Could you be sending spam?

It started out looking like a typical morning's e-mail--some legitimate messages, a lot of spam, and two Delivery Failure notices informing me of messages I had sent to nonexistent addresses. But the bounced messages, which appeared to have been sent from my PC World e-mail address, bore the subject "The World's smallest Digital Camera." The message hawked a product I've never seen--or written about.

Some spammer had sent out this irritating advertisement so that it appeared to come from my address. These two messages bounced "back" to me because they happened to go out to bad addresses. But how many others went out to real people, some of whom may now think that I--and PC World--are in the unsolicited e-mail business?

Random Targets

The culprits probably weren't targeting us intentionally. In most cases, these bogus sender addresses are picked at random off the same list from which recipient addresses are harvested. Spammers must conceal their identity to get around filters, and the old way of doing it--inventing random addresses--doesn't work as well as it used to.

"Most systems now check to make sure the domain name is real," says John Levine, author of Internet Privacy for Dummies. "The easiest way to find valid addresses is a spam list."

These forgeries (also called spoofs when they forge not just the visible address but also the server of origin) might also get around the antispam challenge-and-response systems that some companies use. If you send a person enough messages that appear to come from random real people, one might be from someone they know. If Levine were a spammer, he admits, "I would send spam to everyone on the list from everyone on the list."

Is the practice legal? Probably not. "If you create the impression [that the spam is] coming from someone in particular, that person might have some sort of legal claim for defamation," says David E. Sorkin of the John Marshall Law School Center for Information Technology and Privacy Law. "But first you have to track down the person, then find the right kind of jurisdiction."

Of course, as Levine observes, "The behavior I've seen [suggests] that spammers don't care that what they're doing is illegal."

Flowers or Spam

At least one lawsuit over a forged return address was successful, though that was way back in 1997 and involved far more damage than simple inconvenience. One morning Tracy LaQuey Parker, then owner of (the domain name is now owned by Inc.), opened her e-mail to see thousands of bad address bounces. "You know how you feel when you get spam? When I logged into my computer ... there were over 5000 messages," she says. "I felt like I was being attacked."

The flood shut down her ISP for half a day, hurting not only her business but others as well. Then came the angry e-mail from people who believed Parker's business was acting in some pretty unsavory ways.

The court found in Parker's favor and awarded a payment of over $35,000. "We didn't recoup anywhere near the damages done to us," she says.

It's unlikely that anyone today would receive such a barrage. "Most of the recent generation of ratware [spamming software] will randomly insert addresses off the list as the purported sender," explains Andrew Barrett, executive director of the SpamCon Foundation. This technique "flies under the radar because it avoids sending [all of the] bounces to a single domain," he adds.

Getting Vicious

Still, the e-floodgates might open if someone wants to punish you for some real or imagined slight. Although rare, these attacks are notorious enough to have gained a name: joe jobs, after a particularly vicious attack against Joe Doll, proprietor of the Web hosting service, in 1997.

Author Levine believes this is what recently happened to him. He was hit by about "100,000 bounces from spam sent from an ISP in the Netherlands, mostly to Russian addresses."

Because of his high profile in the antispam community, Levine believes, the spammer "set out to send a lot of spam and thought it would be funny if all bounces went to me."

Levine believes the extremely high bounce rate was the result of the culprit not using a list. Rather, the scheme involved "thousands of random addresses they just made up," Levine says.

Joe jobs are rare, but small and random forgeries will undoubtedly increase. According to SpamCon's Barrett, "People are going to start seeing hundreds of bounces.... As challenge/response becomes popular, we're going to see a lot more forged addresses, more bounces, and more complaints."

Can anything be done? The old rules about keeping your address off the spam lists still apply: Be careful where on the Web you give your address, never use it in newsgroups, and so on. But if you're getting spam, chances are good that at some point people will think you're sending it, as well.

Until the government or Internet businesses figure out how to stop the entire spam problem, you'll just have to grin and bear it. And if anyone complains that you sent them spam, you can send them a link to this article.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lincoln Spector

PC World
Show Comments

Brand Post

Bitdefender 2019

Taking cybersecurity to the highest level and order now for a special discount on the world’s most awarded and trusted cybersecurity. Be aware without a care!

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?