Chattagator said:
I am now getting failed delivery messages for addresses I have never seen
before. I have AVG running and it has found nothing....but several times a
day the hard drive indicator lights up and everything slows to a crawl and
email stops. Nothing shows up in the Windows Task Manager under the
Applications Tab. What is going on?
Someone claiming your e-mail address as their own is spewing out their
crapload of spam to a mailing list of generated or harvested e-mail
addresses. For those e-mail addresses that don't exist, the receiving mail
server is sending back an NDR (non-delivery report) telling you of the
failure to deliver. It didn't come from you. It came from a spammer
pretending to be you.
Anyone can claim any e-mail is their own. You can do it yourself but
putting any e-mail address you want in the e-mail account you define within
Outlook. It it rare that an e-mail provider requires their customers
specify the same e-mail address in the From header as for the e-mail address
of the account through which they send their e-mail.
You are getting the NDRs because of misconfigured mail servers. Rejection
is only valid DURING the mail session between sending and receiving mail
hosts. That's because, one, the receiving mail host knows the IP address of
whatever sending mail host connects to it and, two, an immediate reject by
the receiving mail host requires the sending mail host to handle that
rejection. Instead some receiving mail hosts are misconfigured in that they
accept all e-mails without validating if they can actually be delivered.
The mail session ends with the sending mail server and afterward the
receiving mail server attempts to deliver the e-mails. It finds the
accounts do not exist or some error occurs. The receiving mail server no
longer knows who is the sending mail host. The mail session to it is long
gone. All it can go by is the return-path headers within the e-mails;
however, those headers were added by the sender's e-mail client! So those
headers can have any values that the spammer wants to define. Since the
misconfigured receiving mail host only has the return-path headers to direct
the NDR notice, it uses the From header that the spammer specified but that
is *your* e-mail address, not theirs.
It could be a receiving mail host that doesn't check for delivery until
after the mail session is over with the sending mail host. It could be some
boob running an anti-spam program that bounces suspect (spam) e-mails back
to the sender. In both cases, neither the receiving mail host or the
bouncing user's client has any information to prove who is the sender. They
only have the headers on which to rely but the sender gets to define those
values. SMTP was designed based on a trust model that spammers have
successfully abused for a long time.
You didn't send the spam. The spammer claimed your e-mail address as their
own. The spam was accepted and the mail session ended. Now NOTHING is
available to the receiver (mail host or end-user's client) to prove from
where that spam originated. Although the spam got accepted during the mail
session, it was found undeliverable afterward or a user is sending a fake
bounce. These misdirected NDRs are reportable to public blacklists as
"backscatter". The receiving mail server is misconfigured. Some bozo user
is issuing fake bounces. In either case, blacklisting should convince them
to properly configure the mail server to reject DURING a mail session or
convince the fake-bounce user to stop their abuse.
You can report the abuse to the receiving mail server (that is sending back
the NDR e-mail or to report the fake bouncing user). You can warn them that
you will report their misdirected bounces to blacklists, like SpamCop. You
can't do anything about anyone claiming your e-mail address as their own.
You'll have to wait out the flood of NDRs (which should subside after
several days since spammers rotate through different fraudulent e-mail
addresses). You could use a rule to look for and junk any e-mail with
"report-type=delivery-status" in the message headers (sans quotes) but not
all mail servers add that to their NDR e-mails.
