Email spoofs and returns.

We have clients that get emails bounced back from people that they have never sent emails to.  First thing that comes to their minds is that someone has broken into they email accounts and is sending email spam out from there.   Well that is not the case at all and I will explain.

With all the spam and spam filtering going on now, IT managers and mail systems have filters that check to see if the 'sender' is real .. kind of like this;  
BobSmith@hisdomain.com sends an email to maryjane@herdomain.com, first thing that Mary Jane's mail server does is ask 'hisdomain.com' if they have a user 'BobSmith' and the mail server at 'hisdomain.com' says "yes" .. if no answer or a negative answer then 'herdomain.com' rejects the mail.

So the bad guys came up with a really good piece of software that runs the spam out of a list of 'known' users, and uses the other end of the list to have it appear that the mail comes from a 'known' user.

So if you are on that 'list' and one of those emails goes to someone that no longer exists, you will get a returned email that says "rejected, or returned user unknown" with some email address you never heard of.   Of course you not knowing how the system has been spoofed start sending emails to your IT guy claiming that your email has been broken into .. and of course you send one to everyone that will listen in your company, when actually you should just simply delete the email and get on with work.

Email is spoofed all the time, the worse thing you can do is stop being productive and pay any attention to these emails.  There is no reason in the world that a spammer needs to break into your account to send out emails, it would be a complete waste of their time and money.

[This is a reprint of a portion of a white paper written 5 years ago.]

Add Feedback