I get a lot of "Mail Undeliverable" messages for email that

I get a lot of "Mail Undeliverable" messages for email that I have not sent. Where is it coming from and how do I stop it?
- Phyllis

This question was answered on November 18, 2002. Much of the information contained herein may have changed since posting.

Under normal circumstances, a “Mail Undeliverable” message means just that; it was undeliverable The usual cause is an old, invalid or improperly formatted address.

In your case however, these are not messages that you recognize sending, so another machine is most likely the actual sender.

The most recent generation of virus/worm code, like Klez and Bugbear, have gotten very sophisticated with their ‘payloads’ (what they do) and they tend to generate a lot of confusion among e-mail users.

Here is a brief overview on what they do, which should shed some light on why you are getting these undeliverable messages.

When a user opens an e-mail attachment that is infected, the first thing that it does is copy itself to the system, then inserts itself into the startup configuration so that it is activated every time the system boots up.

Most of them then install a ‘keyboard monitor’ that records every keystroke to a log and begins sending the log periodically to a remote server (this means all private information, passwords, online banking access codes, etc have been compromised Anyone that has been infected by one of these worms should change the passwords to all secured websites immediately after disinfecting.)

It then looks for the presence of anti-virus software or a firewall program and disables them, which allows it to roam freely in the system (This can give infected users a false sense of security, since there is generally no overt sign that this has happened.)

The next step is to begin harvesting e-mail addresses from the infected hard drive by scouring every e-mail program, word processing and spreadsheet file and various database programs looking for anything with the ‘@’ symbol.

Once it has generated a list of addresses, it begins sending itself to those addresses via its own mail program, so that it will not appear in the ‘Sent’ folder of the users e-mail program.

When it sends these messages, it ‘spoofs’ the return address by randomly choosing one of the other addresses it harvested as the return address, which is most likely where your errors are coming from.

This does not mean that you are infected with the worm; it simply means that someone that has your e-mail address in their system has been infected These worms don’t verify any addresses before trying to send to them, so anything that is undeliverable will go back to the return address that was randomly chosen.

So, what can you do about it? Not much really, since it is very difficult to know the true sender of the message without a very extensive understanding of message headers and other technical aspects of e-mail messages.

What you can do is make sure that your anti-virus protection is up-to-date (and running), update your operating system on a monthly basis to plug the holes that these worms use to spread and don’t open file attachments!

Windows users can go to Windowsupdate.com to check their systems and Mac users can go to www.info.apple.com for a list of the most current updates that can be downloaded.