Monday, February 4, 2008

"You" isn't you.

We've been getting a few questions lately about our spam filters. We use Postini to filter out spam, and it does a pretty good job.

But no spam filter is perfect. The more restrictive it is, the more likely it will block a message you want to recieve. I noticed this recently with my Yahoo e-mail: it had taken it on its own to block mail from a bunch of senders I wanted to allow. Luckly, you can just specify the message as not spam and then Yahoo will let it through.

So Postini, like all spam filters, has a procedure to notify you of messages blocked by your spam filter. And each day, Siena e-mail users get an e-mail listing what has been blocked.

If you go down the list, there's a good chance you'll see an e-mail "from" your own e-mail address. We've been getting calls about people who are worried that this might mean their accont has been compromised.

Well, fear not. It is trivial to fake an e-mail address. Back when I was using Netscape mail, you could put anything you want in the "from:" field*. This has become more difficult for the average user, but if you're sending spam, it's ridiculously easy.

Think of the "From:" on an e-mail as the return address on an envelope. There's no way to prevent someone from using your real address, even if you haven't sent the letter.

So why use your e-mail address for spam? There are two general reasons:

  1. Many people put their own e-mail on a whitelist, so that if they e-mail themselves (say, a copy of an e-mail or as a way to transfer files), it will bypass the spam filters. Note, "bypass the spam filters." That phrase attracts spammers like garbage attracts cockroaches. So they develop software to match the "From:" field to the "To:" field. (Postini doesn't consider the "From:" field when scanning e-mail.)
  2. Some spam chooses an e-mail address at random from the list of addressees to make it harder to trace. If it's yours, then you're the lucky one (you'll also get messages that your e-mail cannot be delivered).

So, what do you do? Nothing. It would be impossible to track down who actually sent the message (at least, impossible without getting law enforcement authorities with the right to subpoena involved). The fact that your name is being used is just luck of the draw, and doesn't mean there's anything wrong with your computer or that your e-mail account has been hacked. It can be safely ignored; just delete the message and don't think about it.

*Much of the early software for the Internet was based on the idea that "We're all good people and will play nice," so security wasn't even considered.