Office 365 - Why am I getting bounced messages for email I didn't send?
Spammers commonly forge the headers of messages they send, making it appear as though they originated elsewhere. Spammers harvest vast numbers of email addresses, or even guess common email addresses, and then put these addresses in the "To:" and the "From:" fields of the millions of email messages they send out. Some of the messages they send will end up bouncing, and when they do, they bounce to the forged address in the "From:" field, which may be yours.
Users need to know if their legitimate messages are bouncing, and the Office 365 system can't distinguish legitimate bounces from illegitimate bounces.
Is my account or computer compromised?
In most cases your email address has been spoofed by a spammer, and there is no risk to your account or your computer. However, in some cases your email account credentials or your computer has been compromised by a spammer. We recommend that you log into Office 365 web client and forward as an attachment one of these bounce messages to firstname.lastname@example.org. The DoIT Help Desk will be able to determine if you will need to reset your email password or scan your computer for infection.
If the message is being sent to an alternate address (on your account), including departmental addresses, that you no longer use, you have the ability to remove/delete this address.
What can I do about these messages cluttering my Inbox?
There are a few ways to deal with this problem:
- Wait until the spammers stop using your address, and delete the bounced message. Spammers generally only use these email addresses for a short time before moving to a different address.
- User can add custom filters to their account to filter these messages.