Spam/virus writers these days use a technique to hide the real sender of a spam or virus so that it is more difficult to track back to the original sender. This technique is called "spoofing". A "Spoofed E-mail" is a mail message that appears to come from someone else, not the person who actually sent it.

If you were to respond to an email that had a spoofed sender address, your response would not go back to the person who actually sent the message to you. Instead, it would go back to the person whose name was "spoofed" as the sender of the email, which could be anyone! 

A side-effect that occurs when viruses use spoofed e-mails is that messages/errors are sent to the wrong people on the Internet. Anyone who has an email account - whether for work or for personal use, should be aware of this side-effect. You should understand how email spoofing works, be familiar with the side effect of email spoofing and know what you need to do if you receive one of these "misdirected" messages.

How does it happen?

Let's use this example of a person (Joe Schmoe) who is infected with a virus that uses "spoofing" to hide the real sender of the virus:

Joe Schmoe's machine at home is infected with a virus (A). To try to send to as many valid addresses as it can, the virus gathers email addresses it finds in Joe's address book (B) and creates a new list (C). In addition to email addresses Joe had in his address book, the "Virus List" also contains email addresses created by parts of real addresses found in the address book and well-known domains (like @hotmail.com and @yahoo.com, etc.) and well-known usernames (like Joe, Bob, Mary, etc.).

The virus then uses names on this new "Virus List" (C) as the recipients of the virus as well as the "From" addresses of the virus. So even though Joe Schmoe's machine is the one sending the viruses out, the "From" address on the viruses appear to be from someone else.

When the virus is sent to the intended destinations (D and E) sometimes errors occur or anti-virus software/spam filtering software returns a message (F). If spoofing wasn't being used, these messages/errors would go to the sender of the email, but in this case the sender of the email has been "spoofed" to appear to be someone else. So that person (G), Bob@work.com would get the message/error back from the system NOT Joe Schmoe.

The Side Effect

These messages/errors that are sent back to the "sender" of the email could be just about anything. It could be a message informing the sender that the user does not exist, their mailbox is full or you do not have permission to send to that user. It could also be a message from anti-virus software informing you that you sent a virus and that the message was deleted. We can't show you all messages that you could possibly receive as a result of viruses using spoofed emails, but here are two examples:

• This is an example of an error message that came from a mail server telling the sender that that email address is invalid:

• This is an example of a message from anti-virus software telling the sender that they sent a virus:

It could be quite confusing to receive these types of messages since you were not infected with the virus nor were you the one who sent out the spam/virus to begin with. Your email address was innocently used as the "From" address and therefore you are the one getting these errors or messages, not the person who sent them out!

What do I do?

It is quite difficult and not worth the trouble to determine who sent the original virus/spam out. Most likely, the person realizes they have a virus and are cleaning their machine already.

If you receive an email with an error or a virus notification that indicates you sent an email to someone when you did not, the best advice is to ignore it and delete it from your inbox. Unless you feel that "spoofing" as described above, is not the cause and there could be something else going on, you do not have to report these types of "misdirected" error messages, since the problem is not on your machine or with your email account.