Twice in the last week or so, I’ve received a message entitled “Returned mail: Over quota” from “Mail Delivery Subsystem <MAILER-DAEMON@imap02.bwc.ap.blackberry.net>” in response to a email I sent; in the second case to just a single addressee (not of course MAILER-DAEMON@imap02.bwc.ap.blackberry.net). I believe the emails went through normally to the addressees in each case.
The text of the message I received today read:
"The original message was received at Fri, 18 Nov 2005 07:30:22 GMT
from mx01.bwc.prodap.on.blackberry [172.16.179.184]
Probably not (though it would hurt to go to http://housecall.trendmicro.com and do a scan). Bounce messages, if it’s not from somone you’ve sent an e-mail, usually mean that a virus spoofed your e-mail address. That only means that someone with the virus has your e-mail address somewhere on their computer (including on any websites they visited).
The virus e-mails are sent with a faked – thought legitimate – address, so any bounce messages go to that address.
It’s possible that the message contained a virus – some use that format to fool the user, but as long as you didn’t click on any attachment with it, you’re OK.
A newish wrinkle is spoofed or faked “bounce” notices. The virus-mongers send out emails that look like returned-mail notices, but nestled within the message are “one-pixel” blank images that trigger downloads if you happen to click on what looks like blank white space in the message. Or even worse, with the use of Java, trigger downloads if you merely move the mouse over the hidden spots.
Thanks I’ll pay attention too because I got recently a number of such “bounced” notices, with an attached message in a foreign language I can’t identify, and sender/recipient fields mentionning e-mail adresses completely unknown to me.
I had assumed that my e-mail adress could have been used to send spam or somesuch…
If you, like a lot of people, are using Outlook Express, you can check a message without opening it (you do have “Show preview pane” turned OFF in View|Layout, I trust), by right-clicking on the e-mail, selecting Properties from the menu, then clicking on the Details tab. This will show you a lot of info about the message, including who it is really from (check the Return Path and the completeFrom address). Click on the View Source button to see the actual message text, including all the bits not normally displayed when you open it in your message window. Note that an HTML format message will include large amounts of HTML code from which you will need to pick out the relevent message text, but this allows you to also see the hidden Java codes that will trigger malware activity, the real URL for the link you are supposed to click, etc. Very handy for checking out suspicious e-mails.
I assume that other e-mail programs have similar message inspection functions (although the Office XP verion of Outlook we have at the office doesn’t seem to have the View Source button).
Here is an example of the info displayed in the View Source window:
I have replaced my own e-mail address and removed all but the beginning of the HTML coding, but you can see that the From: address that is visible to you in the message window is not the real source of the message. Fake From: addresses are often just a case of an e-mail program configured to display “John Doe” in place of the less recognizable “jdoe5678@mega_isp.com”, but it can also indicate that someone is trying to hide the source of a message of evil intent. If the message claims to be from your bank in Omaha, but the Return Path or From info shows it to be from an unfamiliar address in Russia, it’s a fake. (Actually, if it claims to be from your bank, it’s almost certainly a fake anyway. )
)