As many of you know, Colorado College email accounts have seen a rather large spike in spoofing attacks in the past 6 weeks.

This extremely irritating spammer tactic uses your email as the reply-to address on thousands of spam messages, even though you didn’t actually send them.  Don’t worry, this doesn’t mean your account has been hijacked.  In fact, it is exactly the same thing as a person sending out regular mail via an envelope and simply writing your return address on it instead of their own – nothing can prevent the person from doing this, and they only need to know your address – it doesn’t mean they have the keys to your house and are actually sending mail from there.  There’s also unfortunately no way to determine who exactly wrote your return address on that envelope.

If that envelope cannot be delivered, it will be returned to you even though you did not send it because that’s what the return address specifies.  This is why you receive hundreds or even thousands of those “message: undeliverable” bounce-backs in your mailbox.

These messages haven’t been filtered up to this point because there is no way to adequately distinguish them from legitimate bounce-back messages.  If you attempt to email somebody and the message does not reach them, you want to see the bounce-back message so that you are aware of that.

However, Postini recently released a new filter for this type of spam, and since the issue has been serious and ongoing for at least 6 weeks, we’ve decided to enable the filter for every CC email account.  The good news is that this means this type of spoofing spam should stop reaching your mailbox – the bad news is that it means you may not receive legitimate bounce-back messages because they might also be filtered.

To read more details about how this filter works, please see Postini’s technical bulletin on the subject: http://www.postini.com/webdocs/rel_notes/announce/bulletin_ndr.pdf?elq=C203ABB4764A436E81017AC95696C605