home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   

Why that spam message didn't come
from where you think it did.

STOP. Take a deep breath. Relax.

If you were referred to this page in reply to a spam complaint you have made, it is probably because you have complained to the wrong party — the From: address in spam is never an accurate indication of the actual source of the message, and in fact points to an innocent person who had nothing whatsoever to do with the spam. I'm sorry, but them's the facts.

Spammers are not just overly-pushy sales people. They are CRIMINALS. They use all manner of illegal and unethical techniques to send their mailings, and the rackets they promote are often criminal in nature. Their messages are generally infested with lies and misdirections, both in the technical details of the message as well as in the message text itself. Even the information they give as to the origins of their messages is usually quite bogus.

Spammers DO NOT use their real e-mail addresses (if indeed they have such) in their outgoing messages, because this would be foolish for them; they could be immediately and definitively traced, and then stopped and punished.

If spammers could get by without providing a from-address of any kind, they would probably do so. Unfortunately (for them), most modern e-mail services require that the sender give at least what looks like a valid e-mail address in the From: field (or, to be more specific, in the Return-Path field) before they will accept a message for delivery. If the spammer doesn't do this, his messages will be rejected by many mail servers.

The spammers' solution to this problem is simply to steal or make up e-mail addresses to put into the Return-Path: field. Mail servers generally do not do any kind of reverse check on these addresses; they only test them to see whether they look like e-mail addresses (that is, ‘x@y.z’).

When spammers forge Return-Path: addresses from other (innocent) domains, they expose the legitimate users of these addresses to burdensome (and sometimes frightening) attacks on their e-mail inboxes that can go on for many days, and that can even recur after some months or years (if the spammer decides to hijack the addresses again). Here is what happens:

  1. Millions of spam mailings go out all over the world, each bearing a false Return-Path: address.
  2. Some of the messages will be bounced (because the To: address does not exist or cannot be delivered to), and hundreds or thousands of delayed bounce messages (‘MDA bounces’) will be sent back to these forged addresses. This places a severe strain on the e-mail resources of these innocent parties. Delayed bounces are considered a poor mail-system management practice for this very reason, but many internet providers still employ them.
  3. Individual recipients who do not understand how e-mail works will send angry spam complaints back to these forged addresses (i.e., by simply pressing the "Reply" button), which represents a completely pointless source of aggravation for the legitimate users of these addresses.

Many domain onwers use their domains for business purposes, and they work hard to maintain a reputation for honesty and ethical behavior (including the avoidance of spam and the kinds of "products" it promotes). Unfortunately, the spammer can severely damage their reputations by forging their addresses or domains into his mailings, and there is absolutely nothing that the the legitimate users of these addresses can do about it.

Fortunately, most savvy people (including you, now) know that from-addresses are very easy to forge and do not prove anything about the actual source of spam mailings.

So, who did send that spam message to you, and how can you complain to them? The short answers to these questions are (1) you generally can't trace the spam back to a single identifiable individual, and (2) you can't complain to them, nor should you really try, because (remember?) they are CRIMINALS. You may find the longer answers to these questions by studying the phenomenon of spam, and a good place to start would be the home page of this site (http://www.rickconner.net/spamweb/).

Thanks for taking the time to read this page; if it has caused you to reconsider hasty reporting of spam via the “Reply:” button, then it's job will have been done.

 home | legal stuff | glossary | blog | search

 Legend:  new window    outside link    tools page  glossary link   

(c) 2003-2008, Richard C. Conner ( )

08995 hits since March 28 2009

Updated:Thu, 26 Jun 2008

Document made with KompoZer