Helmets.org

Bicycle Helmet Safety Institute

Consumer-funded, volunteer staff

Helmets Children Promotions Statistics Search


Spammers Using Spoofing Sent You That Email!


Summary: We did not send you spam or a virus. Here is how others do it and make it appear to come from a legitimate address.


In early 2002 we began getting "can't deliver your message" from many email servers for messages we had never sent, and many of them indicated that there was a virus attached to the file. Over the years since then we continue to see evidence that malicious users are making it appear that we send spam or viruses.

We use a firewall and virus protection software here, set in restrictive modes, updating our virus definitions frequently. We don't use the most popular mail software here, reducing our virus exposure. We have never had a virus that sent out messages with viruses attached from our mail server or any workstation.

The message you may have received with a virus attached and a return address in our domain originated somewhere else. The return address was set to make it appear to have originated here by a process known as "spoofing," a forgery technique that inserts a fraudulent address in place of the real sender. Here is a paper on the Princeton website that explains what one version of spoofing is, now called phishing. And this Wikipedia entry has a different explanation. The term has come to mean any bogus message that hides its true origin.

You can easily identify some of those messages, since they are usually from "info" @helmets.org, an address for feedback that we never use for an outgoing message. The messages are often awkwardly worded and never on topic. If you examine the full headers you will see that the origin of the message is obscured by relaying or other techniques, but among the detailed headers you will discover that they did not actually originate here.

In October of 2002 we saw the first spoofing with a user name: Leigh Brown. There has never been a user Leigh Brown at BHSI! But we put this page up as an explanation. In the ensuing years the problem has continued. In 2016 a .zip file arrived with such a message that originated in Sri Lanka, but of course we deleted it unopened. And we get a lot of email attempting to elicit personal info, a practice called phishing.

If you think we may actually have sent you a virus, please send us an email and we will check our server logs and workstations again. But the odds are very high that it was a forged return address instead.