Every spam which goes out has millions of victims. (I hope those lovely people at Hormel, makers of this fine canned pork-and-ham product so beloved in Hawaii and Alaska, accept my apology for the picture or, if they wish to complain, do so to John Cleese.)
When sending out millions of spams to e-mail boxes, the spammer hopes this will become thousands of larger victims, those who respond positively to the spam. By including viruses and other malware in the spam, this "success rate" increases, as many people are infected just by downloading the spam. (I learned this after installing a new anti-viral which checks mail as it hits Mailwasher.)
But there’s another type of victim, as anyone (like me) who has had the same e-mail address for some time (or worse, their own domain) will attest .
That’s the from: victim.
Recently I became a from: victim for the first time in several years. And this attack is the worst yet.
In the past, when I had my e-mail address forged on spam, it was a
single spam. Once the bounces from that spam passed I was clean again.
Today’s attack is different. I’ve been examining the messages inside
the bounces, and this time a big-timer has decided to go after me with
everything they have.
So far I’ve seen a Viagra spam, a generalized "Viagra-like" spam, a
Google re-direct which claims to lead to a Canadian pharmacy, and two
which look like viruses. (But that can’t be right — my anti-viral is
supposed to check on that.) Some are in foreign languages. At least one
is in cyrillic. Some speak of payment in Euros. Here’s one from an
online casino.
I should note that the paragraph above was written in real-time, in the few minutes it took me to examine the messages noted.
The point is each one is different. Except for this. They all use my
regular e-mail address as the return, the one I’ve used for 11 years
now.
What most people do when faced with this is to change addresses. I don’t plan on doing that. But we’ll see.
Meanwhile, if you send me an e-mail in the next few days and don’t get a quick reply, that’s why.
The biggest problem with this, I think you’ll find, are all the mail servers that accept THEN reject those messages, constructing a bounce message back to the (forged) sender address.
Arguably, since the sender address is so often forged (since email traffic reached 90% spam a while ago), such servers should never do that. A surprisingly large number do, and that just magnifies the spam problem.
The biggest problem with this, I think you’ll find, are all the mail servers that accept THEN reject those messages, constructing a bounce message back to the (forged) sender address.
Arguably, since the sender address is so often forged (since email traffic reached 90% spam a while ago), such servers should never do that. A surprisingly large number do, and that just magnifies the spam problem.