www.earthlink.net myEarthLink myVoice My Account Support webmail.earthlink.net

« Help with Address Book import     |   Back to MAIN   |     "This Is Spam" reports bouncing »

Why am I getting bounced messages I didn't send? - 09/14/07

From: Email Guy
Subject:       Why am I getting bounced messages I didn't send?
Date: September 14, 2007 11:03 AM
Permalink   |   Post Comment

A common technique used by unscrupulous spammers is to use a stolen email address in the From header of their message. Or a made-up one that happens to match yours. So your address might go out to thousands of mailboxes as a spam sender. Many of these messages will bounce since spammers use email lists that are often computer generated and guess at what are likely real addresses to send to. It's common for spammers to guess potentially valid addresses by taking a common username and adding valid domains to it. For example, chances are there will be a " bob@ " at just about any provider's domain. They send out so many that a lot of these guesses will hit. But when they don't hit, some of the messages will bounce back to you, cluttering your mailbox with bounced messages you never sent in the first place.

This practice is fraudulent and illegal, and sometimes the culprits can be tracked down and stopped. But don't count on it, as these scam artists usually relay their messages through compromised computers to cover their tracks. You can find more information, and report these incidents here.

Usually if you wait a few days the spammer will move on to using some other victim's address and you will stop getting bombarded with these bounced messages. Unfortunately there isn't much you can do but wait.

We have some ideas about ways to block most of these "fake" bounces and only accept real bounces. Fake bounces can usually be identified because the original message didn't come from within EarthLink, but the spoofed address used by the spammer was an EarthLink address. We're looking into a method called BATV which can identify these fake bounces for us. Look for an update on this later.

Don't worry about the safety of your mailbox when this happens. Just because a spammer has used your address as the From line in their outgoing messages, does not in any way mean they have compromised your mailbox or have any access to your messages.


Posted by: Bill Palfey   |   November 14, 2007 1:34 PM    |   (1)

This one answered my question. I am getting hundreds of these bounced emails. Question is, what about the successful messages the spammer sent that did not get bounced. Will it be from me (as far as the recipient is concerned)?

If it isn't caught by their spam filter then the message may appear to come from your address at first glance, but the headers will show that it did not.

Email Guy

Posted by: Nancy   |   November 24, 2007 8:40 AM    |   (2)

I believe not only will the messages appear to come from my address, but I will begin to receive spam from the spammer and others to whom he sends his spam.
Has anyone seen this happening?
I have been VERY happy to see you finally have a handle on incoming spam---it is MUCH reduced from a few months ago. Thank you BIGTIME! This has been a problem for years, and I knew something could be done to fix it. Thanks for doing it!!

Posted by: Bill   |   February 2, 2008 9:20 AM    |   (3)

I, too, experienced this problem in November; this week it has re-appeared, with a vengeance. So...

Is there any update on BATV or other techniques for mitigating this? (Based on the BATV web site, found via the link in your original post, BATV appears to be nearly dormant. I read about SPF in other research.) Basically... is Earthlink making any progress on this problem?

Thank you!

Yes, we are making progress towards using BATV and are testing it. It will be introduced as a opt-in for users, as there are cases where users would not want to use it. More information will be available before long. SPF doesn't have the same purpose.

Email Guy

Posted by: frank holladay   |   March 14, 2008 3:52 PM    |   (4)

I have been receiving undeliverable emails in possible spam and a few in my inbox, that I did not send out? If we were to click on the undeliverable email, where many have attachments, is there a danger of getting a virus?I was tying to look at the headers and was afraid of doing this. I have just been eliminating them,from possible spam!

In Web Mail you can't catch a virus just by viewing an email message or viewing the headers. But if there are attached files, then don't click on those or open them unless you trust the sender, as attached files can be malicious and can run programs that will infect your computer.

Email Guy

Posted by: Cathy Fields   |   April 14, 2008 1:48 PM    |   (5)

With regard to these bogus bounced messages, if someone received spam that was sent out using my address and blocked it as spam, would they then be blocking anything that legitimately came from my address?

We are doing business that frequently includes email messages and I wondered if, by chance, our clients could be inadvertantly blocking our communications.

Individual users might block an address, but email providers don't usually (probably never) block any email just based on the From address given for the sender, knowing that those are not reliable and are easily spoofed. We don't do it at EarthLink.

Email Guy

Posted by: Bob   |   April 15, 2008 11:41 PM    |   (6)

All the spam messages I have been receiving end in *.ru. Why isn't the blocked sender feature set up so I can just block everything ending in *.ru?

This may be helpful.

Email Guy

Posted by: Linda   |   December 13, 2009 3:16 PM    |   (7)

I just want to say that here it is Dec. 2009, and I've just started having the same problem, so I wonder if there has been any progress in stopping these people who use our addresses for spam?

Posted by: Patrick   |   November 11, 2010 1:50 PM    |   (8)

November 2010 and I've started having the same problem. Has there been any progress with BATV?

Posted by: KSA   |   March 12, 2011 8:55 AM    |   (9)

I am now having this problem. The volume is unbearable. Is there anything Earthlink is doing to stop / avoid this and, if so, what? How can I stop this?

I clicked on the link in the prior message to report, but it is a dead link. What about BATV? Anything else?

Deleting the emails is treating the symptom, I want to stop the problem. How do I stop this?


Posted by: gina   |   March 16, 2011 2:40 PM    |   (10)

Starting just last week, I've been receiving a LOT (@100/day) undeliverables emails I did NOT send out!! What to do????

Posted by: rholambda   |   June 29, 2011 1:10 PM    |   (11)

I'm being inundated with these as well, and I'm getting phone calls from friends who are receiving these messages. Short of deleting the entire account, what can I (or you, more to the point) do to stop this? Waiting doesn't work -- the bounced messages stopped for about a week and now they're back.

Posted by: Mike P   |   October 11, 2011 2:28 PM    |   (12)

Getting killed with these things as well. Started about 3 days ago. It's an even bigger pain b/c they are cluttering up my blackberry as well. Since playing the waiting game does not work, what the heck is Earthlink doing to fix this short of changing e-mail addresses (another PITA)? I thought about blocking the offending Earthlink exchange servers but that will stop legitimate traffic from going through. What to do, what to do??????

We are actually about to finally release BATV to stop this problem. It's described in the post above, and we will finally have it. It should happen in the next month or so.

Email Guy

Posted by: J S   |   September 2, 2012 12:38 PM    |   (13)

I have been receiving a ton of these spoofed return emails in the past few days. What can I do to stop them?

Not much, but it is almost always temporary and will stop on its own.

Email Guy

Post a comment Back to MAIN

Please read the Ground Rules before submitting comments.

Please check the FAQ (Frequently Asked Questions) and try the Search feature before posting a new question. If your question is answered in the FAQ or in a recent article on the front page, it might not get published.

(All blogs get tons of automated spam from robots, so unless you answer this question, your comment will automatically be considered spam and won't be posted. Type human, one word, all lower-case letters.)