Help / Spam & Virus Questions

Why Am I Getting All This Spam?

Every day, millions of people receive dozens of unsolicited commercial e-mails (UCE), known popularly as "spam." Some users see spam as a minor annoyance, while others are so overwhelmed with spam that they are forced to switch e-mail addresses. This has led many Internet users to wonder: How did these people get my e-mail address?

In the summer of 2002, the Center for Democracy & Technology embarked on a project to attempt to determine the source of spam. The results offer Internet users insights about what online behavior results in the most spam. The results also debunk some of the myths about spam.

Read the complete project findings in the report Why Am I Getting All This Spam? Unsolicited Commercial E-mail Research Six Month Report.

Why am I getting bounced e-mail showing spam or viruses I didn't send?

Many viruses grab two e-mail addresses from an infected computer's address book and use them as the from and to address when sending the virus. In these cases, it is usually likely that the people listed in the from and to are not infected at all. The majority of active viruses today do this which leads to anti-virus software sending "you are infected" reports to the wrong people. Incidentally, Anti-virus vendors really need to fix their software so it will stop sending false reports.

If you are interested in learning more about the anti-virus notification problem, we would recommend reading Anti-Virus Companies: Tenacious Spammers.

Spammers love to hide their identity in order to (a) keep their Internet account from being terminated; (b) avoid all of the bounced e-mail (user unknown, etc.) and (c) avoid all of the complaints from users receiving their spam. To do this they simply either make up a from e-mail address containing any real or fake domain name and a real or fake username (i.e. they forge/spoof the address). This is very easy to do, they just put whatever they want in as the from address in the mail application of their choice. It is impossible for e-mail application vendors to validate if the user has the right to use the address they enter.

Why and how can a spammer use my domain name?

Spammers modus operandi is to use forged addresses to cover their tracks. They could care less about bounces and complaints generated by their mailings. Their only goal is to get their message to as many people as possible by any means possible, just as long as it doesn't cost them any money.

There are several ways that spammers generate the e-mail addresses they use. In the past they would just make up domain names for the from address and send the mail specifying those non-existant domains. More recently they have had to shift to using real domains for their fake from addresses because many mail servers now automatically block mail from non-existant domains.

Using applications specifically written for the purpose, spammers generate possible domain names by combining dictionary words (i.e. "patch" + "work"), test it to make sure it exists and then store it in their database. When they are ready to generate a spam mailing, they attach random usernames to the previously generated domains and use the result as the from address for the spam mail. Since there is no technical way to verify if any individual is authorized to use a specific address as their from address, it is impossible to stop a spammer from doing this short of legal action. None of this process requires access to DNS Central information or systems.

As just mentioned, you may pursue legal action against the spammer if you can figure out who they are. The bounce information you receive usually does not provide any information about the origin of the original message. If you receive more information with the bounce (like the original message that generated the bounce), perhaps the headers provide the location of the origination point. If so and if you want to take the time and spend the money, you may want to consult an attorney about the fraudulent use of your domain name.

Another option is to just ignore the bounces by letting them be automatically tossed at the server level. This would require that you set up specific addresses in the e-mail forwarding options for legitimate mail and change your catch-all to throw away anything sent to an undefined address.

What is E-mail Address Spoofing (Faking, Forging, or joe-jobs)?

"E-mail Address Spoofing" is the one of the oldest and easiet tricks in the spammer's toolbox. It is the practice used by many spammers to falsify the header information in their e-mail advertisements. By changing the header information someone can make the email appear to come from whoever they choose.

Spammers are now routinely stealing the e-mail or Web site identities of many people on the Web, and using them to send millions of pieces of junk advertising or offending e-mails.

The average person on the Internet doesn't yet understand what's happening here, and many legitimate companies are obviously being victimized.

It is important to note that spammers don't need access to the mail server of the address they are using. All a spammer needs to do is open their e-mail application, go into the configuration options and set the from address to whatever they want. There is no provision in the Internet e-mail protocols in use today to validate or authenicate that any particular user has rights to use the address or domain name.

Unfortunately there isn't anything the owner of the domain can do to prevent spoofing. They can only react after the fact when they find out it has happened. Reactions can be as simple as deleting all of the bounces they receive, to posting about the experience on their web site to hiring an attorney to attempt to track down the person responsible.

More information on E-mail address spoofing can be found at the following URLs and also by doing a search at your favorite search engine.

Some of the sites that have been victims and their statements:

Can you tell me more about Greylisting?

Please see a general overview of Greylisting here.

99% of legitimate mail servers follow Internet mail standards and will not be effected by greylisting (i.e. they will automatically retry sending the message). We try to whitelist the other 1% (broken legitimate mail servers).

Greylisting has been found very effective in stopping spam/virus messages from zombie/trojan machines (which belong to ordinary individual Internet users) that spammers have taken over. Most spam sending tools are designed to send as much mail out as possible via these zombie/trojan machine and cannot be bothered with checking if the delivery was successful. All of these messages in turn never see the light of day due to greylisting.

We recommend that you do enable the greylisting feature for each e-mail address in your forwarding account.

We highly recommend that you enable the greylisting feature if you are forwarding mail to AOL, Comcast, Hotmail, Yahoo and other big mail providers as they may block all of your forwarded mail if you don't.