report spamming to apple

You report this in the same location that you report or request technical support.

If a spammer entered your email address to appear as the sending email address for a bulk spam mailing, there is nothing that Apple can do about this.

For many or most email accounts, there is nothing that prevents someone from entering any email address in the email address field for the account preferences to appear as the sending email address but for the most part only spammers are interested in doing so.

The same has happened to me (not with my .Mac email address) and to many others. As you know, spammers usually don't provide a valid sending or return email address but some use a valid email address pulled from their list of "known good" email addresses to appear as the sending email address for a bulk spam mailing but not to worry, it won't last long since spammers are constantly changing the email address that appears as the sending email address to bypass junk mail filters especially those that have an option to filter by email address.

Unless your account has been hijacked by someone who managed to get your password (unlikely), you're just an unfortunate victim of a faked From line. Spammers sometimes put real people's e-mail addresses on the From line of their spam. This in no way means that the mail was sent from that person, or even from that person's mail server. It's just faked. Unfortunately, there's nothing Apple can do about that, so reporting it to them won't do any more good than reporting your noisy neighbor to the queen of England.

For many or most email accounts, there is nothing
that prevents someone from entering any email address
in the email address field for the account
preferences to appear as the sending email address
but for the most part only spammers are interested in
doing so.

Entering an arbitrary email address in the account preferences doesn't mean anyone can actually send email from that account, since essentially every provider's servers require at least password authentication to use the account.

Spammers typically use one of two methods to send their junk; either they use hijacked computers that actually send the stuff, or use a mail system server they control to 'inject' messages with forged addresses & other header info directly into the mail system, where legitimate mail servers pass it along to recipients.

Basically, anybody can run a mail server -- the software is supplied with every OS X installation, although it is not user-friendly to set up or activate. Unlike client apps, mail servers don't require an account with an outside entity -- they are the account provider. Because of this, they can be configured to send whatever they want, including any email address, bogus "Received" path headers, & so on. The only thing that prevents more abuse using this method is the messages can be traced back to the source unless the spammer is very careful. (So don't try it yourself!)

The big problem these days is a combination of the two techniques, wherein spammers buy or rent "zombie robot armies" of compromised computers ("botnets"), which send out spam from thousands of different computers, including both those of users & servers. Because so many computers are involved, & because the bot can be upgraded or evolve on its own, it is almost (I hope!) impossible to stop.

If you are interested in this, check out Wired 14.11: Attack of the Bots for example.

Entering an arbitrary email address in the
account preferences doesn't mean anyone can
actually send email from that account, since
essentially every provider's servers require
at least password authentication to use the account.

Essentially every provider's SMTP server is not authenticated. .Mac's authenticated SMTP server includes an additional requirement that the email address entered/used as the sending email address match the account and you cannot use the .Mac authenticated SMTP server to send messages with another email account. Every provider does not have POP before SMTP authentication either.

With the email account provided by my ISP which does not have an authenticated SMTP server or POP before SMTP authentication, I can enter any email address in the email address field for the account preferences to appear as the sending email address and there won't be a problem doing so as long as I'm not using it for bulk spam mailings or for something else that violates my ISP's terms of use.

I used what you quoted by me as an example to the OP only which was not intended as how spammers operate. Although I'm very much aware of what spammers typically use, thanks for the info.

I agree with the other posters, it is likely that someone is just sending mail using your address as the return.

This is called "Joe Jobbing", and usually the only thing you can do is abandon the address if things get too bad.

Google "joe job" and you'll find a lot of info on this tactic.

- Wayne

PowerMac G5 Mac OS X (10.4.8)

Essentially every provider's SMTP server is not authenticated.

Hmmm. Every one of mine is, by POP before SMTP, by some form of account name matching, or by SSL. In some cases, there is an apparently "open" smtp server but it only works from an authorized IP address. Some providers offer an "on the road" option using SSL so its customers can use the server when not on the IP address node.

I'm curious what ISP is so irresponsible that it leaves its smtp servers open to anyone, particularly since we share the same approximate locale. Mind identifying it? I'd like to send them a letter of complaint. Failing that, I'd at least like to create a rule to look for its server addresses in the email I receive.

I was mistaken.

My ISP does not have an authenticated SMTP server and does not use POP before SMTP authentication or SSL but does authenticate by authorized IP address so the SMTP server is not an open relay for anyone to use.

I am able to enter any email address in the Email Address field for the account preferences to appear as the sending email address for the account using my ISP's SMTP server (not that I have or would) but since the SMTP server is authenticated by my authorized IP address, if I did so for any reported reason that violates my ISP's terms of use, it would be easy for my ISP to track me down by IP address.

My ISP [...] does authenticate by authorized IP address ...

I'm relieved to hear that. ISP's that don't regulate use of their smtp servers in some way are rare for the simple reason that they are quickly discovered & used by spammers, which leads to blacklisting of the domain. Legitimate customers discover their mail isn't getting through, complain, & the ISP either does a better job or it loses its customers.

It's one of the few things that works in our favor in the war against spam.

Technical support is a phone number,

It is? Technical support can be provided in a number of ways - via website, email and by telephone.

And as also provided by a number of others in this thread, there is nothing Apple or any other email account provider can do about such a report but you can do so at the same location .Mac technical support is requested since .Mac does not provide technical support via telephone.

Here at the bottom of the page.

http://www.apple.com/support/dotmac/account/#form

No that is not the answer. I gave you the link to report a problem to .Mac but have you read all the posts in this thread?

Apple and any email account provider can't filter out or prevent a spammer from using or spoofing any email address as the sending address for a bulk spam mailing.

http://searchsecurity.techtarget.com/gDefinition/0,,sid14_gci840262,00.html

http://www.everything2.com/index.pl?node=Joe%20Job

So the answer is that Apple dosn't have a place to
report these problems. I find that mind blowing. If
I sent the raw rejected email that I have Apple could
learn enough to filter out this stuff. Somebody is a
sleep at the switch.

As was explained by the others, the reason there's no place to report it is because there is no effective way to filter it out. All a spammer has to do is constantly randomize the message content to evade the filters, and they are doing that. What about blocking domains and IP addresses? Well, spammers keep changing those too. These days, instead of using their own computers, spammers use botnets to control thousands of computers located at thousands of unsuspecting homes and businesses. They can keep changing the source computers. The target area is now spread too wide and involves the computers of too many innocent people. You may even have a Windows-using friend or family member who doesn't know their PC is being used to secretly relay spam.

The closest Apple could come to consistently blocking that spam is to block mail with your e-mail address on them, since that's the one on it, but that "solution" has some obvious side effects for you.

First of all, I'm not aware of any filtering done on the .Mac server by Apple -- and since I'm not aware of it, I would hope it isn't happening. I'd hate to think about having false positives filtered and lost without my even knowing filtering is going on. If you are using the Mail e-mail client, which Apple provides for you, its filters do a darn good job once trained, and you are in total control of the filtering.

Second of all, I'm sure that Apple does have a place to report abuses by actual .Mac members. Most likely it's something like abuse@mac.com, as with just about every e-mail provider these days. However, what you described was most definitely not an abuse by a .Mac member, so reporting it to Apple does nothing but waste some tech's time -- much in the same way that spam wastes your time.

First of all, I'm not aware of any filtering done on the .Mac server
by Apple -- and since I'm not aware of it, I would hope it isn't
happening. I'd hate to think about having false positives filtered
and lost without my even knowing filtering is going on.

The .Mac servers do filter spam.

http://docs.info.apple.com/article.html?artnum=86748