Could you be sending spam?

It started out looking like a typical morning's e-mail--some legitimate messages, a lot of spam, and two Delivery Failure notices informing me of messages I had sent to nonexistent addresses. But the bounced messages, which appeared to have been sent from my PC World e-mail address, bore the subject "The World's smallest Digital Camera." The message hawked a product I've never seen--or written about.

Some spammer had sent out this irritating advertisement so that it appeared to come from my address. These two messages bounced "back" to me because they happened to go out to bad addresses. But how many others went out to real people, some of whom may now think that I--and PC World--are in the unsolicited e-mail business?

Random Targets

The culprits probably weren't targeting us intentionally. In most cases, these bogus sender addresses are picked at random off the same list from which recipient addresses are harvested. Spammers must conceal their identity to get around filters, and the old way of doing it--inventing random addresses--doesn't work as well as it used to.

"Most systems now check to make sure the domain name is real," says John Levine, author of Internet Privacy for Dummies. "The easiest way to find valid addresses is a spam list."

These forgeries (also called spoofs when they forge not just the visible address but also the server of origin) might also get around the antispam challenge-and-response systems that some companies use. If you send a person enough messages that appear to come from random real people, one might be from someone they know. If Levine were a spammer, he admits, "I would send spam to everyone on the list from everyone on the list."

Is the practice legal? Probably not. "If you create the impression [that the spam is] coming from someone in particular, that person might have some sort of legal claim for defamation," says David E. Sorkin of the John Marshall Law School Center for Information Technology and Privacy Law. "But first you have to track down the person, then find the right kind of jurisdiction."

Of course, as Levine observes, "The behavior I've seen [suggests] that spammers don't care that what they're doing is illegal."

Flowers or Spam

At least one lawsuit over a forged return address was successful, though that was way back in 1997 and involved far more damage than simple inconvenience. One morning Tracy LaQuey Parker, then owner of Flowers.com (the domain name is now owned by 1-800-Flowers.com Inc.), opened her e-mail to see thousands of bad address bounces. "You know how you feel when you get spam? When I logged into my computer ... there were over 5000 messages," she says. "I felt like I was being attacked."

The flood shut down her ISP for half a day, hurting not only her business but others as well. Then came the angry e-mail from people who believed Parker's business was acting in some pretty unsavory ways.

The court found in Parker's favor and awarded a payment of over $35,000. "We didn't recoup anywhere near the damages done to us," she says.

It's unlikely that anyone today would receive such a barrage. "Most of the recent generation of ratware [spamming software] will randomly insert addresses off the list as the purported sender," explains Andrew Barrett, executive director of the SpamCon Foundation. This technique "flies under the radar because it avoids sending [all of the] bounces to a single domain," he adds.

Getting Vicious

Still, the e-floodgates might open if someone wants to punish you for some real or imagined slight. Although rare, these attacks are notorious enough to have gained a name: joe jobs, after a particularly vicious attack against Joe Doll, proprietor of the Web hosting service Joes.com, in 1997.

Author Levine believes this is what recently happened to him. He was hit by about "100,000 bounces from spam sent from an ISP in the Netherlands, mostly to Russian addresses."

Because of his high profile in the antispam community, Levine believes, the spammer "set out to send a lot of spam and thought it would be funny if all bounces went to me."

Levine believes the extremely high bounce rate was the result of the culprit not using a list. Rather, the scheme involved "thousands of random addresses they just made up," Levine says.

Joe jobs are rare, but small and random forgeries will undoubtedly increase. According to SpamCon's Barrett, "People are going to start seeing hundreds of bounces.... As challenge/response becomes popular, we're going to see a lot more forged addresses, more bounces, and more complaints."

Can anything be done? The old rules about keeping your address off the spam lists still apply: Be careful where on the Web you give your address, never use it in newsgroups, and so on. But if you're getting spam, chances are good that at some point people will think you're sending it, as well.

Until the government or Internet businesses figure out how to stop the entire spam problem, you'll just have to grin and bear it. And if anyone complains that you sent them spam, you can send them a link to this article.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lincoln Spector

PC World
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?