Email Identity Theft
Spammers use forged email addresses because they do not want to receive complaints (or complaints to their ISP). They just want your money. Unfortunately email forgery is simple and commonplace.
Email viruses also forge email addresses. Generally an address is chosen from the infected machine's address book and used as the "From" address for outgoing email. Doing so has two advantages: (1) it makes it more difficult to determine the real source of the virus (it's someone who has both your email and that of the forged sender in their address book); (2) by posing as a trusted contact it is more likely that the email recipient will open an attachment and thus propagate the virus.
As a company, you can't prevent this. You can't conceal your email addresses and only reveal them to trustworthy indviduals. Your clients and suppliers need to be able to contact you. All you can do is react when it happens.
So what should you do? You should:
web hosting provider or ISP: you don't want your website disconnected
because of complaints from people who didn't realize that the From address
was forged. Put
a note on the front page of your site so that any annoyed spam recipient
going to your website will understand what has happened and that you
Collect evidence (printed and electronic copies of complete emails, including all headers) in case it becomes necessary to either pursue the spammer through the courts or to convince a skeptical inquirer that you didn't send the email.
Most recently our domain name has been used to tout the stock of WTAFF (Wataire Industries). This company has forged our domain name as the return address for its emails. Among the board of advisors to Wataire Industries is a former Microsoft executive.
If you receive spam...
The simplest thing to do is just delete it. Replying is pointless as either (a) the From address is forged, or (b) the From address will be used to harvest a list of working email addresses which the spammer can use to optimize his or her operations.
Try to avoid loading such email in an HTML capable email client which automatically loads images.
Spammers often encode your email address in the URL used to retrieve images.
By examining their server logs, they can determine if you received the email, and whether you read it.
For the same reason, don't click on any links in the email.
But be careful! It's all too easy to point the finger at the wrong person.
try to cover their tracks, and more than one of the email headers will
typically be forged.
And obviously never buy anything from a spammer. You don't really think your credit information is safe with somebody who forges emails for a living, do you? Or, why buy stock in a company that resorts to spam to generate interest in its stock offerings?