I get a strange spam that shows my friend's e-mail address as the sender.
Is there a way for me to tell from the e-mail's properties whether the e-mail is automatically being sent from his computer (zombie) as opposed to coming from another source with his address spoofed/forged?
The "originating IP" in the spam' details is different when compared to an e-mail that I know that he sent' details.

Hi Wakefield,

I get a strange spam that shows my friend's e-mail address as the sender.
Is there a way for me to tell from the e-mail's properties whether the e-mail is automatically being sent from his computer (zombie) as opposed to coming from another source with his address spoofed/forged?
The "originating IP" in the spam' details is different when compared to an e-mail that I know that he sent' details.
It can be be complicated, http://www.spamhaus.org/faq/answers.lasso?section=Generic%20Questions


The From field in most spam is forged and meaningless. Some spamware uses addresses from the spammer's "To" list to also fill in the "From" address.
Have you asked him about the issue and if his computer shows signs of infection?

What kind of spam are you receiving from his email address?

I think its just stuff for sale although there is a link in the e-mail that I am afraid to visit. I think I managed to send this thread to him.

Hi there,

I think its just stuff for sale although there is a link in the e-mail that I am afraid to visit.
Did you ask your friend if he sent it?