to” which can be set to anything). But no doubt many will.
Hard to tell what is going on here. It could be a local bot, but it could just be a compromised email account, or it could be total spoofing. I suspected a compromised account when a friend of mine got reports of junk mail being received by his contacts that he had clearly never sent. In that particular case the problem went away when the email account password was changed. But in this case there are many possible causes.
I can only tell you what I’d do if that was happening to me. I would install the free ZoneAlarm firewall. Then I would know exactly what was going out from my computer.