If you received a bounce message for an email that you did not send, or received a complaint from someone saying you sent a virus, but you didn't send the email

Email messages can be forged. An email sender can simply change the "From:" field in their email program, or in more advanced cases, forge addresses through the SMTP protocol, inserting any email address in the "MAIL FROM:" section of the message.

Spammers often harvest email addresses by spidering web sites or forums, or through viruses which can harvest an infected computer's contact lists. They use these harvested address in the "From" and "Reply-to" fields of their outgoing messages to avoid dealing with the complaints generated by the spam.

Due to these shortcomings in SMTP and email message sender authentication, there is little that can be done to prevent this type of abuse. While we seek to incorporate technology that will help prevent these types of abuse, there are currently no 100% effective solutions.

If complaint messages are being directed to your inbox via email addresses that do not exist, you are receiving them due to the catchall email address being enabled. We recommend that you disable the catchall configuration so that these email messages do not make it to your inbox. The messages will then bounce, letting other mail servers know these are not valid email addresses.

If the messages are coming directly to your inbox through a valid email address, unfortunately all we can recommend is that you consider changing your email address, if that is feasible. Usually this is a temporary problem, but if it continues over an extended period of time you may consider adding an SPF record to your DNS. There can be negative side-effects to an incorrectly formed SPF record however, so we only recommend using SPF if you are comfortable with its configuration and implementation.

See this Knowledge Base article for additional information on SPF records.