Email systems have a mechanism for notifying you that a message you
sent could not be delivered for some reason. Almost everyone has made
a typo in an email address at some point and received a message from
"Mailer-Daemon" telling them that the message could not be delivered.
Other reasons that an email message you send will "bounce" are that the
recipient's email account no longer exists, the recipient's account is
over quota, the recipient's mail server cannot be found, etc.
SPAM email is sent from a central source using a huge list of email
addresses that are to receive the SPAM message. Most of the important
lines at the begining of an email message (ie., To:, From:, Subject:,
etc.) can be set by the sender of the email to be anything they
choose. This is surprising to most people. Yes, the From: line of an
email message is not a reliable way of determining who sent the
message.
People who send SPAM email routinely forge the From: line of their SPAM
messages by inserting email addresses from the same list used to
determine the recipients of the SPAM. This is why you might see SPAM
email that appear to be from people you know or even yourself.
Combine the capability of email systems to return undeliverable email
with the ability of SPAM message senders to forge the From: line of an
email message and it's obvious that a huge problem arises. Lot's of
SPAM messages can't be delivered because sites block the SPAM or the
recipient account doesn't exist. When they bounce these messages back
to what appears to be the sender, the bounces are actually returned to
someone who had nothing to do with sending the SPAM message. Just
being on a SPAM email list makes you vulnerable to receiving these
bounced messages.
For a time SPAM senders would not use the same email address in the
From: line of multiple SPAM email messages, so the likelihood of
receiving a falsely bounced message was low. Now a new SPAM technique
has started using the same email address in the From: line of hundreds
of thousands or millions of outgoing SPAM messages in a very short
time. This results in a flood of bounced messages being sent to the
address in the forged From: line. Accounts that are victims of this
may receive over 1000 bounced messages in a few hours time.
Because returned email serves the useful purpose of notifying you that
email you sent could not be delivered, we can't just block it
completely. In order to solve the SPAM backscatter problem, all
returned email for accounts using SPAM filtering will now be delivered
to a separate email folder called "RETURNED". Every six hours the
system will check your RETURNED folder for new messages and notify you
if there is something there. This will help you know when legititmate
bounced messages have arrived. During a backscatter flood, the
RETURNED folder will accumulate the bogus bounced messages so that your
email Inbox doesn't get cluttered up with junk.
You should
periodically clear all messages from the RETURNED folder. If your
account is configured to empty your SPAM folder periodically,
your RETURNED folder will also be automatically cleared at the same
time.
A minor issue that may give rise to questions from some is that the
RETURNED folder will not be created until you receive the first bounced
email. Don't worry if it does not exist, it will be created
automatically when needed.