Quote:
Originally Posted by cashman
...was a bit concerned about returned that i hadn't sent
|
The big problem with email is that you can specify an email address that is different to the email account that you actually use to send the email.
This is only occasionally beneficial. For example, I'm allowed to send through a server in Padiham regardless of the connection I use for my internet. FreeServe and NTL (now O2 and Virgin, respectively) will not allow you to send email using
their servers unless you are connected using
their service. So if I want to send email from my FreeServe or NTL accounts while I'm at the studio, I have to go through the Padiam server and just
say the email is coming from my FreeServe or NTL account.
Spammers use this to try and make their emails look more legitimate. If someone's computer is infected, it picks up two email addresses in the inbox or address book, and sends to one while purporting to be from the other. Why go to all this trouble? Because there's a
reasonable chance that two people in my address book might know each other, so if one receives an email claiming to be from the other, it's more likely to be opened.
Even if they
don't know each other - what would happen if my infected computer just sent emails with my address on them? The recipient of the spam would just bounce the email and I'd receive the bounce, then check and fix the infection sharpish. By spoofing email addresses, its not me that's getting the bounce, it's someone else in my address book, so I carry on in blissful ignorance of the infection.
It doesn't even have to be the result of an infection. If you use a valid email address for your newsgroup postings (for example), the same thing might happen. You'll end up getting bounces even if your computer is squeaky clean. It wouldn't be so bad if mail admins ran the incoming mails through the spam check
before looking to see if the recipient exists, but until recently a lot of admins didn't even realise the stupidity of bouncing spam mails.