Privacy Watch: Why Your Friends Believe You're Selling Viagra

Illustration: Zohar Lazar
Lawrence Kestenbaum is a good guy. So is Norman De Forest. So why is Kestenbaum's inbox choked with angry e-mail messages accusing him of sending spam and distributing viruses? And why is De Forest being reported to his ISP as a spammer?

Kestenbaum and De Forest have gotten lousy reputations because of the infuriating ability of spammers and viruses to forge names in the From field of tainted e-mail.

Lots of savvy PC users realize that messages often lie about who sent them. Viruses will harvest e-mail addresses from the hard drive of computers they infect, and then choose one of those addresses to enter as the sender of their automatically generated virus spawn. Spammers use similar tactics.

But many people don't know about address forging and consider the person named in the From box responsible for their inbox misery. And some software sends warnings to users whose systems don't have a virus but whose addresses appear in infected messages.

The result, if you're unfortunate enough to have your address forged: Family and friends leave angry messages on your answering machine. Total strangers send you e-mail messages telling you what a bad person you are. On top of that, you may receive dozens of bounce messages from receiving mail servers telling you that "your" message couldn't be delivered.

"Starting in early January, some [spammer] started using my e-mail address in the From and Reply-to lines of a large quantity of bulk messages," writes Kestenbaum, an Ann Arbor, Michigan, lawyer and Webmaster of "As a result, I received thousands of bounce and rejection notices from all over the world."

"On top of this came the MyDoom outbreak," which led to his receiving thousands more bounce messages, Kestenbaum says.

De Forest, from Halifax, Nova Scotia, says that his ISP's abuse desk received multiple complaints about him when someone forged his e-mail address in the sender's line of a spam message.

It's virtually impossible to keep viruses or spammers from forging your e-mail address. And there's no perfect way to avoid the nasty consequences. Your spam filter may be able to exclude bounce messages. Also, you can educate friends who complain about a message that they thought had come from you.

But the software guardians of mail servers have to help too. Earlier versions of Symantec's corporate antivirus tool alerted users if it intercepted a virus-ridden message with their address in the From field. And McAfee's SpamKiller can send complaints to your ISP if your address appears in a spam message. These were once useful features. But today, with most spam and viruses carrying a bogus From address, all these messages do is litter innocent people's inboxes and get them in trouble with their ISPs. Newer versions of these apps have these features disabled by default, but why should the features remain at all?

"If your [antivirus program] is smart enough to recognize MyDoom, why is it too dumb to know that the From line has nothing to do with the origin of the item?" asks Kestenbaum.

Andrew Brandt is a senior associate editor for PC World. You can send him e-mail at
To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon