home about blog newsletter articles search contact help my account make a payment

Posted on August 29th, 2008

Why am I getting hundreds of error messages that look like I'm sending email I know I didn't send?

If your email account is being flooded with what look like error messages from other servers, for messages you're sure you didn't send, there are a couple of possibilities. You either are infected with a virus that is sending out mail without you knowing about it, or more likely, someone else's computer is infected who happened to have your email address in their address book. (A variation of the KLEZ virus is known to do this.)

This is called "spoofing". Email spoofing is the act of forging the header information on an email so that it appears to have originated from somewhere other than its true source.

What's likely happening is that messages are being sent and your email address is being inserted into the "from" field of the message, which means the receiving server will bounce the message or send you the error depending on whether the email address the message was sent to exists or not. It's a convenient way for spammers to not flood their own in-boxes with error messages.

As of right now, there's unfortunately not much that can be done. Pretty much the only current options are:

  1. Create a filter either on the server or in your email software to filter out the error messages based on a common word or two that you find in the headers, usually something like "MAILER-DAEMON".
    Problem with this solution: you would also filter out legitimate error messages and other automated or server-generated messages you may want.
    2. Set up an SPF record in your DNS. Any receiving server that supports SPF/SenderID will check for the SPF record and reject the email in some fashion if it didn't come from a permitted mail server.
    Problem with this solution: it requires the receiving mail server to support this system. As of right now, this is not widely supported.
  2. The nuclear option - delete your email address and switch to using another one.
    Problem with this solution: now you'd have to tell everyone your new email address, your business cards become in need of updating, etc. and so on.

On the positive side—most cases of spoofing attacks only last a day or two before it moves on to some other poor unfortunate's email address.

For more general information on dealing with spam, see the Federal Trade Commission's website at www.ftc.gov/spam