Q&A: Who is using my address for spam?

Q I have just been ‘returned’ hundreds of apparently undelivered email messages that I never sent, from Gmail to addresses with my own ISP. Original messages give a Gmail message ID, and instruct the recipient to click on an obviously bogus link. What should I do?

A What has happened is that someone, using a mail relay server somewhere to mount their phishing attack, has given your address as that to which such bounces should be returned: a brazen forgery, or ‘spoof’.

Unfortunately there is little that you can do to tackle this yourself. Normally these are self-limiting, and by the time that you have downloaded the hundreds of bounced messages, that phisher will have changed the return address to someone else. However if you are unlucky you could receive thousands of bounces, which could exceed your account limits with your ISP and/or mail server.

You must inform your ISP and mail service provider, just in case there has been a security breach in their mail server or elsewhere, but only send them one example bounced message so that they can investigate. Empty your incoming mailbox as frequently as you can, perhaps using a script to dump these bounces into a folder for safe destruction, until the barrage stops.

Google’s help page on this topic is here.

Comments Hackers harvest email addresses from a range of different sources, sometimes from malware which steals the contents of address books, sometimes from security breaches of online systems and services.

Thankfully such barrages of returned email are normally short-lived, as the hacker moves on to use the next stolen address. However you may find your address being used for several such episodes.

If the flood continues, or repeats frequently, the only solution may be to change your mail address, and shut the compromised one down. Although a major inconvenience, it is preferable to having to cope with many thousands of bounced messages every week. Your mail service provider should be able to advise and help you with this, as it is sadly not uncommon.

Updated from the original, which was first published in MacUser volume 30 issue 07, 2014.