Client Login


   Cheap Shrills

   NY Yankees


Join EFF!


Mysterious Email Returns

Unless you lead a very sheltered life on the Internet, you have probably been receiving a good number of returned emails of late, which have left you scratching your head, as they are emails that you never sent in the first place. Or possibly they are telling you that an email you sent was rejected because it had a virus -- which has thrown you in to a paranoid fit. Typically there's nothing to worry about when this happens, as all these returns are bogus. Following is a short explanation of what's going on here -- but first an important caveat. We're assuming that you do in fact have a "clean" system because you do keep your antivirus programs and files up to date (for more on that subject, click here). If that's NOT the case, however, you best get your house in order first before worrying about all these returned emails!

OK, now that we have that out of the way, here's what is really happening. The more clever viruses these days forge the "from" address when they go to spreading themselves via an infected computer. Say for example that Bob's computer gets infected with one of these viruses. The way it spreads itself is by using Bob's computer to mail a copy of itself (the virus) to everyone in Bob's email address book. And when it creates these emails, it grabs an address at random from Bob's address book and uses that address as the "from" address in the email that contains the virus. For example, say Bob has listed in his address book Carol, Ted, and Alice. The virus will pick one at random -- say Carol -- and then send out emails using Carol's name as the "from" person to Ted and Alice. So when Ted gets the virus, he thinks he got it from Carol, as that's who is listed as the "from" in the infected email. But the reality is that it actually came from Bob's computer -- Carol is totally innocent!

And that's just the beginning of the confusion. Another thing that happens is that inevitably there are invalid addresses in the address book of the infected computer -- in our example, say that Alice's address in Bob's address book is invalid (she may have changed her address, for example). What happens in this case is that the virus on Bob's computer sends out an email to Alice with the "from" address being Carol. But when the internet mail system tries to deliver the message to Alice, it discovers that this is not a valid email address, and thus returns the email to the "from" address -- in this case Carol. So now Carol gets a returned email that indicates that she had attempted to send an email to Alice -- when in fact she never did! It of course originated off Bob's computer, not hers.

And there's yet another type of returned email that can pop up here. A lot of email servers these days pre-screen emails for viruses, and if they find an infected mail, they go in to vigilante mode and return the email to the sender with a nasty note telling them that their computer is infected with a virus. So in our example, if one of the people in Bob's address book is using an email server that does this type of screening, poor Carol is now going to get an email from that server telling her that she has an infected computer! Even though she again is totally innocent.

So..... what can you do about all this? Pretty much nothing, unfortunately -- as it's all out of your control. But at least now you know why all these returned emails are showing up, and that it's nothing for you to worry about. Just delete them along with the rest of your spam!

November, 2002