IT Support in New Jersey & New York: (347) 351-3031 or (201) 645-1255

Why did this email bounce back to me when I didn’t send it in the first place?

by | Oct 29, 2009 | Cyber Security, Tech Tips for Small Business | 0 comments

Every once in a while a client emails me a question along the lines of the following

I did not send the message referred to below. Why did it “bounce back” to me? Do I have a virus sending email from my account?

From: System Administrator
Sent: Wednesday, October 28, 2009 5:18 PM
To: Jane Doe
Subject: Undeliverable: Re: Obrigado!
Your message did not reach some or all of the intended recipients.
Subject: Re: Obrigado!
Sent: 10/28/2009 5:17 PM
The following recipient(s) cannot be reached: on 10/28/2009 5:04 PM
The e-mail system was unable to deliver the message, but did not report a specific reason.

9.9 times out of ten, the email did not originate from the customer’s email address. Rather, the sender used what is called “address spoofing”.

Here is how address spoofing works. Anyone can put whatever “reply-to” address they want on their email account. Any non-deliverable email will then “bounce back” to the “reply-to” account, not to the account (usually a spammer’s) from which it was sent.

If you are confused, think of a piece of postal (snail) mail instead of an email message. You could write any return address you want on the upper left-hand corner of the envelope; and if the envelope was “returned to sender” for any reason, it would go back to the return address on the envelope.

(This is why spam blacklists are based on the sender’s ip address, not on the “reply-to” email address.)

If my client receives a lot of messages like this, I will suggest we set up a filter in the client’s mail software. For residential email accounts, these types of emails are generally no more than an annoyance and there is not much that can be done.

If it is a business client with their own Exchange server, I will check the logs just to be 100% sure that the spam did not originate from their server, and I might add a filter to block the bounce-back from bothering my client. Then, assuming the business owns their own domain, an SPF (Sender Policy Framework) record should be published in the DNS record for the domain. This verifies to the receiving mail server that the mail is coming from a server that you have authorized to send mail for your domain.

Like What You See Here?
Sign up for our monthly newsletter to stay current on cyber-security and other IT issues effecting you.
We'll never sell or share your contact information.
Subscribe Me!