Mail Delivery Errors for Email You Did Not SendMany people these days receive mail delivery error reports for messages they know they didn't send. There are three things that commonly cause this. 1. Spoofed "From:" address in spam messages When a spammer's mass-mail software sends out thousands of junk e-mail messages, the address shown on the "From:" line is almost never the spammer's real address. Sometimes it is a completely phony address, but often it is a real address chosen at random from the list of addresses to which the spam is being sent. If
your address is on a spammer's list, and if your address just happens
to be chosen for the "From:" line, and if some of the
messages sent by the spammer are undeliverable, then you (not the
spammer) will Most
mail delivery error reports include the text of the undeliverable
message. Take a look at it. If it looks like spam, then you probably
received the error report because somewhere out on the Internet
a Until recently this was the most common reason for receiving mail delivery error reports for e-mail you didn't send. Then along came a rather nasty virus called the Klez Worm... 2. Spoofed "From:" address in infected messages sent by the Klez Worm When the Klez Worm (and now a large number of copycats) infects a PC, it compiles a list of all e-mail addresses found on the infected PC's hard disk. Most are found in the address book and in saved e-mail, but addresses can be taken from any file. The Klez Worm then sends infected e-mail to all of those addresses, often multiple times. Sometimes the "From:" lines of the infected messages show the infected PC's owner's address, but more often the "From:" address is chosen at random from the list of target addresses compiled by Klez. If your address is on the hard disk of some Klez-infected PC out on the Internet, and if the Klez Worm on that PC selects your address to use in the "From:" line, and if some of the messages sent by the Klez Worm are undeliverable, then you will receive the delivery error reports for those undeliverable messages. Most infected messages sent by the Klez Worm do not include any message text. If the delivery error report doesn't include any message text, or if it is just a lot of gibberish, then you probably received the error report because somewhere out on the Internet a Klez-infected PC sent out infected e-mail with your address on the "From:" line. Currently this is the most common cause of mail delivery error reports for messages you didn't send, but there is one more possibility. 3. Actual "From:" address in infected messages sent by the Klez Worm As mentioned in scenario #2 above, sometimes the Klez Worm uses the infected PC's owner's address on the "From:" line of the infected messages it sends. Therefore if you receive delivery error reports that seem to be the result of undeliverable Klez-infected messages, there is a possibility that your PC is the infected PC. Not as strong a possibility as the scenario described in #2 above, but still a possibility. If you have anti-virus software on your PC, and if you keep it up to date, and if your version of Internet Explorer is not one that contains the "auto-open bug", and if you never open unexpected file attachments, then chances are slim that your PC has a Klez Worm infection. You
can find virus definitions and removal tools for Klez and other
viruses at the Symantec Security Response Center: |
