PDA

View Full Version : Spammer faking "my" return address


Dodi Schultz
May 22nd, 2006, 02:13 PM
Maybe some e-mail maven here will know the answer to this one.

A major annoyance over the past few months has been the arrival in my mailbox--daily, most days exceeding the amount of spam--of messages "returned" to me because the addressee was unknown ("Hi. This is the qmail-send program at [legitdomain.com]. I'm afraid I wasn't able to deliver your message to the following addressee..."].

Trouble is, these aren't messages I actually sent. They're spam--mainly for diet nostrums and pharmaceuticals--and my address has been faked thereon as the "from" source. Of course spammers use shotgun messaging, and some addresses are bound to be wrong or outdated.

No, it's not that my computer's infected and they're really coming from me. My e-mail's still handled with TAPCIS--still running on plain DOS--and binary stuff is still simply scanned and routinely deleted from my mailbox. Another indication that it didn't originate from my computer is that the return address isn't as my system applies it (the capitalization is different).

It's my understanding (correct me if I'm wrong) that this means either that the computer of some friend or acquaintance has been corrupted and is being used (along with its address book) to send spam OR that the address has been picked up from such a computer.

Questions: Is there a way to stop it? (I know that it's not the province of the CIS people who try to keep spam out; this isn't incoming spam.) Or, if not, and the computer of someone I know is being used--is there a way to find out whose?

--Dodi

Judy G. Russell
May 22nd, 2006, 02:57 PM
Questions: Is there a way to stop it? (I know that it's not the province of the CIS people who try to keep spam out; this isn't incoming spam.) Or, if not, and the computer of someone I know is being used--is there a way to find out whose?Unfortunately, the answers are no, and no (because it's not at all likely that the computer of anyone you know is being used).

Unless you could identify a specific sender, there's no way to stop this sort of thing. The only thing you can do is wait it out; eventually the spammer goes on to using someone else's email address.

And realistically the email isn't likely to be actually sent from a computer of a friend; all the spammer usually wants is a "live" email address for the return address and is doing the sending from some offshore site that can't be shut down. The email address itself may well have been harvested from a friend's email address book, but that can't be traced. So there's no sense in trying to track down the sender.

In short, it's a nasty situation but will resolve itself in a relatively short time. For the interim, you might consider using a service like Mailwasher (http://www.mailwasher.net/) or Spamarrest (http://www.spamarrest.com/).

Gary Maltzen
May 22nd, 2006, 08:53 PM
To determine where the messages actually originate you need to look at the (bounced) message that purportedly was from you. The headers of that message will have the actual IP address used to send the message to the "bouncing" address. The ISP owning that site needs to be notified - assuming that they have posted an abuse address.

I have sent you a PM with details on how to contact me for additional help.