Spammers Using Spoofing Sent You That Email!
Summary: We did not send you spam or a virus. Here is how others do it and make it appear to come
from a legitimate address.
In early 2002 we began getting "can't deliver your message" from many email servers for messages we had never sent, and
many of them indicated that there was a virus attached to the file. Over the years since then we continue to see evidence
that malicious users are making it appear that we send spam or viruses.
We use a firewall and virus protection software here, set in restrictive modes, updating our virus definitions
frequently. We don't use the most popular mail software here, reducing our virus exposure. We have never had a virus that
sent out messages with viruses attached from our mail server or any workstation.
The message you may have received with a virus attached and a return address in our domain originated somewhere else. The
return address was set to make it appear to have originated here by a process known as "spoofing," a forgery technique
that inserts a fraudulent address in place of the real sender. Here is
a paper on the Princeton website that explains what one version
of spoofing is, now called phishing. And
this Wikipedia entry has a
different explanation. The term has come to mean any bogus message that hides its true origin.
You can easily identify some of those messages, since they are usually from "info" @helmets.org, an address for feedback
that we never use for an outgoing message. The messages are often awkwardly worded and never on topic. If you examine the
full headers you will see that the origin of the message is obscured by relaying or other techniques, but among the
detailed headers you will discover that they did not actually originate here.
In October of 2002 we saw the first spoofing with a user name: Leigh Brown. There has never been a user Leigh Brown at
BHSI! But we put this page up as an explanation. In the ensuing years the problem has continued. In 2016 a .zip file
arrived with such a message that originated in Sri Lanka, but of course we deleted it unopened. And we get a lot of email
attempting to elicit personal info, a practice called phishing.
If you think we may actually have sent you a virus, please
send us an email and we will check
our server logs and workstations again. But the odds are very high that it was a forged return address instead.