jtara - 6:48 pm on Feb 19, 2006 (gmt 0)

If they appear to be intended for your eyes, I don't think I'd worry about it.

If it appears that they are using your domain in the return address of mail sent to OTHERS, I'd be more concerned.

You will be able to tell if it is the latter if you are receiving "bounce" messages when emails are rejected by other servers.

I think, though, that, in this case, they are forging your return address to avoid them getting the bounce messages from YOUR servers. They don't know if your server accepts these addresses or not, so as a precaution, they use your own address for the return address. So, if you didn't accept the address, you would bounce to yourself, and not bother them.

I had this happen a few years ago, where somebody was sending out sexually-related spam using my domain name in the return address.

I offered a $100 reward, which was widely publicized by the technical press. Somebody actually tracked-down the spammer, and, ultimately, two anonymous $400 money orders arrived in the mail, claiming to be the spammer's profits. He also promised never to spam again.

(The spammer was advertising 1-900 lines. The 1-900 line provider forced the spammer to to disgorge his profits, under threat of having the lines shut off over night...)

I doubt this would work today, but you could give it a shot. :)