Email, Spam Control, Returned email from messages I never sent (email forging, spoofing, backscatter)
I received a mailer daemon email message or returned email about an email that I never sent.
Those who send spam
or viruses often use tricks to hide their identity, cause confusion, or
increase the chances of you opening their email messages. One of these
tactics is known as "forging",
or faking the email address in the From field of an email by listing a
legitimate email address such as yours.
Because of forging, you might receive messages in your email account that appear to be a response to email you sent (these are called backscatter). These messages might have "Re:" in the subject line, contain "mailer daemon" errors, or look like they were returned by a company's anti-virus software. Additionally, some viruses look like rejected email so that you are more likely to open it to see what message you supposedly sent and thus inadvertently infect your computer with the virus.
A typical backscatter event goes like this:
- A spammer sends spam to firstname.lastname@example.org using your sender address (for example) email@example.com.
- The foo.com mail server rejects the mail, either because the message is identified as spam, or because the recipient does not exist.
- A bounce or automated reply is generated and sent back to firstname.lastname@example.org. The original spam content may or may not be included.
- The bounce arrives at UIUC and is either filtered by Tech Services Spam Control or delivered to netid's inbox.
If your account has been compromised/hacked then you will see the spam in your "Sent" folder. This is a good indicator that someone has logged into your account and is sending spam as "you." If you suspect your account was compromised, then IMMEDIATELY change your password and send an email to email@example.com informing the team of the compromise. They can help identify the source of the compromise and monitor the account to verify it's no longer compromised.
If your Sent folder doesn't contain the spam messages then your email may have been spoofed.
Unfortunately you/we cannot stop a spammer or virus from sending email as if it came from your account. Fortunately, backscatter outbreaks are often short-lived. Spammers will usually use a forged address for a short time, then move on to a new victim. In our experience, the spam stops in a day or two after the spammer moves on to another email address.
Your best recourse for these unwanted return messages is to set up filters that discard or reroute all mail with a subject line that includes one of the following:
Undelivered Mail Returned to Sender
Delivery Status Notification (Failure)