| |
ARTICLES |
| .......................................... |
go
back
|
| |
| .......................................... |
| Still need help?
|
| |
| |
|
Getting bounced messages - but I didn't send them! |
Craig |
This happens all too frequently these days. You receive a message saying that delivery failed - only you didn't send anything. And the bounce may be directed at an address that doesn't even exist at your domain! What happened? Does this mean there is some sort of security breach in your account?
No. What happened is most likely one of two things. Read on:
SCENARIO 1: VIRUS VICTIMS
The most likely cause is that someone on the Internet has contracted a virus such as MyDoom, Bagle.J, or a host of others. And you are in their address book. These viruses and worms send copies of themselves out by forging that 'from' value in an outgoing email. If you get a bounce message, it means the recipient address was bad, and since your domain was lucky enough to be listed as the 'from' entry - you get the bounce. Here is an illustration:
- Virus Victim gets MyDoom or similar virus (shame on them for not having anti-virus software!).
- You are in their address book with an address of you@yourdomain.com
- Virus Victim has many other address book entries, including 'bill@otherdomain.com' and 'fred@yetanotherdomain.com'
- MyDoom sends copies of the virus to all other entries in the address book and creates the 'from' value by combining elements of existing addresses. So the 'from' value on one of these messages could be set to 'fred@yourdomain.com', a completely made-up email address.
- When the message bounces, it will bounce back to 'fred@yourdomain.com'. If you have no 'fred' address set up the 'default' alias will catch the mail and handle it according to the rules you set in Mail Manager.
This happens every day, and is not a cause for concern beyond the annoyance factor. Keep in mind our servers do not have email programs like Outlook on them, and we don't run any versions of Windows in our network center. Receiving one of these bounces does *not* mean your hosting account has been compromised in any way.
SCENARIO 2: SPAMMERS
Another cause for this behavior is the dreaded spammer. While not as prevalent as the Virus Victim scenario, this does happen often enough to warrant mention here.
In this scenario, a spammer may have simply used an address at your domain for the 'reply to' or 'from' values when they sent the junk out. You needn't worry that the spams were actually sent via your account, or that you will be reported for such. If you look at the full header what you'll likely see is the 'reply-to' and/or 'from' values were set to your domain while the 'received' headers tell the true story. They will show where the mail actually originated from (overseas, usually). When reporting spam, this is what is relevant, not the 'from' value which can be arbitrarily set to anything - and often is.
In both situations, unfortunately there is nothing that can be done since mail software allows the sender to put whatever they want for the 'from' and 'reply-to' information. It's yet another annoying fact of life on the internet today. We hit 'delete' and move on.
Updated March 10 2004 |
|
|
|
|
