Ever had email messages bounce back to you when you didn’t sent them in the first place?

Spoofing - pretending to be someone elseFrom time to time you may receive emails that appear to be notifications that an email you have sent could not be delivered. You may quite possibly receive several of these in a short space of time. This is a rather puzzling and disturbing phenomenon. Your first reaction is, quite possibly, to think that your email has been hacked and that someone is sending messages from your account. It is definitely worth changing your email password just to make sure that the account is still secure. If you can’t get into it because the password has been changed then you are in a spot of bother and you will need to contact your email provider (Gmail, or Hotmail, for instance, or your own internet provider if you use their mail servers).

Another possibility, though, is that your account is still intact and that what has happened is that someone is sending out emails from somewhere else and pretending that they came from you by changing the “from” details in the header of the email. This is called “spoofing”. They have “spoofed” your email address.

How can this happen? It could be that someone that you know has had their email hacked. Your email address has been stolen from that person’s email. The hacker then sends out emails to the email addresses found in the account, spoofing the sender’s name by taking one of the addresses found in the account (in this case, yours).

If the hacker steals, say, 50 addresses, and sends out emails to all of them then 10 may bounce. Those bounces will come to you and you will wonder what’s happening. The phenomenon of receiving bounces in this way is known as “backscatter“. So, “backscatter” is a by-product of someone “spoofing” your email address.

This is not the only way that it can occur. You will send your email address to many people over time. If you’ve created an account on a website, for instance, and given your email address (possibly as the username for that website) then your email address can be stolen if that website is hacked.

What can you do about it? There’s no way that you can actually prevent it from happening. After all, you don’t have any control over the many individuals and organisations that have your email address – legitimately or otherwise.

No SpamThere are some things you can do, however, to mitigate the problem. To begin with, register a “disposable” email account with someone (Gmail or Hotmail, for instance) and use that email address for unimportant logins that you could afford to lose. Then, if that account starts getting overwhelmed with backscatter (or, indeed, other forms of spam), you can just stop using it.

If you have your own website, it is a good idea to publish a contact email address on the website that is disposable. The email address I publish on my website is only used on the website. If I start getting inundated with spam to that address (including backscatter), I’ll simply change it for another one and not check for email addressed to the older one any more.

Abine - Masking Email AddressAnother thing you can do is to use the services of a site such as DoNotTrackMe. Using the email aspect of that service you can use a unique, disposable, email address when signing up for an online account. Email to that address is forwarded to you and the sender never knows your real address. If you start getting spammed or get backscatter you simply stop the emails to that address from being forwarded to your real address. I’ve been testing this for a month or two and it seems to work. I must confess, though, that I feel a bit queasy about it as I’m depending on the service provider always being there and continuing to forward masked email to my real address.

In practice – although I can’t understand why this should be the case – it seems to be usual for backscatter to happen only occasionally. You would think that the problem would get worse and worse as the bad guys keep re-using your email address, but it doesn’t seem to happen that way.

It could be that just understanding what is happening when you get backscatter will be enough for you to accept the minimal nuisance of it happening to you, without getting too paranoid about your cyberlife. In other words, just doing nothing except deleting backscatter as it arrives may be the best policy.

@ sign on a trampoline - bouncing email…..and what you can do about it

What is a Bounce?

If an email message can not be delivered to the inbox of its intended recipient then it is said to “bounce” – ie the sender receives a message advising that delivery failed.

Bounces that aren’t

The first thing to do when you receive a bounce message is to identify the message that wasn’t delivered. There will be a reference to it in the bounce message. If there is no reference to any message originated by you then be careful as this may be spam or a virus and not a bounce at all. In particular, don’t open any attachment if you’re not sure that this message is actually a bounce relating to a message you sent.

Another possibility of a bounce message that did not originate with a message sent by you is known as “backscatter“. Spammers are able to make their messages look as if they came from completely innocent and legitimate email addresses (eg yours). If the spam they send out is bounced back then you will receive that bounce even though you had nothing to do with the original message. It’s an unsettling experience, but all you can do is delete the bounce message.

Real Bounces

A real bounce will refer to a message you sent. If it is a “hard bounce” (the message was rejected by the email server to which it was sent) then you will probably receive the bounce within a minute or so of sending the doomed message. If it is a “soft bounce” (accepted by the email server but ultimately undeliverable to the recipient) then it may be days before you receive the bounce as the server may have made several attempts to deliver it.

To determine what you can do about a bounced message, you need to look for intelligible phrases in the bounce message:

Some common phrases to look for amongst the gobbledegook are:

user not found
not our customer
mailbox not found

All of the above – and others like them – are suggesting that the recipient’s server accepted the message but then couldn’t deliver it to the user because there is no valid user with that username. The username (more properly known as the “local mailbox part”) is the part of the email address before the “@”, so in “fredsmith@example.com” the user (local mailbox part) is “fredsmith”. The cause of this error is very likely to be just a spelling mistake or typo (wrong key hit) on your part. Alternatively, the email account may have been closed so that email address won’t accept any more messages.

The pedant in me insists that I point out that, in theory, the local mailbox part is case sensitive. In other words “FredSmith” is not the same as “fredsmith”. In practice, I have never come across an email failing to get through for this reason. Bizarrely, the “domain name” part of the address (the part after the “@”) is not case sensitive, so “Example.com” is the same as “example.com”.

If the bounce message includes a phrase such as

quota exceeded or
mailbox full

then the user has filled up the disc space that they are allowed to use for email and must move or delete some of it before they can accept more email. If you need to get your email through then it’s often quickest to phone the recipient so that they can do something about it. This is an example of a soft bounce. The server may attempt to deliver the message for two or three days before telling you that it failed.

Another common explanation for a bounce is given as

Host unknown

This either means that the domain name (the part of the address after the @) is incorrect or the server of that name is unavailable. For example, the “example.com” part of the email address “fredsmith@example.com” may be incorrect. Check that you’ve got the email address correct and try again. It could just be that the email server is temporarily busy or unavailable. In that case, sending the message again may result in a normal delivery. If I’ve been having a problem like this, but then the message doesn’t bounce on a re-try, I will sometimes send another message asking the recipient to confirm delivery of the first one. If, however, your second attempt results in a second bounce and you are sure that the address is correct then try a bit later (say, an hour or so). If you haven’t managed to get it delivered in a day then it’s probably best to contact the recipient.

There are other reasons for bounces and sometimes a message doesn’t seem to reach the recipient even though you don’t receive a bounce. I’ll be returning to this topic next week.

© 2011-2019 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha