Help / Spam & Virus Questions
Why Am I Getting All This Spam?
Every day, millions of people receive dozens of unsolicited commercial e-mails (UCE), known
popularly as "spam." Some users see spam as a minor annoyance, while others are so overwhelmed
with spam that they are forced to switch e-mail addresses. This has led many Internet users to
wonder: How did these people get my e-mail address?
In the summer of 2002, the Center for Democracy & Technology embarked on a project to
attempt to determine the source of spam. The results offer Internet users insights about what
online behavior results in the most spam. The results also debunk some of the myths about
Read the complete project findings in the report
Why Am I Getting All This Spam?
Unsolicited Commercial E-mail Research Six Month Report.
Why am I getting bounced e-mail showing spam or viruses I didn't send?
Many viruses grab two e-mail addresses from an infected computer's
address book and use them as the from and to address when sending the
virus. In these cases, it is usually likely that the people listed in the
from and to are not infected at all. The majority of active viruses today
do this which leads to anti-virus software sending "you are
infected" reports to the wrong people. Incidentally, Anti-virus
vendors really need to fix their software so it will stop sending false
If you are interested in learning more about the anti-virus
notification problem, we would recommend reading Anti-Virus
Companies: Tenacious Spammers.
Spammers love to hide their identity in order to (a) keep their
Internet account from being terminated; (b) avoid all of the bounced
e-mail (user unknown, etc.) and (c) avoid all of the complaints from users
receiving their spam. To do this they simply either make up a from e-mail
address containing any real or fake domain name and a real or fake
username (i.e. they forge/spoof the address).
This is very easy to do, they just put whatever they want in as the from
address in the mail application of their choice. It is impossible for
e-mail application vendors to validate if the user has the right to use
the address they enter.
Why and how can a spammer use my domain name?
Spammers modus operandi is to use forged addresses to cover their
tracks. They could care less about bounces and complaints generated by
their mailings. Their only goal is to get their message to as many people
as possible by any means possible, just as long as it doesn't cost them
There are several ways that spammers generate the e-mail addresses they
use. In the past they would just make up domain names for the from
address and send the mail specifying those non-existant domains. More
recently they have had to shift to using real domains for their fake from
addresses because many mail servers now automatically block mail from
Using applications specifically written for the purpose, spammers
generate possible domain names by combining dictionary words (i.e. "patch"
+ "work"), test it to make sure it exists and then store it in their
database. When they are ready to generate a spam mailing, they attach
random usernames to the previously generated domains and use the result as
the from address for the spam mail. Since there is no technical way to
verify if any individual is authorized to use a specific address as their
from address, it is impossible to stop a spammer from doing this short of
legal action. None of this process requires access to DNS Central
information or systems.
As just mentioned, you may pursue legal action against the spammer if
you can figure out who they are. The bounce information you receive
usually does not provide any information about the origin of the original
message. If you receive more information with the bounce (like the
original message that generated the bounce), perhaps the headers provide
the location of the origination point. If so and if you want to take the
time and spend the money, you may want to consult an attorney about the
fraudulent use of your domain name.
Another option is to just ignore the bounces by letting them be
automatically tossed at the server level. This would require that you set
up specific addresses in the e-mail forwarding options for legitimate mail
and change your catch-all to throw away
anything sent to an undefined address.
What is E-mail Address Spoofing (Faking, Forging, or joe-jobs)?
"E-mail Address Spoofing" is the one of the oldest and easiet
tricks in the spammer's toolbox. It is the practice used by many spammers
to falsify the header information in their e-mail advertisements. By
changing the header information someone can make the email appear to come
from whoever they choose.
Spammers are now routinely stealing the e-mail or Web site identities
of many people on the Web, and using them to send millions of pieces of
junk advertising or offending e-mails.
The average person on the Internet doesn't yet understand what's
happening here, and many legitimate companies are obviously being
It is important to note that spammers don't need access to the mail
server of the address they are using. All a spammer needs to do is open
their e-mail application, go into the configuration options and set the
from address to whatever they want. There is no provision in the Internet
e-mail protocols in use today to validate or authenicate that any
particular user has rights to use the address or domain name.
Unfortunately there isn't anything the owner of the domain can do to
prevent spoofing. They can only react after the fact when they find out
it has happened. Reactions can be as simple as deleting all of the
bounces they receive, to posting about the experience on their web site to
hiring an attorney to attempt to track down the person responsible.
More information on E-mail address spoofing can be found at the
following URLs and also by doing a search at your favorite search
Some of the sites that have been victims and their statements:
Can you tell me more about Greylisting?
Please see a general overview of Greylisting here.
99% of legitimate mail servers follow Internet mail standards and will not be effected by
greylisting (i.e. they will automatically retry sending the message). We try to whitelist the other
1% (broken legitimate mail servers)... see http://cvs.puremagic.com/viewcvs/greylisting/
Greylisting has been found very effective in stopping spam/virus messages from zombie/trojan
machines (which belong to ordinary individual Internet users) that spammers have taken over. Most
spam sending tools are designed to send as much mail out as possible via these zombie/trojan machine
and cannot be bothered with checking if the delivery was successful. All of these messages in turn
never see the light of day due to greylisting.
We recommend that you do enable the greylisting feature for each e-mail address in your forwarding
We highly recommend that you enable the greylisting feature if you are forwarding mail to AOL,
Comcast, Hotmail, Yahoo and other big mail providers as they may block all of your forwarded mail if