www.earthlink.net myEarthLink myVoice My Account Support webmail.earthlink.net

« Help with Address Book import     |   Back to MAIN   |     "This Is Spam" reports bouncing »

Why am I getting bounced messages I didn't send? - 09/14/07

From: Email Guy
Subject:       Why am I getting bounced messages I didn't send?
Date: September 14, 2007 11:03 AM
 Permalink   |   Post Comment

A common technique used by unscrupulous spammers is to use a stolen email address in the From header of their message. Or a made-up one that happens to match yours. So your address might go out to thousands of mailboxes as a spam sender. Many of these messages will bounce since spammers use email lists that are often computer generated and guess at what are likely real addresses to send to. It's common for spammers to guess potentially valid addresses by taking a common username and adding valid domains to it. For example, chances are there will be a " bob@ " at just about any provider's domain. They send out so many that a lot of these guesses will hit. But when they don't hit, some of the messages will bounce back to you, cluttering your mailbox with bounced messages you never sent in the first place.

This practice is fraudulent and illegal, and sometimes the culprits can be tracked down and stopped. But don't count on it, as these scam artists usually relay their messages through compromised computers to cover their tracks. You can find more information, and report these incidents here.

Usually if you wait a few days the spammer will move on to using some other victim's address and you will stop getting bombarded with these bounced messages. Unfortunately there isn't much you can do but wait.

We have some ideas about ways to block most of these "fake" bounces and only accept real bounces. Fake bounces can usually be identified because the original message didn't come from within EarthLink, but the spoofed address used by the spammer was an EarthLink address. We're looking into a method called BATV which can identify these fake bounces for us. Look for an update on this later.

Don't worry about the safety of your mailbox when this happens. Just because a spammer has used your address as the From line in their outgoing messages, does not in any way mean they have compromised your mailbox or have any access to your messages.

  |   Comments (6)

Discussion

Posted by: Bill Palfey   |   November 14, 2007 1:34 PM    |   (1)

This one answered my question. I am getting hundreds of these bounced emails. Question is, what about the successful messages the spammer sent that did not get bounced. Will it be from me (as far as the recipient is concerned)?

If it isn't caught by their spam filter then the message may appear to come from your address at first glance, but the headers will show that it did not.

Email Guy


Posted by: Nancy   |   November 24, 2007 8:40 AM    |   (2)

I believe not only will the messages appear to come from my address, but I will begin to receive spam from the spammer and others to whom he sends his spam.
Has anyone seen this happening?
I have been VERY happy to see you finally have a handle on incoming spam---it is MUCH reduced from a few months ago. Thank you BIGTIME! This has been a problem for years, and I knew something could be done to fix it. Thanks for doing it!!

Posted by: Bill   |   February 2, 2008 9:20 AM    |   (3)

I, too, experienced this problem in November; this week it has re-appeared, with a vengeance. So...

Is there any update on BATV or other techniques for mitigating this? (Based on the BATV web site, found via the link in your original post, BATV appears to be nearly dormant. I read about SPF in other research.) Basically... is Earthlink making any progress on this problem?

Thank you!

Yes, we are making progress towards using BATV and are testing it. It will be introduced as a opt-in for users, as there are cases where users would not want to use it. More information will be available before long. SPF doesn't have the same purpose.

Email Guy

Posted by: frank holladay   |   March 14, 2008 3:52 PM    |   (4)

I have been receiving undeliverable emails in possible spam and a few in my inbox, that I did not send out? If we were to click on the undeliverable email, where many have attachments, is there a danger of getting a virus?I was tying to look at the headers and was afraid of doing this. I have just been eliminating them,from possible spam!

In Web Mail you can't catch a virus just by viewing an email message or viewing the headers. But if there are attached files, then don't click on those or open them unless you trust the sender, as attached files can be malicious and can run programs that will infect your computer.

Email Guy


Posted by: Cathy Fields   |   April 14, 2008 1:48 PM    |   (5)

With regard to these bogus bounced messages, if someone received spam that was sent out using my address and blocked it as spam, would they then be blocking anything that legitimately came from my address?

We are doing business that frequently includes email messages and I wondered if, by chance, our clients could be inadvertantly blocking our communications.

Individual users might block an address, but email providers don't usually (probably never) block any email just based on the From address given for the sender, knowing that those are not reliable and are easily spoofed. We don't do it at EarthLink.

Email Guy


Posted by: Bob   |   April 15, 2008 11:41 PM    |   (6)

All the spam messages I have been receiving end in *.ru. Why isn't the blocked sender feature set up so I can just block everything ending in *.ru?

This may be helpful.

Email Guy


Post a comment Back to MAIN

Please read the Ground Rules before submitting comments.

Please check the FAQ (Frequently Asked Questions) and try the Search feature before posting a new question. If your question is answered in the FAQ or in a recent article on the front page, it might not get published.



(All blogs get tons of automated spam from robots, so unless you answer this question, your comment will automatically be considered spam and won't be posted. Type human, one word, all lower-case letters.)

1.27