Could you be sending spam?

It started out looking like a typical morning's e-mail--some legitimate messages, a lot of spam, and two Delivery Failure notices informing me of messages I had sent to nonexistent addresses. But the bounced messages, which appeared to have been sent from my PC World e-mail address, bore the subject "The World's smallest Digital Camera." The message hawked a product I've never seen--or written about.

Some spammer had sent out this irritating advertisement so that it appeared to come from my address. These two messages bounced "back" to me because they happened to go out to bad addresses. But how many others went out to real people, some of whom may now think that I--and PC World--are in the unsolicited e-mail business?

Random Targets

The culprits probably weren't targeting us intentionally. In most cases, these bogus sender addresses are picked at random off the same list from which recipient addresses are harvested. Spammers must conceal their identity to get around filters, and the old way of doing it--inventing random addresses--doesn't work as well as it used to.

"Most systems now check to make sure the domain name is real," says John Levine, author of Internet Privacy for Dummies. "The easiest way to find valid addresses is a spam list."

These forgeries (also called spoofs when they forge not just the visible address but also the server of origin) might also get around the antispam challenge-and-response systems that some companies use. If you send a person enough messages that appear to come from random real people, one might be from someone they know. If Levine were a spammer, he admits, "I would send spam to everyone on the list from everyone on the list."

Is the practice legal? Probably not. "If you create the impression [that the spam is] coming from someone in particular, that person might have some sort of legal claim for defamation," says David E. Sorkin of the John Marshall Law School Center for Information Technology and Privacy Law. "But first you have to track down the person, then find the right kind of jurisdiction."

Of course, as Levine observes, "The behavior I've seen [suggests] that spammers don't care that what they're doing is illegal."

Flowers or Spam

At least one lawsuit over a forged return address was successful, though that was way back in 1997 and involved far more damage than simple inconvenience. One morning Tracy LaQuey Parker, then owner of Flowers.com (the domain name is now owned by 1-800-Flowers.com Inc.), opened her e-mail to see thousands of bad address bounces. "You know how you feel when you get spam? When I logged into my computer ... there were over 5000 messages," she says. "I felt like I was being attacked."

The flood shut down her ISP for half a day, hurting not only her business but others as well. Then came the angry e-mail from people who believed Parker's business was acting in some pretty unsavory ways.

The court found in Parker's favor and awarded a payment of over $35,000. "We didn't recoup anywhere near the damages done to us," she says.

It's unlikely that anyone today would receive such a barrage. "Most of the recent generation of ratware [spamming software] will randomly insert addresses off the list as the purported sender," explains Andrew Barrett, executive director of the SpamCon Foundation. This technique "flies under the radar because it avoids sending [all of the] bounces to a single domain," he adds.

Getting Vicious

Still, the e-floodgates might open if someone wants to punish you for some real or imagined slight. Although rare, these attacks are notorious enough to have gained a name: joe jobs, after a particularly vicious attack against Joe Doll, proprietor of the Web hosting service Joes.com, in 1997.

Author Levine believes this is what recently happened to him. He was hit by about "100,000 bounces from spam sent from an ISP in the Netherlands, mostly to Russian addresses."

Because of his high profile in the antispam community, Levine believes, the spammer "set out to send a lot of spam and thought it would be funny if all bounces went to me."

Levine believes the extremely high bounce rate was the result of the culprit not using a list. Rather, the scheme involved "thousands of random addresses they just made up," Levine says.

Joe jobs are rare, but small and random forgeries will undoubtedly increase. According to SpamCon's Barrett, "People are going to start seeing hundreds of bounces.... As challenge/response becomes popular, we're going to see a lot more forged addresses, more bounces, and more complaints."

Can anything be done? The old rules about keeping your address off the spam lists still apply: Be careful where on the Web you give your address, never use it in newsgroups, and so on. But if you're getting spam, chances are good that at some point people will think you're sending it, as well.

Until the government or Internet businesses figure out how to stop the entire spam problem, you'll just have to grin and bear it. And if anyone complains that you sent them spam, you can send them a link to this article.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lincoln Spector

PC World
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?