No doubt, some of you have received the strange messages that look like they are "bounces" from mail systems for messages that appear to have been sent from you to somebody else but contain spam. These are, unfortunately, not that strange of an occurrence. Over the past couple of years, as the spam wars have escalated and receiving systems have become more adroit at identifying spam, spammers have increasingly turned to using legitimate return email addresses for their spam.
This practice has a number of very annoying effects:
- Email sent to bogus addresses (email addresses that don't exist on the receiving system) generate bounce messages back to the unsuspecting individual whose account was used for the spam.
- Owners of the legitimate email addresses often receive angry and disturbing emails from users who received the spam and hit reply to complain about it, expecting the message to go back to the spammer. However, it goes to the victim of the email hijacking.
- Under some circumstances, the use of a legitimate email address for spam may cause all email messages from that address to be rejected by an ISP due to anti-spam software that they are running on their systems. Of all of these problems, the last is probably the most significant, as an unsuspecting user can suddenly be subject to their emails being dropped unceremoniously by the recipients ISP without the knowledge of either the sender or the recipient, just because the ISP believes the account to belong to a spammer.
All of these problems were causing pain to our mild mannered graphic artist- cum-internet sluth before he finally became frustrated with his ISP's lack of action and went looking for the source of his pain himself. It took "hundreds of hours", but he finally determined that this account was being used by notorious spammer Eddy Marin.
Eventually, the user managed to get Marin's new ISP account shut down (with the help of Marin's ISP), but there is no guarantee that this problem will not occur again.
Annoyingly, the key issue here is that you can never really tell where your email is coming from. Although some ISPs have actively worked to make sure that their users don't create spam, the internet doesn't have any technical requirements that your return email address have anything to do with the system you are sending the email message from. This is helpful in some cases, such as when you need to send an email from your laptop when visiting another country but must use the ISPs email server. If there was a requirement that you use an email account on that server as a return address, you would have to maintain that account for as long as you might possibly be receiving mail back from the people you sent the message to originally (or anyone to whom they forwarded said message). Instead, using current mechanisms, you can just leave your return address the same but use a different sending email server.
However, this bites both ways and a spammer can use any ISPs mail server to appear to send email from almost anyone (just try setting your return email address to "firstname.lastname@example.org" for fun and sending messages from George W. Bush. (On second thought, you'd probably be asking for it from Mr. Ashcroft).
Either way, it's good to know that the little guy can win some times. Hopefully somebody will provide some further information on how the victim was able to track down his nemesis so that more people can do the same. Maybe not... that'd be just another escalation.