By now most of us know that spammers send email addresses with forged headers; the email address in the From line is not the real From address. We also know that spammers think they're clever by using other email addresses on their spam lists as the From address, so they might be sending spam with your email address in the From line. Well, now spammers think they're even more clever by sending you an angry email complaining that you are sending them spam, that they have reported you to your ISP, and that they have put your email address on hundreds of spam lists in retaliation. Their goal? To get you to respond to their message, and in doing so, confirm that your email address is valid and is read by a human being, so they can put you on their spam list for resale. Isn't that clever?

I almost fell for it, too, until I received a second similar complaint message using a similar format but different wording, from a different domain. Thankfully, both messages were easily caught by SpamAssassin, demonstrating that the spammers aren't that clever after all.

Alas, other messages are starting to get past using the exposed address I mentioned the other day, with SpamAssassin scores equivalent to legitimate email. I believe I'm even receiving spam via other addresses I've used. I could only guess that these email addresses ended up in people's address books, which were then harvested by computer viruses. So much for paritioning as an anti-spam measure. It looks like Bayesian trained anti-spam email clients are in my future after all.