Backscattered?

Are you seeing a bunch of email bounces in your inbox - bounces from emails that you never sent in the first place?

For example:

From: Some System Administrator
Undeliverable
Subject: Your message "Swanky Rolex Watches" could not be delivered
Error 1234; see attached for details

I am.

Fortunately, it (probably) doesn't mean that somebody has hijacked your email account and is sending email as you, getting rich from selling swanky Rolex knockoffs. There's always a chance your email account has been hijacked, no matter how remote; however there is NO chance anybody's getting rich on swanky Rolex fakes. Is there? Hmm...does anybody really buy fake Rolex watches, besides maybe duped characters in sitcoms which of course aren't real people (except for The Simpsons). Or maybe costume designers for TV and movies? Which I assume has to be a very narrow market. But I digress.

It's called backscattter or "collateral spam," and unfortunately it's the next wave of trouble we can expect from email on the internet.

Backscatter is a message you receive, informing you that email you did not send was not delivered to someone you do not know. Spammers or viruses send out mail forging your email address in a the reply-to, knowing that it will get blocked by anti-spam firewalls. (Note that this is different than hijacking your account - hijacking means that somebody has real access to your email, sending messages through our own network surreptitiously. That's a far worse situation).

Spammers are banking on the fact that there are so many improperly configured mail servers and firewalls which will accept those messages and generate Non-Delivery Reports (NDRs, or bounces) to the forged address in the reply-to. That's you.

So, this is an indirect way of sending spam, relying on social engineering. I'm sure a lot of people see these "Message could not be delivered" emails and open them - after all, it could have been an important email you sent which never got delivered. But instead you've just been tricked into opening spam.

And these messages pass a lot of firewall test because they're non-delivery reports. The email subject line itself generally doesn't contain anything which looks like spam, and the actual message is often contained as an attachment.

For now, all you can do is grin and bear it - and keep hitting the delete key. If you want to learn more about this subject, have at it here or here.