First of all, if you get an email from me that starts out with something like, “You’re not going to believe what I found!” with a link to click – don’t be a freakin’ idiot and click on it. It’s spam, it’s full of viruses, and it’s not from me!
This is true much more universally, of course. It’s not just emails from me but from anyone you might know or any company that you might deal with. It’s not just now when I’m still fighting the lingering remnants of a household computer virus infection back in April. A little bit of common sense will go a long way here.
While my email and other online accounts have been re-secured and seem to be free of malware (I’m now paranoid and obsessed about checking) it seems that the basic email address has gotten added to a list of addresses used by some spambot network. This leads to spoofed emails, where the “from” address is faked to show my information. Even if the email isn’t sent to someone that I know (the worst of that seems to have passed), when the email gets recognized as spam and bounced back to the sender, the internet thinks that I’m the sender.
I always know when this happens. In the course of two or three minutes, the spambot (which is controlling an infected computer in some other random part of the world) sprays out virus-filled spam. Some of it might get through I guess, but most of it bounces back to me and ends up automatically going into my spam or junk mailbox.
Sometimes the spambot network goes for days and weeks without any activity using my email address and I always just about get myself lulled into a sense of security, hoping that it might have finally stopped. Then it starts up again and I might get three or four “bursts” of email spam kicked back to me in a day.
It really, really pisses me off.
I’ve searched high and low but it doesn’t seem that there’s any good way to stop this. One could, in theory, start examining the header information on every single one of these emails and try to trace back to where they really come from. One could, in theory, then contact that ISP, wherever it might be (Turkey and “the Stans” seem to be extremely uncommon) and ask them to block that account. They won’t, and by the time you do their work for them and give them the information, that burst will have stopped on its own anyway.
The only two decent pieces of advice I’ve seen regarding this are:
- Close that email address and open another one. That’s not going to happen in this case – I have WAAAAAAY too many things that go to that account. Switching everything over would be a full-time job and a logistical nightmare. Plus, it’s a really old domain name with a touch of geek street cred to it, so there’s no way I’m letting that go if I can help it.
- You can create a set of filters to identify the bounced messages and simply delete them without ever letting them show up in your mailbox. This doesn’t solve the problem, it just is a way to digitally bury your head in the sand, put your fingers in your ears, hum really loud (“Stars & Stripes Forever” is especially good for this), and ignore the problem.
To a certain extent this reminds me of our “solution” to the deluge of phone telemarketers and robocallers. We cancelled our land line, simply turned it off. They can robocall until they’re blue in the face for all I care. There’s no there there for the phone to ring in.
So I give up on doing the “right” thing of trying to stop the spoofing. It’s being done completely out of my control or my ability to hope to control and I can’t be responsible for all of the frustrations and evil in the world.
Tonight I started setting up filters in Gmail to simply send these messages into the twilight zone before they ever get to my inbox or spam bin.
You can’t always get what you wanted, but…