Some of you have been receiving Delivery Failure notices in your email inbox as of late to items that you never sent. The technology industry has seen this quite a bit, too. This is due to spammers finding your email address or our domain on the internet and sending spam all over the world using your address as the Sender. Sure, you didn't really send it, but the server that receives the spam doesn't know that and sends you a Non-Delivery Report (NDR). Now, some of this would be alleviated if mail server admins would turn off the NDR for known spam, but that is beyond our control.

This "spoofing" phenominon is known as backscatter. 

Backscatter
Backscatter occurs when a Mail Transport Agent (aka email server) sends a bounce to a person who did not really send the email. Spam Links has a good description of Backscatter and why it happens. Essentially, someone is spoofing the Reply-To field in an email. They then send it to a mail server and it bounces not back to the sending server but to the Reply-To address. Thus you may receive hundreds of spam messages this way.

Symantec, in their April 2008 Spam Report, also noted an upward trend in backscatter attacks. So if you are seeing this issue, you are certainly not alone.

http://www.rackaid.com/resources/rackaid-blog/racktips/bounced_email_or_backscatter/

What can I do?

Unfortunately, there is little we can do to stop backscatter. On WCCS's part, we do not propogate the problem as we have disabled notification on this condition; therefore, we are not "backscattering" others. If you know you did not send the message, simply disregard the NDR report. You'll have a happier day.