« Sigma DP-1: More Signs It's Coming | Main | Olympus E-510 Part 2—Dealing with Overexposure »

Saturday, 09 February 2008


Feed You can follow this conversation by subscribing to the comment feed for this post.

Mike, I wouldn't worry too much. You don't have a virus; I suppose it's *just* possible that you're acting as a conduit for some Windows virus or other, but I doubt even that. I've had a few messages over the past couple of years saying 'your message to so-and-so couldn't be delivered', and I've never heard of so-and-so. I think it's more likely that your address has just been picked at random as a 'real' address in order to make the spammer's look more authentic; I don't think it's anything to do with your actual computer or where you are. They just picked 'em out of the ether, or the Web as it's called now :-) If you were sending these messages, I'm sure you'd know about it.

This could be just using your address as a return address. This has happened to me occasionally too. It was not due to a virus. A nuisance but it always dies down after a few days.


This is actually more likely to be "backscatter" from email sent by spammers who've happened to pick your address as their forged "from" address. Googling for "spam backscatter" will give you a bunch of information on this (unfortunate) phenomenon.

That said, virus scanners aren't a bad idea. McAfee, Norton and Sophos make and support virus scanners for OS X, but I haven't had any personal experience with them...


I doubt that you have a virus, but if you really want to check, go here: http://www.clamxav.com/

There was a worm in the wild a little while ago, which was quite hard to catch, but if you want to check whether you got it or not, go here and follow the instructions: http://www.securemac.com/

Good luck, but I bet you that there is no virus on your machine (the return emails are probably spam, or virus emails themselves).


I use Grisoft.com's AVG on my PC, but honestly I don't know if they make if for MAC platform. It's free.....


Like others have commented, I highly doubt it's you. One possible (and frequent) cause of this is someone with a Windows machine has a bot or other malware installed that has turned their box into a spam relay. The actual sender is being obfuscated by grabbing names out of their contact list and using that as the From address.

If you want to really lock down your Mac, do this:

1. Go to System Preferences and create a new account (something like "MikeZ".
2. Give the new account administrative privileges.
3. Log out and log in with your new "MikeZ" account
4. Go back into System Preferences and remove your original account's administrative privileges.
5. Log out of "MikeZ" and log back in to your original account.

You're now an "unprivleged" user. Any time you want to install software or make changes to your system you'll need to enter both the admin account name and its password. The reason for this is there are certain instances where installs can occur without prompting your for your password. Also, when you do enter your password, it's valid for several minutes. Not so when you don't have admin privileges.

This is how I use my MacBook. Very seamless. I've only one application that has given me issues operating this way.


To add to what is above, this is most likely backscatter. Many windows viruses plunder the address books of those hapless infectees, and then send emails purporting to be from them to other people in the address book, or to people whose email addresses appear in files on their disks, etc.

Your mac doesn't have these viruses, but you may well know or just have once been emailed by windows users who do.

My guess is that you yourself don't have a virus.

There are two more likely scenarios:

a) Someone with your email address in their address book has a virus on their computer. What happens is that a virus on their computer picks a random email address (in this case yours) to use as the 'From' address, and sends email to everyone on the address book.

b) Your email address is the lucky one chosen by a spammer to be used as a 'From' address, so all the complaints (either automatic or manual) get sent to you.

Another possibility is that the mail server that you use (the SMTP server that you send through) has been compromised, although if you are with a reputable ISP that is unlikely.

There is NOTHING you can do about it. In most cases it is just infuriating, but in some cases it can have more dire results: the 'powers that be' determine that you (actually your SMTP server) are a spammer and your domain address gets blacklisted and placed on the blocking list used by many mail systems at the ISP level. That is bad, since getting off the list can be tough. In bad cases you may need to setup your SMTP to send through GMAIL or some other large system to get your mail delivered at all.

We use MacScan from http://macscan.securemac.com/

You don't have a virus. Someone has set your email address as the reply-to in spam they have sent. All you can do is wait it out or change your email address. :(

You'll probably just have to reinstall Windo... Wait, what?


This does not mean you have a virus. And since you have a Mac you don't have a virus. There are none. It most likely means your
e-mail address was in Windows users address book who has a Windows trojan. This is quite common. Nothing you can do about it.

No actual virus for the Mac platform has been observed in the wild. There has been talk of proofs of concept, but never the actual real thing.

You're seeing backscatter.

As others have explained, it's probably not you who is sending these. If you want keep crap off your computer in the first and have your outgoing emails screened, consider a mail service like AlienCamel (aliencamel.com). Stats for my account:

Email activity since joining
Number of emails from unknown senders blocked: 157,767
Number of email with viruses blocked: 51,651
Percent of spam emails: 86.94%

What everyone else said: it's highly likely that someone's been forging your email address on the From: line of spam that's being sent from elsewhere. I had something similar happen to me once -- at one point I got hundreds of spam bounces a day. There's not much to do except build some filters to trash the bounces.

This likely is not you. Someone with your email address in their address book likely has a virus that is sending spam emails from their computer and using all the addresses in their address book as reply-to's for those spams.

Not only do you probably not have a virus, you can now look forward to receiving spam from yourself!


Mike - Pain in the a... heh!

Sorry for your troubles. I'm certain as are many of the other folks who posted earlier that you do not have a virus. For email spam I use SpamSeive which is a terrific program.

Here's a link:

I don't think much of any of the "virus" protection software for the Mac. My experience is that most of it is junk. OS X is pretty secure so I don't worry about Mac viruses and I don't believe there have been too many of them anyway.

Good luck with your spam problems and do give SpamSieve a look.



If you want to be sure, install Little Snitch on your Mac. It monitors outbound connections from spyware like Adobe CS3 and allows you to block them. As others have said, you are most probably experiencing backscatter from spam with forged email addresses.

There is a simple solution for that problem, called SPF (www.openspf.org), but Apple in its great wisdom has not implemented it in dot-Mac, and thus your @mac.com address is not protected. Yet another reason not to pay for the substandard dot-Mac service in the first place, if you needed any. You could always write them to complain, but don't hold your breath.

What everyone else said. The bounced email notices are likely fake or the emails that bounced were sent from someone else's computer. I'm a Mac Consultant, and I have yet to see a virus on an OS X machine. I only saw one or two instances on OS 9 as far as that goes.

If you feel you must use anti-virus medicine:

clamxav - geeky, a bit tricky to set up, best run once a week or so as the automatic scan is flaky and slows down your Mac, or was last time I used it.

Norton AntiVirus - Works pretty well, the auto-protect needs to be turned down a bit from standard so it doesn't slow down your machine. Again that was a recent, but not current version.

Intego Virus Barrier - Heavy handed, sensational marketing. They will say or do anything to sell more of their products. If there ever *is* a virus outbreak on the Mac, I think these people will have financed the creation of that virus.

Macafee - I haven't tried this in years. They were in the Mac market, then partly out of it. For a while running an older version of their software on the latest OS X could cause all kinds of problems. I did see them at Macworld this year, so they must be selling something.

If you think that none of these choices are very attractive, that's what I think as well.

Find one of the bounces that includes the complete headers of the bounced message. (Most probably will.) Examine the headers and I'll bet you won't find your computer's name or address, nor will you find mention of your ISP's mail server. If you don't find either reference in the original email's headers, and I very much doubt you will, you can be assured that your computer is not originating the messages.


These government web sites may be some help... Still, the spammer who forged your email address as a return address is costing you time, and time is money. One reason to file a complaint is to go on the record that you are not a spammer, but a victim. This may help prevent being blacklisted or considered as a spammer.


For here, mouse the "Consumer Protection" tab and click on "file a complaint": http://www.ftc.gov/

Chances are it isn't you, it's just a spammer who's using your email address as a false 'From:'. If you dig through the raw message source you'll find that the actual sender (and relays) of the spam is entirely different than your IP.

Odd coincidence that you mention this; just today I got a spam from me to myself. With a bit of research I learned that the sending mail server was an ISP in Italy.

We're continuously fighting this with our largest webhosting client; our website for this client gets a couple million hits per month and every email address posted has been harvested and used as a spam source.

As others have suggested, set up a Gmail or whatever address as your 'business' address. When this address gets used too much by spammers chuck it and use another one. Yes it's mighty inconvenient but that's the way it is.

Good luck!

'You don't have a virus, because you own a Mac.'

Has anyone scanned Michael's computer for malware? If you were truly an IT professional (like for a living), you would know that Macs like any other computer are subject to infestation. To truly protect a computer, anti-virus software is needed.

AVG is a good choice for the Windows platform, but does not have a Mac platform yet. As for Norton, MacAfee and Sophos, those do offer Mac support but the first two are, like their Windows counterparts, still unnecessarily bloated.

Roger above made an excellent suggestion in part of his post that suggests creating a separate account that is unprivileged and gave a very good explanation. Having said that, and while also acknowledging that the problem as described is likely not a virus problem, this is not the place to hypothesize about what is the problem. Furthermore, to declare so unequivocally that he does not have a virus is an exercise in ignorance at best.

The question as originally asked was inquiring about good AV software for the Mac platform. Michael deserves an answer from someone qualified to make an experienced recommendation. The suggestions thus far, and my experience with them on both Windows and Mac platforms are:

AVG - not available on Mac
Norton - fine but a little bloated on both
MacAfee - also fine, but still bloated on both
Sophos - much better than either Norton of MacAfee
Intego is an other one that is specifically designed for Mac that I personally like (www.intego.com).

As for credentials, I have been a working professional within the IT sector for almost a decade, and my experience runs the gamut from small, medium-sized, to LAN/WAN and enterprise environments. My current job is as an IT contractor for the military. While I don't mean to sound arrogant myself, since I work on both platforms regularly, and am very well-briefed in the security needed for both, I would certainly hope that I am not speaking out of my you-know-what.

Here it is sufficient to say that if Michael does not have AV protection, he could have a virus, and to remove any possibility of doubt, he needs to get AV protection ASAP. Enough said.

Mike, you are welcome! and Thank YOU for producing such an outstanding Blog/site that continues to draw my interest on a daily basis.

Jason, in your extensive experience, have you ever encountered a real virus on a Mac running OSX? I ask in all sincerity.


There has not been a Mac OS X virus in the wild for several years!

And just to clarify my previous post, the thing that was in the wild a few months ago was a "Trojan Horse", not a worm. That was a mistake on my part (I knew what I meant, yet I still typed the wrong thing :- ) ).

I'm wondering if Jason Anderson can supply any specifics about the virus he thinks you may have as his post runs counter to everything I've read about viruses on a Mac. He may well know more than I but as someone who follows Mac security fairly closely, I would consider it useful if he could provide some specific evidence for the virus, any virus on Macs that may be causing your problem.

On the other hand, I have had the unpleasant and somewhat embarrassing experience of having my email address used as a return address on spam. How this happens has been explained by many above.

Dear Jason,

The posts here have not argued that Unix-based systems like OS X are inherently more secure against malware. They have stated, correctly, that real-world infections of OS X are somewhere between fabulously rare and nonexistent.

Please prove that assertion wrong with fact, not attack. Please list at least one currently-extant-in-the-field Mac virus. I don't know of any, but I may have missed one. So I'm inquiring.

And consider following the medical dictum of not looking for a zebra when a horse will suffice. What's possible is not the same as what's remotely probable.

pax / Ctein

I started receiving similar bounced spam about a week after I set up my own website - with a .com domain name.

I suspected the problem was some spammer was trawling names from the whois database, then e-mail spoofing.

Since I obfuscated my e-mail address on whois, the spam content has reduced to a trickle. There is normally an option on your domain providers user control panel to change registration contact details.

you can check things out, on your mac by opening a terminal window and typing in "whois xxx.com" ( where xxx is your your domain name.)

Again it's almost certain that this is not a virus, partly because you have a Mac, but also because Mac or Windows is otherwise irrelevant to your problem. The spammer machine, which could be PC or Mac or Linux, is "spoofing", making up the return address from a random user name and your domain name - look at it, it'll be like [email protected]. Anyone with a domain can be hit.
One way to cut down the error messages is to ask your web host to implement SPF which tells the receiving email provider the IP address from which valid mydomain.co.uk will originate. It helped cut down the number of return messages I got from AOL and other big email providers. I'm sure there are similar measures.
I've found the best way to cut down the error messages is to redirect the domain's default email address to deep space (eg a Gmail account), and to itemize valid email addresses so they are redirected to your main email inbox. So any unlisted email accounts, like [email protected] would disappear off to Gmail, while [email protected] or [email protected] would be redirected to (say) your .Mac accounts. My Gmail account grows by tens of thousands of returned emails a month, and only a few, where they used a valid email address, get past my Mac Mail spam filters (and even fewer past my Outlook 2007 filters)


A legitimate bounce message will include your full name as given to your e-mail client -- for example, mine look like "Matthew Miller ". Malware-generated spam will usually just have a list of addresses without the name (and if they have the name, not necessarily the exact right format). You can use this information at your ISP or in your e-mail client to filter out 99% of the junk bounces and still get legit bounce messages.

What has probably happened is that your email address has been 'harvested' from your web site or from a post you've made to a message board, then used as the 'reply to' address for spam.

The best virus protection in the world, even using UNIX, will not make the slightest difference here.

You need to avoid publishing your email address in 'clear text' anywhere if possible, but 'obfuscate' it using one of several methods. One trick I've seen recently is to have your email address displayed as a jpeg image - pretty hard for an automated spy bot to harvest!

Also, use temporary/free web-based email addresses (e.g. yahoo) for registering with message boards, for which you only access messages via your browser (i.e. not your normal email).



P.S. regardless of the above, you should always invest in a good anti-virus/anti-rootkit/firewall package.

The likely culprit is a Windows computer with your address in its address book and an infection of the Windows virus (or worm) SirCam , MyDoom , or less likely Melissa .

None of these infect a Mac. As most above have said, I don't think there's been a Mac virus since OS X was introduced many years ago.

"and to remove any possibility of doubt, he needs to get AV protection ASAP. Enough said."

As an experienced IT professional myself, I want to make sure no one gets the wrong impression from this misleading statement. In fact, you can NEVER remove any possibility of doubt where viruses are concerned. You can only reduce the amount of doubt, not eliminate it.

There is no 100% solution...there is a 99% solution, or 99.9%, or 99.99%, etc...you decide how much security is right for you. The problem is that every one of those 9s becomes exponentially more costly in both price and demand on system resources.

If you're a big corporation, or the military, you're going to want a lot of 9s, so it's no surprise Jason the military contractor recommends virus scanning.

For the rest of us, it's not so simple. On PCs, the most conservative estimate I've seen is that an unprotected PC connected to the Internet for a month has a 3% chance of being infected. To me, that's unacceptable even for home use, so all my PCs have antivirus protection, and I suffer the attendant system slowdowns during scans.

On Mac and Linux, however, the rate of infection and the rate of new virus creation are much, much lower. For a home system not networked to other systems and just connected to the Internet, you're at least 99.99% likely to go a month without getting a virus.

For home use and hobbyists, that's probably an acceptable risk compared to the way AV programs tax system resources.

For busy professional photogs on these platforms, if you look at the value of one month's work you will be more likely to decide that some antivirus protection is warranted. You can't run the risk of losing the whole Smith wedding and that shoot for Yoohoo cola.

Even so, antivirus software will not be a 100% solution. It is NOT a guarantee. So the best thing you can do to defend against viruses on any platform is: REGULAR BACKUPS. Otherwise, when that .000001 % chance finally hits you, you're going to potentially lose everything.

Without regular backups, antivirus software is useless. You may be reducing the chance you will get a virus, but every passing day increases the financial risk in getting one. There is ALWAYS doubt in virus protection, and backups are your defense against that doubt.


The day that Mac's didn't need anti-virus is over. I just retired from 37 years of IT mangement and the last 7 were at a university the worse place for viruses you can imagine.

We ended up after a detailed evaluation process going with Sophos for both individual lab machines and Mac servers.

What you have doesn't sound like a virus as others have pointed out but I wouldn't run a naked mac today like I did for years.

Check out Sophos.


People, I think you missed my point. My point is that I do not know what is on Michaels computer, simply because I have not scanned it. He may have a virus, he may not - I never claimed to know.

I did acknowledge in my previous post that this the problem as described does not sound like a virus, but rather is some form of email header spoofing, like others suggested but that does not necessarily preclude that a virus or other form of malware could exist on his computer. The simple fact of the matter is, no one that is posting on here, save Michael himself, can really know for sure because they cannot conduct a test scan.

The only point I had was that any computer is better with AV software than without. Since Michael's real question was not asking for a diagnosis of his computer problem, but rather was asking for an AV recommendation, that is what I gave him, rather than claims that "it's not a virus, you run a Mac." To wit, here's another reference that brings this specific point home.


In part, he says that, "Since no operating system is bulletproof, we’re better off keeping the discussion on how users can practice better computing habits and avoid falling for social engineering tricks that so often lead to malware infections and online thievery. We’re also better off assuming that any of us could be hacked someday and that every company needs to hammer out a data breach response plan to mitigate the potential damage."

In other words, assuming a computer is safe simply because it's a Mac, is an unsafe perspective to have - always always always take the side of caution and be aware that ANY computer left unprotected is subject to infestation.

As for giving examples of Mac security flaws, and the presence of malware, I am somewhat limited in what I can reveal from my present work experience, but there are vulnerabilities still live in the wild, and no Mac should be touching the internet without some form of security protection in place. To that end as well, simply perform a google search on mac vulnerabilities and voila:


I experienced the same thing six months ago. I'm on Macs also, and it had nothing to do with my machines. Someone used my name and mail address for a huge spam operation. I put a filter for my incoming mail deleting everything coming from daemons returning mail. It went away after a couple of weeks. The people who do that just pick addresses they see somewhere on the net, use it for one operation, then move on to another unsuspecting user.

Thanks for the link to Strobist. I had never heard of it before. I wonder what other great photo sites you know of that I don't. Could be a good subject for a post.

Sorry, I have no suggestions on the virus issue. Been using mac for years with no antivirus protection and no problems.

While there are no current Mac viruses, I occasionally run Winduhs on my Mac using vmware. The Winduhs install is susceptible to all of the standard viruses that plague the products of the evil empire.
I have ClamXav installed on my Mac and I run a scan weekly just to be safe.
I use AVG on the Windows side.
I also get the backscatter that other posters have talked about. Basically if you can get spam, then the spammers have your email address to use as a forged from address.
One day, there will be a great internet cleanup, and all the spammers will be corralled into a circle trying to sell their "products" to each other.


I was a windows user for years until 2006 when i made the crossover to an Imac 20". In the early days i was very afraid of viruses and i bought Intego products - a bundle. I got a firewall, a backup program and a spam filter. They work really well and the spam filter does the intended service: it blocks all the spam away and all i have to do is to check from now and then the spambox just to be shure that nothing important ends there. If it's the case all i have to do is to teach the spam filter that is a good email and the adress ends up in a 'good' list and will never be blocked again.


The problem with Jason's comments is that it is the case of what comes first. Since there are zero Mac viruses, any anti-virus programs for the Mac are useless. They won't protect you. In order to write a program to protect against a virus, you first have to have a virus. All the anti-virus programs that exist now for the Mac do nothing except maybe screw up your computer.

First, you don't have a virus ;-)

>>> I've found the best way to cut down the error messages is to redirect the domain's default email address to deep space (eg a Gmail account), and to itemize valid email addresses so they are redirected to your main email inbox. So any unlisted email accounts, like [email protected] would disappear off to Gmail,... <<<

BAD idea. Eventually Google will ban your IP on their server, since you are sending them thousands of spam! (forwarding... to Google server looks like it is coming from YOUR server)

These are great ideas. However, the simplest and MOST effective action would be to allow Google to Host your Mail server (Free Service!). Check out Google Apps (google.com/a).

Google Mail server would be exactly like your current Pop3/IMAP server. And you can download all your emails to your iMac's mail.app. However, the beauty of the Google is that it will filter all Spam and Viruses for you. As well as allow you to check your email on the web in a Gmail-like interface.

Good luck.

Second, thanks for the Great website. I read it EVERYDAY ;-) just like thousands of others. And I hope it is financially rewarding for you as well. (hmm, a bit selfish on my part, since I want you to be successful, so that the site survives)

Contact me if you wish more information on the Google Apps.

I too would welcome explicit documentation of any , automatic, passive virus or bot infestations (not a Trojan that relies on user naiveness) on OS X 10.4 or 10.5.

In my experience those who install "anti-virus" software on OS X usually end up with stability and problems. If you are in compliance withe the advice given at this link:


I would not use third-party security software on OS X.

I am on Macs since 1990. Never, ever, in my experience have I found a virus.

So I suggest you forget about viruses and enjoy your work on Macs. Maybe someone is using your email account as originator of spams, but that has nothing to do with viruses.

In fact, I receive spam messages originated from my personal email address, and that is no problem: it only means that my address has been exposed long enough to have become part of the huge amount of email addresses used by spammers. Nothing else. :-)

I agree that it's most likely not a virus. However, if you are worried (or even if you're not), there is a wonderful little program called Little Snitch (http://www.obdev.at/products/littlesnitch/index.html) that will tell you if your computer is connecting to the Internet without your knowledge. I use it all the time, mostly when applications want to connect to update and I'm too busy and don't want them to interrupt right this minute. Basically Little Snitch tells you every time there is a connection being attempted, and asks you what to do. You can set it to allow certain programs if you want, or 'allow until quit,' or 'deny until quit,' or 'deny forever,' and so on, and settings can be changed from the preferences panel.

If the kind of virus that does what you thought what was happening actually does come along, Little Snitch would catch that.

(I have no connection with the maker of the program. I'm just a happy user.)

I should have read all the other comments first. I see Little Snitch was already mentioned. Sorry!

I don't know if it's a virus, exactly, but some sort of malware has generated a ridiculous number of repetitive comments to this blog article.


Dear Jason,

I understand where you're coming from, but it's not appropriate to Mike's situation.

For one, I can state there's a 99.9% certainty that Mike's system is not infected, without even inspecting it. How so? Because there are NO reports out there of OS X viruses running through the general populace. So, there's only two ways Mike can be infected:

-- if he's way up the food chain close to Patient Zero and we just haven't gotten word yet. What are the odds?

-- if he's run some majorly hacked or variant system, which leaves him open to attacks most other wouldn't be susceptible to. Mike's enough of a computer naif (no offense, Mike) that the odds of this are even smaller than his machine being at the front end of a new infection.

Your job is in part (I'm guessing)to plug vulnerabilities in systems BEFORE malign forces co-opt them. That makes sense in your environment. It also makes sense for the OS manufacturers. It does not necessarily make sense for end users, because the risk they are compromised (in contrast to compromisable)
is extremely low, and running low-level stuff like anti-virus software carries costs of its own.

So, while you properly answered the question Mike asked, that did not mean it was necessarily the best advice.

To make an analogy, if my next door neighbor asks me where he can get an anthrax vaccination, because he has flulike symptoms, I am not going to send him off to get vaccinated unless there is some measurable chance he's actually been exposed. Instead I will try to disabuse him of the notion and recommend more likely (and benign) treatments. It's not what he asked for, but it is what he needs.

pax / Ctein

Re Shadzee's comment:

I do exactly that, forwarding important addresses to my own mailbox, and everything else to gmail. This picks up email from the address displayed on my (old) pages, and also "backscatter" to all sorts of made-up addresses.

And I have not been banned. I do also use the gmail account for some legitimate mail (lists and amazon and such) so perhaps that helps. Also I imagine they can tell the difference between a reputable hosing service's forwarding all mail and a spammer's behaviour, not an expert but I'm sure they are!

It seems all is said, all I would add is that in these cases a good firewall program is great as a diagnosis tool too. Besides its usual purpose of blocking inbound and outbound unwanted traffic, it will always tell you when a program outside the authorized list is trying to access the net. In the case of unwanted outbound emailing, it's usual for a virus to set up its own email program, instead of using the system's one. So when that one wants to use the net your firewall would warn you about it and ask for permission, which you can deny and look up for the process in question. There are very cheap or free good firewalls, and it makes you a lot safer. You know you'll be asked for permission when you install a new legit program that needs to connect, but even that is great if you don't want them to (most of Microsoft stuff does "phone home", for example).

NB: LittleSnitch will not necessarily help because the malware may well send its email via Apple Mail which of course is authorised in LS to send mail and thus would not be blocked. Still worth using LS tho for other reasons.

The comments to this entry are closed.



Blog powered by Typepad
Member since 06/2007