If you don't have effective security measures in place, spammers can infect your computer with malicious software and use it to send spam to other people without your knowledge or consent. This is known as zombie spamming. The spam is channelled through your computer to the outside world, so you appear to be the sender. You become an ‘accidental’ spammer. The unauthorised use of your computer by spammers is illegal and criminal penalties apply to anyone who undertakes these activities.
Spammers are always on the lookout for computers infected with malicious software through which they can channel their junk mail. This method helps to hide the spam’s origin and protects the spammer’s identity. Visit the Avoiding spam page for detailed information and practical tips on avoiding computer zombie spamming.
Server zombie problems can occur when a business runs a server that is 'misconfigured' - that is, set up incorrectly so that it is vulnerable to exploitation. If your email or web server is set up this way, it is known as an 'open proxy' or ‘open relay’.
If your computer is being used as a zombie, or your server is being exploited, the spam header information will show you as the source of the emails, even if you did not generate them.
The best way to ensure your server won’t become a zombie is to install anti-virus software and keep it up to date. If you have your own email or web server, you can also follow some simple server security tips so that spammers can’t exploit your server.
If your server is being used as a zombie, you will need to:
- get your proxy reconfigured or remove the virus
- secure your server and make sure it is not running as an unsecured open relay or proxy. Get an IT expert to check the settings and show you how to adjust them. The manuals for your server’s software should provide information on security.
If you are receiving returned emails that look as if they've been sent by you, your address or domain name has probably been misused, or 'spoofed', by a spammer. This means the spammer is pretending to be you by making their messages look as if it comes from your email or website address. The spam does not actually originate from your computer, it just lists you as the sender.
If you receive these kinds of messages, it is unlikely that the spoofing is directed against you or your company. This activity is usually random. Your name or business will not be black-listed as a spammer as a result of spoofing, as authorities and anti-spam groups who take action against spammers have access to 'header information' that shows where an email has come from. This information indicates that you are not the sender of the spam and are not responsible for it.
Unfortunately, there is very little that can be done about spoofing. The problem will usually stop after a few weeks, without you taking any action.
More detailed information on computer security is available from the e-Security Links section.