Have you ever recieved a message like this in your inbox?
User mailbox exceeds allowed size: sally@yahoo.com
Original message follows.
Received: from yahoo.com [85.100.73.162] by mailsrv.yahoo.com with ESMTP (SMTPD32-8.04) id A90137C0078;
Tue, 31 Jan 2006 15:41:21 +0200
From: joshuamarshall@infowest.com
To: sally@yahoo.com
Subject: Re: Test
Date: Tue, 31 Jan 2006 15:37:58 +0200
MIME-Version: 1.0 Content-Type: multipart/mixed;
boundary=”—-=_NextPart_000_0016—-=_NextPart_000_0016″
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <200601311541609.SM00864@infowest.com>
See, I didn’t send a message to “sally@yahoo.com,” but this message is telling me that I did, and that that email address doesn’t exist. How did this bounce message get to me when I didn’t send a message to that address?
Here’s how:
Email was originally created for a “trusted” environment: a handful of universities, and the Department of Defense. Because the original creators of the internet email system trusted those few users of the system, they designed it so that anyone could put any “return address” on an email message that they wanted, because it was a lot easier to code.
For instance, say I check joshuamarshall@infowest.com. I can easily set up my email program to send email using that address as the return address; or I could put something entirely different as my return address, such as billg@microsoft.com. The reason I can do something like that is because there is no mechanism on the sending server that is able to verify that a return address is actually my address, or even that my return address exists.
So someone out there is sending email to sally@yahoo.com and using my email address as the return address. Who could that be?
There are actually two answers to this question:
- A spammer who has come across my email address via spyware, a virus, or a web spider.
- A friend of mine who has a virus.
Option 2 is actually the most probable explanation. Let’s say I have a friend, Bill, who has a virus on his computer. That virus is going to try to send itself (or send spam) to every single email address it can find on his computer, including email addresses found in his Address Book, any emails he has ever recieved, and any text files on his computer, including web pages he visits.
Here’s the important part, though. That same virus is going to send out emails to all these people using an email address that is randomly selected from all these places! It does this to make it difficult for the recipients of the message to determine the actual computer from which these messages are being sent. Unfortunately, the email address that the virus selected as the return address was mine.
So, what can I do about these emails? Unfortunately, my options are pretty limited. There’s really no way of finding out which of my friends has the virus, because the emails are being sent out with my return address, not my friend’s. So, all I can do at the moment is email my friends, and ask them to scan their computers for viruses. Just for good measure, I should also scan my own computer for viruses, in case my computer is generating these emails.
Until the email system is changed to verify that senders are actually who they say they are, there is no permanent solution to this problem. The good news is that there are some proposals, such as SPF, which, if adopted, will fix this problem. The bad news is that every ISP in the world will have to adopt the same proposal, and implement it on all of their email servers. So, realistically, it could take several more years before you can be sure that email messages are coming from who they say they are.
Leave a comment