Spammers Send Illegal E-mail Via Spoofed Addresses
I'll be one of the first people to tell you, I HATE SPAM AND REALLY DISLIKE SPAMMERS. I hate spam even more when the spam is sent using a spoofed e-mail address belonging to one of my domains. If you happened to reply to spam sent to you and you received back a message leading you here, then you were probably spammed by a spammer who illegally used an e-mail address that did not belong to him or her (for exceptions to this rule, see "Clarification" note in 3rd paragraph).

What is Spoofing?
Spoofing is the use of e-mail addresses belonging to other people without the owner's consent. Spoofed addresses may even be fake. When you reply to a fake e-mail address, sometimes you get a bounced message reply from the mail server depending if the server is configured to send a bounced message. Spammers use the addresses without the consent of those site owners or those owners of the e-mail addresses, “generally speaking.” Spammers can even use e-mail addresses that appear to come from the owners of Google, Yahoo, Microsoft, or any big name out there. It's very simple to send unsolicited commercial e-mail (UCE) containing spoofed addresses not belonging to the spammer. For obvious reasons I will not disclose how they do this.

Clarification for “generally speaking”: Not all bounced messages leading you to this page means that the message was spam. Case in point: You might have sent a legitimate e-mail message to a misspelled e-mail address. This too might get you a bounced message leading you here. In which case, either send your legitimate message again to the correct address or submit your questions/comments through the site's mail form. Of course you would have found this page if you happened upon a link on another Web site (or within this site) leading you here.

Problems Caused By Spoofing?
All UCE messages sent with my e-mail addresses in connection to domains under my control are spoofed. This causes problems for me (or anyone else who is victim) when spammers spoof addresses. First, bounced messages use up server system resources needlessly. I don't know about anyone else, but I REALLY do NOT want my server dedicated to handling crap like this for these Internet criminals sending spam tied to my domains. Second, it leads some people (who received the UCE) to my domains. The recipient of spam might think I am the spammer if my domain is contained within the e-mail address of the sender. Spammers would rather someone else take the blame so that they don't get angry threats or get discovered which can lead to legal judgments against a spammer.

It's even more frustrating because we victims of spoofing can't stop spammers from spoofing our addresses. Every domain name owner can potentially have their e-mail addresses spoofed for use in sending UCE. However, you do not need to own a domain name to be a victim. It's possible for people who use e-mail to have their own e-mail addresses spoofed too. Once a spammer gets hold of your e-mail address, it's very simple and easy to include your address as the sender. You can't stop them; at least not easily without legal court proceedings. That's made even more difficult to fight when the sender of UCE (a.k.a. spam) lives in another country.

Next time you think you know the source of a spam message after seeing the sender's e-mail address, think again. Spammers do not want to get caught. Spoofing is used to cover their tracks. As much as I hate what spoofing and spamming does, it's likely not going to stop any time soon. If every single person would ignore these spam messages, spam would stop. Sadly, there are still enough recipients who answer spam messages by buying the products advertised in this manner.

Author: Curt Dunmire
Author's Link:
About Author: Curt Dunmire is the publisher, director and owner of; an advocate on topics such as the fight against spyware and extolling the benefits of JavaScript. He has been Webmaster to clients since 1996 helping them establish online business identities as well as a previous full-time CAD drafter using various CAD platforms.
······ Copyright © 2006– by ······
Copyright & Legal Disclaimers Privacy