Jlnewmark Jun 20, 2007   6:23 PM GMT

For more than a few years now, spam and viruses have been spoofing usernames to hide their tracks. The virus is almost certainly not on your user's computer. However, their name is in the address book of a computer that DOES have a virus. That virus randomly selects people out of the address book as the "sender," when it mails itself out -- obviously, if you knew who the REAL sender was, you'd let them know they have a virus and they could do something about it. If the problem is a spammer (you can usually tell from the content of the message), then that spammer is basically doing the same thing as a virus, except that he's bought a mailing list and your user is on it. Your user can get on any number of mailing lists in very innocuous ways: they had to register on a news site (NY Times, Wash Post, Wall St. Journal, LA Times all require registration just to read articles, for instance), or even with a business group or Chamber of Commerce. These companies all promise that they will only share your information with their "authorized business partners." Unfortunately, these business partners can ALSO share with THEIR business partners, and somewhere down the line, "business partner" becomes "whoever will pay me for the list." In both cases, the previous responder does have the bottom line -- you really can't stop these delivery failures for bogus emails without stopping delivery failures for ALL emails. Not a good idea. The one ray of light is that these things don't usually last more than a few days to a couple weeks at most. Then the virus is caught or goes inactive, or the spammer moves on to the next set of names on his list....

0 pointsBadges:

Bobkberg Jun 20, 2007   11:49 PM GMT

jlnewmark is pretty much on the button - I can't add anything to what he's said as far as describing the problem. However, as for people who use your own email address against you... There is also graylisting - which can use the sending IP address of the message (which cannot be spoofed). The idea behind graylisting is that much (sadly not all though) spam is sent as a one-time "broadcast", whereas legitimate senders will retry to send after some period of time. Another tactic is to make use of a blacklisting service (there are several) who try to keep up with the never-ending new sources of spam, and reject all email coming from them. If you're also willing to take the risk of blocking possible legitimate traffic, I've compiled a list of address blocks which are known to be in Asia, Europe, South America. Not a sure-fire thing either since the list is NOT comprehensive, but these can be filtered at your border router. Nothing secret about the addresses - it's all public information (www.iana.org), but there's another route for you. Bob

1,070 pointsBadges:

Ericcomputer Jun 21, 2007   8:40 AM GMT

Another possibility to avoid this (and other "spoofing" problems) is to set your mail server to do a Reverse-DNS check (RDNS) before accepting any inbound mail. Basically what this does is it checks the IP address that the message originated from using RDNS to see if it matches the "from" address (domain) of the sender (let's say for example the message has a "from" address of: user@company.com), and then your mail server will compare the result of the RDNS check (a domain name) to see if there is a match. If that IP address matches the IP address that the message came from (in the message headers), then the message will be accepted. If it does not match, it will be rejected, sometimes even without a non-delivery response. The problem with a lot of RDNS checking logic is that many companies (and ISP's) either do not have RDNS set up at all, or the RDNS address reports with the ISP's domain name, not the company that is utilizing that IP; Therefore, legitimate mail could easily be rejected without notice. Microsoft Exchange has such a feature buried within the SMTP Virtual Server (or SMTP connector if you're using one) settings. Yet another method for checking and protecting against mail spoofing (or at least having YOUR domain spoofed) is to add an SPF (Sender Policy Framework) record to the zone file of your domain (usually done at the ISP level). You can read more about SPF records here: http://www.openspf.org/Introduction It is surprising how few domains have an SPF record defined... Good luck, --Eric

0 pointsBadges:

Jlnewmark Jun 21, 2007   9:27 AM GMT

The only problem with a reverse DNS check is that the domain from which the Delivery Failure is coming is almost certainly legitimate and "Mailer Daemon" or "System Administrator" from that domain is going to be a good address. Unless your reverse DNS will check back through all the steps to the origination of the message, at which point you will finally see the mismatch, I'm not sure this will help against delivery failures. It will certainly help against other spoofed emails.

0 pointsBadges:

TedRizzi Jun 22, 2007   9:14 AM GMT

This is a very common issue, some one's computer, is infected with a virus and is sending out spam spoofing the senders email address with your users email address's it could even be one of your users home computers or a business contact. The cure is simple.. show your users where the delete key is on the keyboard. there is no way to prevent this from happening. if you have email content filtering software you can create a filter to block it. other than that not much you can do.

0 pointsBadges:

No1pole Nov 6, 2009   1:42 AM GMT

I keep getting returned e-mail I did not send it is not deliverable. some are even in a foreign language. is this a virus?

10 pointsBadges:

Firechief69 Sep 8, 2010   1:44 AM GMT

how do i stop my yahoo email , sending out emails from my address book  please tell my step by step most of my friend has the bug that my pc gave them   Help PLease i have no body to go to for HELP  thanks .  Alex

10 pointsBadges:

MelanieYarbrough Sep 8, 2010   1:29 PM GMT

Hi Firechief69, Please create a new thread for your question to ensure it gets answered by the community. Be sure to include the details necessary to help resolve your problem. Thanks, Melanie

6,345 pointsBadges:

Mimisina Sep 20, 2010   8:14 PM GMT

received notice of undeliverable emails that I did not send. How can I trace source? How can I put a stop to this?

10 pointsBadges:

MelanieYarbrough Sep 20, 2010   9:07 PM GMT

Hi Mimisina, Please begin a new thread for your question. Include as many details as possible, including what email service you’re using and the message being sent, if possible. Thanks! Melanie

6,345 pointsBadges:

rickbike Nov 13, 2018   4:41 PM GMT

I get these by the 100's every day to just one of my email addresses. I added this address only a month ago.

10 pointsBadges:

ToddN2000 Jan 4, 2019   1:35 PM GMT

Check the date and time the email was supposedly sent. If they were sent off hours when you were not in the office, you may have a bot or a virus. Run a good anti virus program. Also if you can check the email header to verify the source, make sure it is coming from the address you expect. It could also be a phising attempt to get you to open the email to see what went wrong. 

133,645 pointsBadges:

Jules2k Jan 4, 2019   5:41 PM GMT

Delegation settings can be responsible for mail appearing to be sent from your account.

45 pointsBadges:

jamesyogiyogi Jan 9, 2019   10:11 AM GMT

https://contactemailservices.com/gmail-support-number/

50 pointsBadges:

ToddN2000 Feb 28, 2019   1:03 PM GMT

Something like this could be baiting you to click on it. Like other with a subject line like your UPS package was un-deliverable. You could set up a spam filter to weed these out by testing the subject for some text That is what makes it so hard to stop things like this when you can spoof ips, emails and phone numbers today...

133,645 pointsBadges:

Bhavitratech Feb 28, 2019   4:00 PM GMT

560 pointsBadges:

Subhendu Sen Mar 1, 2019   10:41 AM GMT

It is better to change password with complex one and check whether it will be helpful. Also if possible, stop using email for particular user or open his/her email from another system.

140,480 pointsBadges:

ToddN2000 Mar 1, 2019   1:17 PM GMT

@Bhavitratech: Sounds similar to a bot. Not all anti virus program will find them. Check out this link from PCWorld

133,645 pointsBadges:

TheRealRaven Mar 1, 2019   3:21 PM GMT

It's still most likely that there's nothing related to your system at all. The notices were routed to you simply because your e-mail address was used to send the items that were undeliverable. There's probably no malware to find because none exists on any system that you have access to. And there's nothing you can do to stop it.

35,630 pointsBadges: