[Daniel M. Clark]

Since 2:30pm today, about one hour ago local time, I've recieved 798 email messages all with a variation on the theme of "spam email not delivered, apparently from you". It looks like someone has been using one of my email addresses to spam other people and when the recipient's spam filters kick it back, it comes to me. Now, I've always had one or two of these come in a day to various email accounts, so I just figured someone was using bounced email text to fool people into clicking links. I've just been deleting them. But in the last hour, there's been 798 of the damn things.

Any thoughts? Should I just notify the people that have it and then kill off the address? Could these things actually be bounced email messages?

[Daniel M. Clark]

In the time it took me to write that, the count went up to 950. This is getting silly.

Oh, and the reason I'm thinking this might be legit is that I'm getting messages from Google Groups saying I don't have permission to post to certain groups... it does look like someone is spoofing my address.

[Witzer]

I don't have an answer for you......just sympathy.

I experienced the same thing a few months ago. It finally stopped.
I did not make any changes except remove e-mail addresses from my all sites, even though only one site was affected, and replace with a contact form where needed. Do not know for sure if this was the solution or if someone found out that my email address was not profitable.

[Afilyit]

Can you look at the headers? Sometimes the original email is attached or found below the text

[2busy]

Can you check the headers to verify that they are from your domain/ISP/acct? In Windows (Outlook/Express)you can right click and check properties without opening the email to see what's in it and who it's really from. I know you use a Mac, but not sure if the same options apply.
I would close the acct first and then go about notifying folks, but I understand that sometimes that is not practical. If it is from a domain you control, you have more options in Control Panel, just contact the host. There are too many optional settings for email to have a one size fits all solution.

[flamingoworld]

We had this issue last month, got this back from Rackspace on the issue:

Spammers forge the From or Return-Path addresses on their messages to deflect blame onto innocent parties (or as an alternate means to get their spam messages to people). Poorly configured mail servers that accept mail for any address on a domain they host will then bounce undeliverable messages back to the Return-Path address - which gets the mail back to your users. We have seen a huge increase in reports of this problem, which in large part can be attributed to Google:

http://tech.slashdot.org/article.pl?.../04/08/2258246

They accept mail to any address on their hosted domains, which leads to much more "backscatter."

The only thing you can do to combat the problem is to set up SPF records for your domains. These are special DNS records that list the valid sending IPs. If a mail server sees a message coming from an unlisted IP, they are supposed to reject it. However, not all servers check SPF records, so this is not wholly effective; however, Google does check them, so it will help with the largest offender.

[Jim Guinn]

I had this problem about a year ago. It was not a case of a forged return path, but someone actually commandeered my mail program without my knowledge. Are you sure this is not the case with you? In any event, my ISP was most helpful in giving me steps to clean the culprit out of my mail program and putting safeguards in place.

Jim

[Daniel M. Clark]

Thanks for the replies, everyone Yep, I'm on a Mac, and I use the Mail program that comes with OS X. I don't *think* it's an issue of someone taking over my Mail software because I check about 40 email addresses in my Mail app... if someone had access to the app, it wouldn't likely be only one address they latched onto. And security on the Mac is a lot tighter, too.

I looked through the full headers, but it's been so long since I've had to deal with stuff like this that I don't know what to look for anymore... and I was never great with email tech to begin with, I was always more of a hardware guy. Looks like I'll be killing off that email address... fortunately, it's one that is rarely used anymore, so I won't have many people/sites to notify.

I hate spammers.

[suniliu]

I had this problem about a week ago, over 2300 returned/bounced emails...
I did not know what to do, so I just deleted that particular email address.

[Rexanne]

I got the same blast today Daniel. I get it once a month it seems. I guess they have each email addy they spoof on a monthly time table. I had more than 2000 in half an hour tonight. I'm dreading my inbox in the morning.

There is a way to stop those from coming into your mail. I had it set up and then switched computers and lost the set up. Ask your host about it. I'm gonna have to do the same ... in the morning. I've had enough drama for one day, going to bed. LOL

[Chris - AMWSO]

I had a one day hit of this on one account I rarely use late last week. About 100 or so then it stopped. It is so easy to spoof someone's email address and reply path that I don't think there is a lot you can do about it.

Cheers

chris