Spent yesterday bringing Mrs B's new laptop on line and into home network. XP SP2 (painfully) updated. Downloaded and installed Skype and ITunes, both of which ask for email addresses. Following these installs I now see a flurry of bounced emails from that address. AVG and ZA running and AVG, Spybot and Adaware scans clean. Will run housecall and hijack this today. Laptop off overnight and more bounces this am on desktop.

More a note of caution than anything else, but I cannot see how else the email address was 'leaked' unless anyone has any ideas what else I missed?:{

Some email domains have been attacked by spammers prepending anything (and almost everything) before the @ in the hope of a small percentage of "hits".

Perhaps that is how?

SD

Yes, but that has been going on for ages! There should have been no EASY way to obtain the email address except.................? NO emails sent out, and at the moment no address book loaded. The 'flurry' coincided with the installation of the 2. It has tapered off now, but I am getting about 2 bounces per hour and it was quiet before. Anyone else experienced this after ITunes and Skype? They PROMISE no misuse of addresses.................

Lots of organisations sell on addresses. Hotmail used to do it regularly.

The smart way around this is to have your own domain and just make up the bit to the left of the @ for each different website. Then if somebody spams it, you can set up a kill filter on it.

Sorry but can you explain what you mean by bounced?

Do you mean getting spam emails to an address that did not exist until yesterday?

Certainly: Emails sent ( from another machine - I HOPE! - and using Mrs B's email suffix) to addresses which do not exist and are therefore bounced back to her domain. Occasionally using her correct email prefix too.

Yes, this is common.

Spammers always use faked From: headers, and if they happen to use your email address then you will get bounces back from various people who got spammed.

There is a defence to this practice, called SPF, whereby the real holder of a domain name specifies the IP(s) from which emails purporting to come from that domain may be transmitted. Then, the recipient of any email can do an IP lookup on that domain, fetch the SPF record, and if the email came from an IP not listed it must be spam. It's a good idea but not a lot of people use it, and most of the big ISPs don't check SPF records because so few people have them set up. If this was universally adopted, it would force a spammer to register his own domain and spam from that and only that domain - more work for him and makes it easier to shut him down.

Yes, this is common. - yes, sadly quite familiar with that. The q was concerning the sudden onset with installation of said progs.

How do I set up SPF? Will all email servers offer it if asked?

Certainly: Emails sent ( from another machine - I HOPE! - and using Mrs B's email suffix) to addresses which do not exist and are therefore bounced back to her domain. Occasionally using her correct email prefix too.

There are many virus out in the wild that attempt to propagate themselves by sending emails out to everyone in the address book on the infected machine. To further disguise themselves and to trick the recipients into opening them, they spoof the "from" details from someone else in the address book.

So, all of a sudden, you can start receiving non-delivery notifications, or rejections because a virus was detected in an email that make it appear as if you have been sending out many bad emails, when in fact your only connection has been to have had the misfortune to have your address in somebody else's address book when that person caught a virus.

Sometimes the returned rejections are kind enough to include the header information, and from that you can usually find out the real address of the culprit

The SPF record is set up by the owner of the domain, on the server which hosts the DNS record for the domain.

If your ISP is for example ZEN and you are using their collective email address style, then give them a call and ask if they have set it up for *@zen.co.uk or whatever.

If you are using your own domain then the ISP hosting it should set this up for you, upon request.

I run my own email server (a PC in the office) but use a company for the DNS function for the domain name, and they provide a control panel through which it can be configured.

However, SPF is of limited use because currently so few recipients check it. I guess that it helps in some cases, in helping your recipients to determine that your email is not spam, but you can't use SPF at present exclusively to see if the incoming email is spam because so few people implement it.

Just to add to SPF Q&A here: it's not something you can turn on easily. It's very easy to mis-configure it and therefore takes a lot of planning, especially in an organization with a highly complex email strategy such as Zen's (great ISP choice btw, they WILL talk to you about SPF if you ask).

Back to your original query, BOAC: did you download the software from the vendors' own web sites? I have done countless downloads of Skype and iTunes and never seen my email address misused. Just out of interest, you don't need to enter an email address to d/l iTunes :)

Sounds as if SPF is out of my league:).

Yes, original web sites and the 'request' for an email was 'to retrieve lost passwords'. Still seeing the odd bounce but things are quieter so it could have been a coincidence.

Yes, I can see that it would be difficult for a major ISP to manage SPF - they are likely to be sending emails from any of many IPs. Mind you, nothing stops them configuring the SPF record dynamically.

It's time somebody did something real about spam. Spam filters based on keywords and text analysis do not work anymore. I get about 20,000 spams a day at work. Some 98% are dropped through the sendmail virtual user table so that's easy but that still leaves far too many. And in a business context one cannot protect addresses like sales@ ... using the virtual user table.