SourceForge Support Documentation

Site documentation and support for SourceForge.net

Brought to you by: brondsem, carloscruzm, daniel-castillo, dillonwalls, and 7 others

User Mail Problems

Mail Problems

1. Mail sent to the mail alias is bouncing.

This cause of this is often the mail alias settings which do not accept all mail. And the default for many years now is to not accept all mail.

If you are trying to send an email to another user's mail alias, and it is bouncing, you may try sending them a message through "Send me a message" link on their users page (ie. http://sourceforge.net/users/<username> ). If their account's settings allow for user messages to be sent, then they will receive the message in their email address on account.

2. Someone else is sending mail using my mail alias! Have they taken over my account?

In short, no; but at the same time, there is nothing that can be done to stop the mails and this should NOT be reported to SourceForge.net staff. This is not a security problem; it is a limitation in the design of the mail protocols.

The transmission of mail with a falsified sender is a significant problem on the net today. Control over a mail account is not required to send mail as that account. The mail protocols are not currently designed in a way to prevent this sort of abuse. This type of abuse occurs both intentionally and unintentionally -- some of this sort of abuse occurs due to the various email-related viruses circulating on the net (your machine need not be infected for a virus to send mail as you). The most common reason you would find out about these mailings is either an automated virus warning from a remote host (sent to your email address) or receipt of a bounce notice (sent to your email address because the falsified mail was sent to an invalid destination).

If you have been the victim of this sort of mail abuse (someone has falsified mail as being from you), there is generally little recourse. Since they need not have control over your account to send mail as you, and there is no way to require remote mail servers to ask for "proof" that you sent the mail, you are provided little recourse to battle this sort of abuse.

Examining the headers of the original message should provide you some direction on where a complaint could be sent -- you would want to send the complaint to the domain that the mail was sent through (they are either openly relaying mail or someone had to authenticate to their mail server in order to send mail as you -- either way, they should be able to do something about this). Beyond that, we recommend you simply ignore these mails and discard them when received. Please keep your machine up-to-date with the latest software bugfixes and security patches as provided by your OS vendor. You may also wish to start digitally signing your outbound mail using GNU Privacy Guard so people will be able to authenticate mail as actually having been sent by you.

Due to the widespread and common nature of these issues, and since there is nothing we can do to stop this sort of abuse (the mail protocols simply are not designed to prevent it), do not report these issues to SourceForge.net staff -- we will point you to this notice if you do.