Is this genuine spam or sneakiness?
January 10, 2007 12:36 AM   Subscribe

Why am I getting e-mail that is addressed to my ex-brother-in-law? Is this genuine spam, or something sneakier?

Our e-mail accounts have never been on the same Verizon account. We have been getting a few e-mails here and there addressed to his e-mail (which ends in, as does our address.) He's not been on our computer for over a year (he was only on it when visiting), never got his e-mail here, and after the whole ugly family event last year, I changed the Wifi WEP key. (We would notice anyone parked on our street, as that's not permitted here, but unfortunately he is friends with someone 2 houses away - I don't *think* our router broadcasts that far though. We have motion-sensitive lights on the front of our house, but not the back.)

So somehow, someone is sending us mail, and the To: field is addressed to his e-mail, but it's coming to us. The from address seems to be random spammy type addresses. It's all spam, and AVG hasn't found any viruses (no attachments either).

If it's spam, then whatever, but my ex-bro-in-law has a history of harassing us, and we want to know if there is any possibility whatsoever that he is doing this himself.

He lives in Indiana, and we do too, but after tracing every IP address in the headers (via's IP Tracert), all I know is that 2 trace to Canada and the UK and one is unknown.

If this is just random spam, I understand that the To field could be forged... but of all the made-up To addresses they could use, why would it be my ex-bro-in-law's?

The entire e-mail property window (from right-clicking in Outlook Express and hitting Properties) is here in text format - I have replaced his e-mail address with "" but nothing else has changed.

Excuse me if I seem paranoid about all this, but he has already attempted to get me fired from my job.
posted by IndigoRain to Computers & Internet (5 answers total)
I think it's most likely that the spammer acquired both your addresses through someone's addressbook or another source where your email addresses were in close proximity. An old college address of mine was always getting hit by spam with another college member's address in the To: field. The spams end up getting sent to a bunch of people in proximity on the spammer's list with the To: field being one of that bunch.
posted by edd at 12:50 AM on January 10, 2007

I'm surprised your address doesn't appear anywhere in those headers. I can't see how it would possibly end up in your mailbox without it. Is Outlook reformmating the To: header? Try right-clicking the message and choosing "view message source".
posted by cillit bang at 1:18 AM on January 10, 2007

From the looks of it, it is indeed a spam message. It comes from a canadian dsl user, directly to the verizon server, which is a good indication that something is wrong as well.

That said, I'm assuming this spam message was bulk mailed to a number verizon addresses in the spam address database simultaneously, probably with a "BCc:" to prevent the addresses from leaking. If your address and that of your ex-brother-in-law are close together in spelling, you probably both got the same message in the same connection, with one of you (and dozen or so other verizon addresses) in the BCC field and one in the From field. Sending spam this way saves bandwidth and time for the spammer, so some are using it.

All this depends on the software used by the spammer, and there's too many methods they use to say anything conclusive.

I doubt your exbroinlaw has anything to do with this, unless he's a Bell Canada customer.
posted by DreamerFi at 1:35 AM on January 10, 2007

It's the result of a mass mailing worm. Some worms scrape the e-mail address book of an infected machine. They then randomly send infected e-mails to all of the addresses they find, using other names from that address book in the To: line.

In this case, it would seem that someone that has both you and your ex-brother-in-law in their address book has been infected with one of these worms. No reason to worry, as long as you have up to date virus detection installed, and you don't open any suspicious attachments. Also, don't take any wooden nickels, look both ways before crossing, don't lick flagpoles in the wintertime, and have fun stormin' the castle.
posted by Optamystic at 1:39 AM on January 10, 2007

Thanks everyone, I feel a little better now. I always have virus protection running and regularly run Spybot.
posted by IndigoRain at 1:46 PM on January 10, 2007

« Older Wealth distribution tables   |   Buy an optical level or transit/level? Newer »
This thread is closed to new comments.