The purpose of this article is to help explain how email works. It's written for non-technical users, but technical support folk may want to point their users here to find the answers to common questions and concerns.
Maybe you did. It is possible for a computer to be taken over by malicious software which then sends viruses to other people. This happens behind the scenes; the owner or user of the computer may have no knowledge of what is happening behind their back. If you don't have up to date antivirus software on your computer, this could happen to you.
But maybe you didn't. One of the odd things about sending email is that the sender can easily lie about who they are. I (or anyone else) can very easily "forge" mail so that it appears to come from someone else. Therefore, the nasty virus-laden email that appeared to come from you may not have at all - but it probably DID come from someone who knows you. Here's why: those nasty programs that take over programs often read the mail address book to find other folks email addresses, and will use those addresses in the forged email. So if Pete has you and Sam in his address book, and his computer gets infected by a virus, Sam might get forged email that looks like it came from you.
As these viruses sometimes send to accounts that don't exist, YOU will get any message back that says that - yiou never sent the original, but since it LOOKED like it came from you, that's who the other system notifies.
If you've left your email on newsgroups, message boards or websites, spammers could have found it there too. They look for email addresses both to send junk to and to use as the forged source.
You can often easily trace back messages through the "headers". How you get to see these details varies with your mail client - for Outlook Express, right click on the message, choose Properties and then Details. The "Recieved" headers show how the message got to you. It may have passed through several machines to get to you; look at this piece of spam for example:
Received: by 10.82.164.8 with SMTP id m8cs335569bue;
Fri, 8 Dec 2006 04:45:42 -0800 (PST)
Received: by 10.100.198.11 with SMTP id v11mr4012514anf.1165581941872;
Fri, 08 Dec 2006 04:45:41 -0800 (PST)
Received: from mail10.atl.registeredsite.com (mail10.atl.registeredsite.com [18.104.22.168])
by mx.google.com with ESMTP id c20si3121247ana.2006.12.08.04.45.41;
Fri, 08 Dec 2006 04:45:41 -0800 (PST)
Received-SPF: neutral (google.com: 22.214.171.124 is neither permitted nor denied by best guess record for domain of email@example.com)
Received: from vps.pcunix.com ([126.96.36.199])
by mail10.atl.registeredsite.com (188.8.131.5260308/8.12.11) with ESMTP id kB8CjeMD003916
for <firstname.lastname@example.org>; Fri, 8 Dec 2006 07:45:40 -0500
Received: from bayernwirt.de (ADijon-258-1-65-215.w90-6.abo.wanadoo.fr [184.108.40.206])
by vps.pcunix.com (8.11.6/8.11.0) with SMTP id kB8CjdP55150
for <email@example.com>; Fri, 8 Dec 2006 12:45:39 GMT
The very last line in that list (Received: from bayernwirt.de ) is the machine that first handled the message. So if Sam looked at other messages from you and saw that the first machine that handles your mail is normally "yourcompany.com", but on the "bad" email it started somewhere else, he'd know it wasn't actually from you.
Yeah, we all do. Filtering spam is a never ending battle. Here's the problem: there's money in it. Big money. So lets say Fantastic Filter Corporation comes up with a great way to block spam. It's wonderful: it blocks everything you don't want but never interferes with anything you do. You are overjoyed, but Dastardly Dan Spammer is not. So.. Dastardly Dan goes out and buys a Fantastic Filter, tears it apart, figures out how it works, and soon enough can get by it. That's the reality of spam filtering today.
Are you sure? Maybe it's in your Spam or Junk Mail folder. "False positives" - mail marked as spam that shouldn't be - are also a fact of life today.
Some mail systems block mail before it gets to your inbox. You get a message from the Mail server saying that firstname.lastname@example.org tried to send you mail but it was blocked because of a virus. THIS MIGHT BE LEGITIMATE EMAIL. That's why you are told about it, because the server has no way of knowing that you want or don't want this mail. All it knows is that the email had a virus, and it wants you to know that. If email@example.com IS someone you are expecting mail from, you at least know that it was blocked for this reason.
Or maybe Sam from foobar.com calls you and tells you that he can't send YOU mail. Possibly he has been put on a blacklist - maybe deservedly, maybe not. This often happens with home users with DHCP IP addresses: some spammer used to use the IP you have now, so that IP is on a blacklist. He needs to contact the folks who maintain the blacklist to fix this. Usually that's quick, simple and (most important) free if you really are not a spammer.
The message you got back telling you that tries to tell you why. Maybe it's their problem, maybe it's yours. For example, sometimes I see companies that can send mail just about anywhere but not to AOL addresses. That's a DNS PTR issue usually, and is easily fixed.
Or maybe you've been blacklisted - see the section just above here.
Often it's just a temporary glitch - try again and it may go through.
That's beyond the scope of this article.
Maybe, maybe not. Sometimes mail servers get behind in their work or even crash. Most systems are configured to keep trying to send a message for at least a few days, so your message may get there eventually.
Are you sure he didn't get it though? It might be in his Spam folder.
Anything else we need to add here?
Got something to add? Send me email.
More Articles by Anthony Lawrence © 2010-10-27 Anthony Lawrence