Oxrut said:
I have been receiving emails on a daily basis on my outlook express account
telling me that an email could not be delivered to various recipients in the
Far East from my website email address. Someone has been using my email
address to send spam. How do I stop this please.
Anyone sending e-mail can be whomever they claim for their e-mail
address. Even you can do it in your e-mail client. There are rare few
e-mail providers that demand that the From header must match the
account's e-mail address through which an e-mail gets sent out. You can
claim whatever e-mail you want in your e-mails. So can spammers. So
can malcontents.
So the question is how the spammer got your e-mail address. Been
divulging it in untrusted places? Even when you want to have dealings
with a site, if they are unknown or untrusted regarding their practices
about e-mail addresses, you might want to use a secondary e-mail account
(one you can easily delete and create another), a disposable e-mail
address (Hotmail, Yahoo, etc.), a temporary redirect address
(Trashmail), or an alias to your real account (Sneakemail). After
several months of not getting any spams to that alternate account or
through that redirect or alias, you can then go update your account to
give that now trusted site your real e-mail address (if you feel so
compelled).
If you pick a username that is easily guessed, like for a dictionary
attack, then it becomes trivial that your e-mail address happens to be
the bogus one that the spammer happens to use in their latest spewage.
Maybe one of your known senders has you in their address book and they
are infected. The trojan mailer culled your e-mail address from this
infected host.
NDRs (non-delivery reports) are of dubious value, anyway. They
supposedly tell you when an e-mail that you sent could not be delivered.
So what are you going to do about it? Nothing. You can't. You can't
fix the recipient's mail host. You can't fix the routing used between
your SMTP mail host and theirs. You can't reduce the load on the
recipient's mail host so it can accept your e-mail. You can't change
the retry interval for your mail host. You can't define an non-existing
account for the recipient. You can do nothing to make your e-mail
deliverable. About the only time an NDR is helpful is to let you know
when you misspelled the recipient's email address. How often does that
happen for you? For me, it is such a rare occasion that I could care
less about getting an NDR. Senders rarely misspell their own e-mail
address. They configure it once in their e-mail client and it stays
that way. If they use a webmail agent, their e-mail provider fills in
their e-mail address. So when you reply to someone, it is highly likely
that you are using the correct e-mail address (that they want you to
use). If you send them an e-mail, you're likely to use the record for
their e-mail address that you stored in your contacts list (and that's
the e-mail address they gave you). NDRs have minimal value.
As such, in Outlook, I have a rule that looks for (without the quotes)
"report-type=delivery-status" in the message headers. If found, the
e-mail gets moved into my Junk folder, marked as read, and auto-
archiving on the Junk folder permanently deletes items older than a
week. If I'm waiting for an immediate reply from someone but don't get
it (and I know they're eagerly waiting for it), I'll check the Junk
folder for an NDR. But they aren't in my face in the Inbox folder nor
is even the Junk folder bolded to draw my attention to it (since the NDR
got marked as read).