I’ve been getting hundreds and hundreds of returned e-mails I didn’t send. Is there anything I can do to stop this?
A: Sadly, no. It is trivial to fake a return address in an e-mail, which is why spammers have been doing it for so long — we’re all more likely to open and read a message if we think it came from a friend or a family member.
Just in case, your first step should be to scan your computers for malware that could have sent out that spam. Microsoft’s free Microsoft Security Essentials (microsoft.com/securityessentials) is a good choice. For a one-time check, you can also try the free version of MalwareBytes’ Anti-Malware (malwarebytes.com). If you have a Mac, the odds are low that you got hacked, but the free ClamXav (clamxav.com) can double-check for you.
But it’s less work for a spammer to copy your e-mail address in the usual ways and simply staple it onto their next round of junk e-mail. (Most consumer e-mail services don’t let you send mail from a different address until you can confirm that you own that second account, but that’s only because they’re being good Internet citizens.)
If that happens, your first hint of what went on will probably be the same flood of bounced messages that this reader reported.
And there’s not much you can do besides delete them all. Even if you can find the actual account used to send those messages, the spammer will have moved to another by now — blocking it won’t help. You can only hope that friends spammed by “you” are smart enough to know that it wasn’t your fault.
The recent breach of Epsilon Data Management’s database of names and e-mail addresses might make this problem worse. Spammers could use those records to send messages that not only appear to come from a known, trusted e-mail address but also a trusted name.