Why Spammers and Virus-Generated Mail Use Fake From: Addresses
For totally understandable (and entirely unacceptable) reasons, spammers rarely send their unsolicited messages using their own email address in the From: field. Not only would this reveal their identity, it would also allow you and the millions of other recipients to write angry replies. (You can still find out where the email originated, though, and complain to the spammer's Internet Service Provider.)
Authors of worms and viruses desire the opposite to what spammers want, but the result is similar. For worms to spread, social engineering is important, and a crucial point is that the malicious code appears to come from a friendly or even trusted source.
At the same time, the From: line should not contain the email address of the infected computer's owner. The reply from a virus filter notifying them that their computer was infested could alert them. That's why worms put real, but random addresses in the From: line. They usually pick them up from the email clients' address books.
For both spam and worms don't care who the recipients of their — hopefully millions — of replicas are, the messages often go to email addresses that are inactive, full or have never existed.
When, How and Why Delivery Failure Reports are Generated
Since email delivery usually works (or at least did before overzealous spam filters started blocking legitimate mail), success is not normally reported but failures are. If you have ever mistyped an email address I'm sure you know the often detailed, not always easy to parse but usually alarming "delivery failure" messages.
Ignore Delivery Failures of Messages You Did Not Send
Now, what happens if a spammer or a virus decides to put your email address in the From: line can be annoying, disturbing or disastrous. If the messages claiming delivery failures of messages you did not author (sometimes, these bounces of messages you did not send are called "backscatter") don't come in the thousands,
- it is usually best to ignore them.
There is little you can do. (If one of the return messages includes the complete headers of the bouncing mail, you can parse them using a spam analysis tool like SpamCop to find where it originates and then inform the ISP that one of their users has a virus. I don't recommend that, though. It will be of little use and consumes additional time and resources. In the case of returned spam, it can be useful to alert the ISP where it originates, though.)
Scan Your Computer for Viruses and Worms Nevertheless
If you do not have a virus scanner installed and can't rule out that your computer is infected by a worm or has been turned into a spam zombie,
- check your system for viruses (for free)
before ignoring the delivery reports.
If your get a few hundred of the delivery failure messages per minute, you should inform your ISP so they can filter them out to avoid having your mailbox clogged.