(Update: The practice is called a “Joe Job.”)

It is common practice among spammers to “spoof” domains, sending their unsolicited messages with forged From: or Reply-To: fields to make email appear to be coming from a source other than the actual sender. Responses to these messages are “returned” to the forged address, and if that address happens to be that of a real person, woe upon him, as every bounced error message and angry reply is directed to his unwitting inbox.

I was such a victim last night, when a spammer sent prescription drug pitches to several AOL accounts using the brownpau.com domain, prepended with various randomized text-string user IDs. Since I forward all unrouted mail to my home address, I was met last night with dozens of “Failed Delivery” messages, each with a different spoofed header. Fortunately my host provides SpamAssassin and a full-featured email cpanel, so I managed to stem the tide and apply the necessary filters and bouncers before the deluge became unbearable.

Spammers don’t care who gets hurt in their efforts to destabilize the internet for a buck, so they must be stopped.

More info: “My Short Life as an Unintentional Spammer,” Self-Sending Spam, Slashdot discussion.


  1. Rod says:

    Te absolvo. I forgive you of whatever was done in your name, even though you did not do it. Do not feel bad about it, but look for ways to not let it happen again. I know you are doing this anyway.

    Now, stop beating yourself up about it.