Scam and Phishbusters → Spamer forging our personal email address...

Based upon several "bounce messages" we have been receiving in the last few days (assuming those bounce messages aren't being forged), my wife's personal email address is being forged as the "from address" in some jerks p**is enlargement SPAM.

The question is, what should we do about it (if anything)? Should I contact my ISP, to let them know about this issue (so our family doesn't get blamed)? Should I try tracking down each "received by" link, to report this SPAMer to the abuse department of each ISP? Should I post copies of the SPAM headers (where available) for analysis here (along with the actual SPAM that points to a rather dubious domain)? Should I just "live with it", as this is something notoriously hard to fight?

NOTE: I do run both a firewall, and anti-virus (which is updated daily). Also there doesn't seem to be other signs (for example, unexpected network activity) that any of my home machines are "infected". So I really think this is probably someone forging my wife's email address on their own SPAM (which they are sending out from somewhere else). OTOH: This is at least slightly annoying to us, because they are essentially using "identity theft" (by forging my wife's real email address in their SPAM)!

NOTE: The "received by" lines of the original messages (as reported in the bounce messages) seem to be coming from a variety of different places, so there is a chance that this SPAMer has a SPAM bot-net running (and the places these emails are coming from are just "compromised machines", instead of the original SPAMer).

Unfortunately there's not much you can do. It's happened to me several times, which is extremely annoying because I run my own small business using the email address in question. Contacting your ISP will do no good because they'll know right away (based on the senders IP address), that your not the culprit.

Having Anti-Virus/Firewall protection will not stop this type of email abuse since their not doing anything your computers. They took an email address randomly from a list and began sending using your email as the reply address. The reason it comes from a variety of computers around the globe isn't because their compromised (in most cases), but their open email relays. An open relay, in plain english, means the computers are set up to forward email automatically. Spammers usually have 5+ relays that they connect to, then send the spam to the relays, which then sends it all over the place.

To fight back, record all the domains in a text file. Find out who servers (which ISP it is) and report the spam as abuse and demand them shutdown the site. Then find out the the people who provide them with the internet connection and forward the abuse report to them as well, demanding action.

Since this "product" is of a "medical" nature, forward the it to the FDA then the FTC. Hopefully they'll investigate or atleast put it in their recods and eventually give them a whopping good fine like they did with fax.com. As you receive those annoying "undeliverable" notices, put them into a folder marked "Website - Date" to keep as your personal records. This is incase the same people do it again, then you can go to round two. These are legal ways to fight back against spammers. Of course vigilante justice may have it's merits, but I do not condone this type of behavior. =D