This morning at around 11am, I noticed an unusually high number of emails in my Gmail spam folder. I had a quick look and saw there was a lot of ‘Mail delivery failed: returning message to sender’ emails – not unusual, but in this case there were literally hundreds of them. As I was watching, the number increased. A bit over five hours later, I have over 21,000 bounces – so around 3,600 bounces per hour.
Turns out someone got a hold of my Gmail email address, and decided to make it (and my name) the ‘from’ field for a new spam campaign for their latest scam – http://tinyurl.com/moneyonline2010 (deliberately not linked). The email is as follows:
Thought id share a link that helped me and my bank balance out!
Finally an easy way to make $1000 every day , without further hype check out the link below
To your success online
If you have received that email, please note that I am not sending it to you – someone is forging the ‘From’ header so it simply looks like it is coming from me.
Believe it or not, this is how the email system works – anyone can send an email claiming to be from anyone else, from any email address. Most email clients should let you do this – you can send as anyone, but obviously if someone hits ‘reply’ and sends something back, it will go to the person you’re pretending to be (if you used their actually email address, anyway).
Almost all of the bounces appear to be from a mail server that is rate limiting the send, as they all have the text: “Domain bristolz.co.uk has exceeded the max emails per hour (500) allowed. Message discarded.” So that’s at least some good news, in that it means ‘only’ 500 spams are making it out into the world with my name on it.
My first thought was that maybe my Gmail had been hacked and someone was actually sending these emails through my account, so I had a quick scan through to confirm this was not the case. I thought it was unlikely anyway as I assume Gmail have filters and limits in place to prevent people sending that many emails per hour.
– none of these messages were present in my sent mail, or IMAP sent mail
– ‘Last account activity’ indicated no-one other than me had logged into my account
I have contacted firstname.lastname@example.org, which appears to be the ISP that owns the originating IP address (I will be amazed if I hear back), and I’ve also contacted tinyurl.com (as their terms specifically prohibit using their service for spam). In the meantime, sorry – but it ain’t me and it ain’t my fault!