Why am I getting "undeliverable" email about emails I didn't send?



Spammers often use a real address from their list as the "from" address when they send out mail. The from address looks like a "real" address (because it is), and if the recipient recognizes that address, he or she is more likely to read the spam. Another perk for the spammer is that using random addresses as the "from" address keeps people from just blocking all mail from the spammer's real address (because they never see it), and it cuts down on the hate mail that the spammer receives.

When a spammer sends a message to millions of addresses, hundreds of the addresses will not work because they no longer exist or the mailbox is full. So, hundreds of "Non Delivery Reports" (NDRs or "bounces") will be sent to whoever's address was used on the spam messages "from" line. These bounces are called "backscatter".

Getting backscatter doesn't mean that your account has been hacked. When sending email, you can actually set any "from" address. For example, when you send mail from your home machine you say that it's "from" you@seas.upenn.edu, but the mail didn't originate at SEAS. So, the spammer can send mail from anywhere in the world and say that it's "from" your SEAS address.

Unfortunately, spammers tend to send out a few million messages "from" one address, and then go onto another "from" address. So, people often receive a few hundred of these bounce messages all at once, and then everything goes back to normal until next time. Once a spammer gets your email address, it's impossible to prevent your email address from being used in this way.

For details about how to block backscatter, visit the Answers article on backscatter.

© Computing and Educational Technology Services | Contact CETS
cets@seas.upenn.edu | 215.898.4707