Emails being sent by others with my return address?

Okay, for a while now, I have been getting emails returned to me from ISPs that say the original message was undeliverable. The problem is that I did not send the emails. Nothing is mine on the returned mail except for the return email address.

Thinking of a virus? Well, I did too, so I went out and got the latest and greatest virus software and low and behold, no viruses. Not a single one. Also none of my normal email correspondents have complained about getting spam from me.

So, should I be looking for something on my machine locally that is sending these mailings out, or can people pull my email address off of news groups and the like and set it up that their spam has my return address?

Relax. I had the same thing happen too. It’s someone (or some program) spoofing your email address to progagate the klez worm. If you check the headers, though, you’ll see the originating IP address is nothing like yours.

It’s trivial to send an e-mail with someone else’s address in the FROM line. If it’s the klez worm as QED suggestsed, the worm (virus) is on someone else’s computer, someone who has received e-mail from you in the past. (That’s where it got your address.)

I am experiencing the same problem as you have described. As I understand it, a spammer is “spoofing” your e-mail address. Meaning that he has forged your return address to appear in the “from” field. My ISP has advised me to forward these returned emails to their abuse department so that they can investigate further, though they also admit that there is little that they can do to stop the spammer involved. As for your machine being compromised I think you have nothing to worry about.

Posting your e-mail address anywhere on the internet is virtually guaranted to be noticed by these spammers. In fact there are bots, which are programs designed to scour the internet looking for any text string containing @ and harvesting them to a database which is then sold to even more spammers. It really is a no win situation. Your best bet is to cancel your e-mail address and create a new one. Unfortunately for me, my email address is also my domain name from which I sell my art, I am left with no chioce but to continue to be at the mercy of these god forsaken spammers.

It could be the Klez worm. Or something a whole lot more evil. It’s known as joe-jobbing in the spam industry and it involves forging email headers with other people’s (usually enemies) email addresses. All the bounce-backs get sent to the innocent party as well as a lot of hate mail from people at various sites.

How do I know this? The fuckers did it to me recently. Over the past week I’ve received several hundred bounced back emails advertising Generic Viagra. Their web site is hosted in Guangdong, China and, as you’d probably expect, the company is hardly sympathetic to my complaints. As the headers are forged, I’ve had little luck tracing the emails themselves and the fact that many of these sites truncate the headers in their bounce-back messages doesn’t help, either. I’m seriously considering changing my email address but, as it’s work related, I’m not looking forward to the hassle.

Hopefully, it’s just Klez or one of its variants because then you can just email everybody in your contact list to scan their computers for viruses

I wonder as I use WEBTV and a computer. I never had this problem with my computer but my WEBTV has it all the time. I continually get bounced messages (yes from a viagra seller as well).

WebTV is not supposed to be able to get worms and viruses. WebTV doesn’t give headers and I so I just delete it.

I’ve also had a similar problem. My ISP did determine that my account name and password had been stolen. Changing the password (which is something one should do from time to time anyway) cleared up the problem for the time being.

It doesn’t need to. All that needs to happen is for someone else to have an infected computer, and for that computer to have your WebTV e-mail address.

For instance: You sent an e-mail to a friend a while back. Friend’s computer (not WebTV) catches the Klez virus. Klez on friend’s computer looks around for e-mail addresses to steal. Klez finds the e-mail you sent friend, and grabs your address. Klez sends out a bunch of infected e-mails, but lies about where it’s coming from, and uses your address.

It works similarly with the spammers, except that they use some other method to get your address in the first place.

I usually advise folks having this problem that one or more of three things is likely responsible:

The only way to determine the true point of origin is to interpret the extended headers of the original mail that prompted the bounce, if those headers happen to be included in the body of the bounce.

Sending a complaint to the network responsible for the originating IP will allow the administrators of that network to investigate and determine the responsible account. They are the only entity that will be able to do so, because of the forgery and header manipulation.

There is no way for anyone to proactively prevent their address from being forged by either a spammer or an infected system. Even if you’ve never ever used your address, even if it has never seen the light of day, it can be deduced, guessed, or otherwise frankensteined from parts of similar e-mail addresses, or from folks who have the same address at different domains.

What can be done about address forgery, is reporting it to the network of origin so that appropriate action can be taken against the responsible account. Forging spammers will (hopefully) be warned or their accounts terminated. The forging virus-infected are usually notified of the apparent infection and given instructions for virus-detection and removal.