Why do I keep receiving bounce / undeliverable messages for email I didn’t send?

While certainly annoying this isn’t generally anything to be concerned about, and doesn’t normally suggest that anyone has compromised your email account.

One of the limitations with all email is that with the required knowledge, there’s nothing preventing someone from sending email using any email address they like. Spammers often use this to their advantage by picking a legitimate email address at random to send from because 1) most anti-spam systems will block messages from non-existent domains, and 2) it avoids attempts to blacklist their email address.

If they pick your email address, their messages don’t pass through your mailbox, and don’t need to interact in any way with your email providers systems. Unfortunately this means it’s impossible for your email provider to prevent them being sent.

Where you receive bounce / undeliverable messages for messages you didn’t send, it’s likely that the above scenario has been happening. You’ll receive the bounce messages where the intended recipient doesn’t actually exist, so their mail system returns the email to the address listed as the sender, eg you.

Since our systems have no way to differentiate between those bounce messages originating from spam, and those coming as a result of you actually sending a message, there’s no real way for us to block them, not without also blocking legitimate bounce messages informing you that a message you sent hasn’t been delivered.

Fortunately when this happens it generally only lasts for a few hours or perhaps a day at most, after which the person sending the spam will move onto a new faked sender address and start all over again.

