Dealing with Spoofed Spam Emails

Is your Inbox full of messages from MAILER-DAEMON? We frequently help our clients deal with spam and junk-filled Inboxes — here’s some info about why this can happen, and what can be done to help prevent it.

Inboxes full of messages from MAILER-DAEMON are frequently the result of non-delivery reports (NDRs) from spoofed spam messages.  A spoofed spam message is an email from a spam mailer that has been masked with your valid sender email address.  When these spam messages are sent to addresses that don’t exist, an NDR is generated and sent back — this is the email equivalent of the post office returning a letter as undeliverable.  In theory, one is sent to the invalid sender address, the other is sent to you.  Since the invalid one doesn’t actually exist, you are the only one to receive it.

Lots of messages from Mailer Daemon or Mail Delivery Systems can be symptoms of Spoofed Spam

Lots of messages from Mailer Daemon or Mail Delivery Systems can be symptoms of Spoofed Spam

Here are some frequently asked questions about Spoofing:

Has my email been hacked? Probably not — 99% of the time your account has not been compromised.

How did the spammer get my email address? Email addresses can be harvested in a number of ways.  The most common are as follows:

  1. If your email is posted on a website, spammers use “bots” to crawl through websites searching for email addresses.
  2. When you sign up for access to a web service, some sites will sell your email address and personal information.
  3. A virus on your machine or on someone’s machine that has your email address on it either as a contact or even just an email to/from you.

What can be done to stop them? Once a spammer has your email address, there’s not too much that can be done to stop them from spoofing their emails with your address.  The messages themselves are not being sent by the spammer but by mail servers doing their job and alerting the sender that the recipient doesn’t actually exist.

How long is this going to happen? Generally spammers use a group of email addresses for about a week and then move on to the next batch that they have harvested.  You will likely still receive them for a few days up to a couple of weeks.

Can’t you block them at the server or through Postini?  Technically it is possible but this can be a double-edged sword.  Blocking messages from MAILER-DAEMON will result in actual NDRs being blocked that you may want to receive.  If you were to send a message that didn’t reach its intended recipient for any number of reasons, you wouldn’t know about it.  Another reason is that not all mail servers will send their NDRs under the name MAILER-DAEMON.

Here are some steps you can take to help prevent this from happening again in the future:

Schedule regular virus and malware scans. By scanning your system regularly, you will help to catch viruses and malware that will harvest email addresses from your computer.  This has the added benefit of making sure that your system is virus/malware free to prevent other issues such as system performance issues and identity theft.

Be careful of where you use your email address: If you need to have your email address posted on a website, use a non-standard format such as John.Smith [at] ControlGroup [dot] com.  This will help to confuse the “bots” that are used to scour websites for addresses.  If you need to register to access a website, it helps to have a separate email account setup for this through a free service such as Gmail.com  By keeping this separate email address simply for signing up for websites, any spam you may receive by signing up will be sent to this email address instead.

Even with taking these steps and being diligent with them, there is always the possibility of someone with whom you have emailed with getting a virus that can collect your email address.  Unless you are prepared to be tech support for everyone that you email with, your best bet is to help educate them on the issue to help save both you and them the headache of being Spoofed.  You can even link them to this blog post to help them learn how they can prevent this from happening to them.