I received a message from my friend/colleague, but they say they did not send it; also, why do I keep getting these 'Returned Mail' messages when I never sent the message? What is going on?
In general, you and your friend's accounts probably were not "hacked." This is more likely the result of a common practice used to propagate spam and email viruses. One of the current spamming techniques is to forge the From: field, or header, of an email message to make it appear to come from someone else. This can be a real address, and it could be yours. If your email address was used, it (along with others) was probably chosen at random by a spammer’s web-crawler, or possibly a virus on someone's computer who had your address in their address book. The spammer's forge the email headers in the hope to fool spam filters and/or obscure their identity.
This is why you cannot always trust email on the basis of who it appears to be from. There is an audit trail available that shows which machine relayed this message. This information is contained in the mail headers. Spammers like to forge the IP addresses of the relaying email servers, as well as email addresses, so this information cannot always be trusted.
In interpreting the random 'Returned Mail' messages you may receive, it is usually the case that the message was not actually sent from your account; instead the From: header was simply forged as described above. You received the bounced message because if the email server cannot deliver the message (user does not exist, user over quota, etc.), it is sent back to the sender which has fraudulently been set to be you. Every day, users all over the world receive bounced messages like these. You are best served by hitting the Delete button and forgetting about it.
For more information on forged email, see these useful links:
