E-mail Virus Spreading

This article briefly explains how email viruses are spread and shows how it causes some people to receive one of:

Non-delivery notices for e-mail that you did not send
A notice that an e-mail you supposedly sent contained a virus.

Just because you received an e-mail like this does not mean that you have a virus. The best thing to do is simply delete the e-mail unless your system is performing strangely or erratically in which case you should scan for and remove any viruses. See the page about removing viruses at http://www.comptechdoc.org/basic/basictut/removevirus.html for more information.

How people that are not infected receive these types of messages is explained below in this description of how viruses spread. The below picture shows how a virus begins to spread.

In the lower left corner of the above picture the process of what happens when the virus is sent from the infected computer is shown. It is as follows:

The virus infected computer sends the virus to the intended recipient.
The e-mail server that the recipient is connecting to (or another server) may do one of the following:
- It may recognize that the e-mail contains a virus. If inproperly configured, the e-mail server will then notify the faked sender of the e-mail, not the real sender, that they sent a message with a virus.
- It may not recognize that the e-mail contains a virus but may try to deliver the e-mail and find that the address of the recipient does not exist.
The e-mail server may notify the faked recipient that their e-mail could not be delivered or the e-mail they sent contained a virus.
- If in the above step the e-mail server did not recognize a virus in the e-mail and the e-mail address of the intended recipient does not exist, the faked sender is notified that the recipient address of the e-mail that they sent was invalid and the e-mail they sent could not be delivered (in spite of the fact that the faked sender never sent an e-mail to that recipient and usually they will not even know the person)
- If the e-mail server found a virus in the message, the faked sender may be notified that they sent an e-mail containing a virus.
The e-mail may be delivered to the recipient depending on whether the e-mail server recoginzed the virus in the e-mail and whether it was configured to delete any e-mail that contains a virus.

The person whose sending e-mail address was faked by the virus above will therefore receive notifications that e-mails that they never send contained a virus or an e-mail that they sent (but actually never sent) was undeliverable.

My recomendation to e-mail server administrators is not to notify senders of e-mails that any messages they send do not contain viruses since most viruses today fake the sender of the e-mail. This will cut down on the confusion added by these messages.