It's a truism that the "From" or "Sender" of a spam email message is almost always forged -- it's hardly ever the actual sender. That could be changing. I've noticed an increasing volume of spam hitting my spamtraps that appears to have a valid return address.
Why would this be? I can think of at least four reasons:
- It's illegal in some countries -- but many other actions related to spamming are also illegal
- Increasing use of sender authorization technologies such as SPF, Sender ID, and DKIM by spam filters -- spammers think that a valid return address makes it more likely that their spam will get delivered
- Increasing use of "call to action" filtering -- spam that invites the user to reply by email is harder to filter than spam that quotes a web site or phone number
- Lower likelihood of being cut off -- people are unused to sending complaints about the owner of the sender domain; overworked abuse desks are less likely to notice that the spam implicates the sender domain