Spammers rarely send their unsolicited messages using their own email address in the From field. Not only would this reveal their identity, but it would also allow recipients to write angry replies. (You can still find out where the spam email originated, though, and complain to the spammer’s Internet Service Provider.) Authors of worms and viruses desire the opposite of what spammers want, but the result is similar. For infections to spread, social engineering is essential, and the crucial point is that the malicious code appears to come from a friend or trusted source. At the same time, the From line should not contain the email address of the infected computer’s owner. The reply from a virus filter notifying them that their computer was infected could alert them. That’s why worms put real, but random addresses in the From line. They usually pick them up from the email clients’ address books. Both spam and worms don’t care who the recipients of their — hopefully millions — of replicas are, the messages often go to email addresses that are inactive, full or have never existed.
When, How, and Why Delivery Failure Reports Are Generated
Since email delivery usually works (or at least did before overzealous spam filters started blocking legitimate mail), success is not customarily reported, but failures are. For instance, if you mistype an email address, you often receive a detailed, not always easy to parse but usually alarming “delivery failure” message.
Ignore Delivery Failures of Messages You Did Not Send
Now, what happens if a spammer or a virus decides to put your email address in the From line can be annoying, disturbing, or disastrous. If the messages claiming delivery failures of emails you did not write (sometimes, these bounces of emails you did not send are called “backscatter”) don’t come in the thousands, it is usually best to ignore them. There is little you can do. (If one of the return messages includes the complete headers of the bouncing mail, you can parse them using a spam analysis tool like SpamCop to find where it originates and then inform the ISP that one of their users has a virus. We don’t recommend that, though. It will be of little use and consumes additional time and resources. In the case of returned spam, it can be useful to alert the ISP where it originates, though.)
Scan Your Computer for Viruses and Worms Nevertheless
If you do not have a virus scanner installed and can’t rule out that your computer is infected by a worm or has been turned into a spam zombie, check your system for viruses (for free) before ignoring the delivery reports. If you get a few hundred of the delivery failure messages per minute, you should inform your ISP so they can filter them out to avoid having your mailbox clogged.