Undelivered Mail 01.25.06

Many users have, at one point, received notices of undelivered mail which they have never personally sent. This is usually what happens:

Let there be three persons, "A", "B", and "C". Assume you are Person A.

  • An email-spreading virus infects the PC of Person C. The virus harvests the contents of Person C's addressbook(s), which happens to have the email addresses of Persons A and B.
  • The virus will now begin creating and sending out forged emails. One of these happens to have Person B as recipient and Person A as sender.
  • The mail server handling Person B's email receives the forged, infected message. The server has anti-virus software installed.
  • The anti-virus software detects the virus and rejects the message. Per standard email server behavior, an undelivered notice is sent to the forged sender of the email, namely Person A.
  • Person A's mail server receives the undelivered notice, and promptly delivers it to Person A's inbox.

Note how Persons A and B are innocent bystanders in this whole affair. This is how undelivered mail that we never sent finds its way into our mailbox, and is an unfortunate fact of life on the Internet.