LumberCartel.ca ✉ Library - eMail Identity Theft

The Lumber Cartel, local 42 (Canadian branch)

Library - eMail Identity Theft
by Randolf Richardson, November 11th, 2011

Has someone been sending spam or viruses over eMail with your identity? With identity theft scams of any type, once the forger has your information it's very difficult to do much until they're either caught [by authorities], or their resources are cut off, or they choose to move on to forging someone else's identity.

As for the causes of eMail identity forgery, two possibilities come to mind:

The spam was actually sent from your computer. If this is the case, then your computer is very likely infected with SpyWare or a virus that facilitates spamming activities [often for spammers or to self-replicate]. For this, you'll need to make sure your anti-virus software is running and is up-to-date, and also scan for SpyWare; the following tools are highly recommended as they've been found to be trustworthy and reliable:
A spammer is currently forging your eMail address/identity in the sender field, and you happen to be one of the recipients, or mail is bouncing back to you as a result of what's often referred to as "back-scatter" (which is a strongly discouraged eMail server configuration practice, _yet people keep doing it anyway and usually eventually finding themselves blacklisted, but these details are beyond the scope of your question_).
Forging the sender of an eMail is a trivial matter -- it's almost as easy as forging postal mail in that all the sender has to do is write someone else's address on the envelope before dropping it in a mailbox. Although there are many counter-measures in place to prevent sender forgery, very few mail servers use them because they also often have drawbacks that limit the free exchange of information in some way.

Note that if you change your eMail address, for the cost of this inconvenience you'll likely only get a temporary break from this as the spammer will almost certainly eventually discover your new eMail address. Often, they move on to forging someone else's address anyway because they assume that whoever's address they're forging will end up getting labelled as "junk" by many recipients (so they tend not to keep forging a single address for too long).

Options for taking pro-active action against spam

One thing you can certainly do is contribute to anti-spam blacklists such as SpamCop by reporting the spam you receive (you don't have to report all of it either -- you can just report a select subset of the spam you receive as your time permits, and you'll still be making a useful contribution to the war against spam), and then the ISPs who have the power to stop it will receive automated reports from SpamCop that also [optionally] protect your identity.

Your ISP may be able to institute the use of a few conservative blacklists to block a large portion of spam from entering their eMail systems. Many ISPs already do this with great success using only conservative databases for blocking (e.g., open relays, SpamCop's blacklist, systems that send viruses, plus a few others). Some ISPs also optionally use the more aggressive/extreme blacklists for tagging (not blocking) so that users can apply filters at their discretion. Follow this link for a list of some of the more well-known blacklists (a.k.a., DNSBLs) which also includes an online IP-address/domain-name blacklist lookup tool.

Another great server-side tool is SpamAssassin, but it does incur a short delay with mail reception due to the extensive number of tests it performs against each eMail message it processes (this delay can become more noticeable during peak times on very busy eMail systems, but I think it's a worthwhile sacrifice because mail still gets delivered reasonably quickly in the end). It is a very popular system that works very well, and is worth looking into if you're running your own eMail servers.

[Home] [Profile] [Glossary] [Library] [Resources] [Tools] [FAQ] [Site map] [Contact us]