It wasn't Me!

I got a couple of emails today from an email postmaster account. They told me that an email delivery had failed. I read the original email, and it was NOT from me. All it contained was a web link (to a site that was probably pornographic or worse). Because of my years of experience using computers, I did NOT follow the link. The more experience you have, the harder it is to sneak up on you.

failed delivery

message from postmaster

I didn't panic. That's the first thing to avoid, panic. I knew the message was not from me. I examined the original email in more detail. I asked my email program, Thunderbird, to show me the the details for the full header of the attached original message. The header has lots of technical stuff designed to tell Thunderbird how to handle the message.

email headers header info

One detail happens to be the actual originating internet address in the form of a number like That address is the one attached to the computer which actually mailed the message.

I went to the Internet to do a search for that IP address. popped up at the top of my search for "whois." "Whois" is an internet tool offered to us users to identify where domain names or domain IP addresses are located because big blocks of addresses are assigned regionally. In this case, seen at the bottom of the next image, the sending computer is in or close to Bangalore, India.

IP Lookup

I don't live in Bangalore. Many fine people certainly do live there. However, somebody who is NOT a fine person spoofed my email address and sent a message as if it came from me. Sadly, that's the nature of SPAM (unsolicited, usually bulk emails sent to a bunch of people at once). Senders of these unfortunate messages hope to make money by getting you to think a friend recommended a particular site. The fraudulent message sender pretends to be you by using your email address. They hope you will carelessly just click the link without pausing to wonder if your friend actually sent it.

Fortunately the people who were listed in the "failed delivery" notice from the email postmaster didn't get the SPAM link. However some people may have gotten the fraudulent email. I did not recognize the rest of the addresses to which the fraudulent email was sent. Those addresses were harvested from somewhere else, not my Thunderbird email program or my own computer. I do not know any of them. That's another clue you can use to stop yourself from clicking the link. Most people write to one or two friends at a time. Even when someone forwards a cute joke, the list is probably people you also know. If the list is all strangers. That's a big clue that the message is SPAM.

If you get a SPAM message, and it seems to come from someone you know, it is a friendly thing to send the apparent (though spoofed) sender a kind heads-up. Tell them not to panic, though. Their email was harvested from somewhere. Some earlier versions of the Microsoft Outlook Express email program were particularly prone to harvest of addresses when a virus was on the computer. It may also be that the harvested emails no longer work because those users have moved on to new addresses.

If my email address is used too often by spammers, it will get listed in a "block email" list. If it happens to you, you might get a message from your service provider telling you that you cannot send email because you are on the list. They have a procedure to "clear your name."

Oh, and do let me know if you ever get a fishy email from my address.