Many spammers now use special software to create random sender addresses, Even if the user finds the origin of the e-mail, it is unlikely that the e-mail address will be
active, The technique is now used ubiquitously by mass-mailing worms as a means of concealing the origin of the propagation. On infection, worms such as ILOVEYOU, Klez, Sobig, and MyDoom often try to perform searches for e-mail addresses within the address book of a mail client, and use those addresses in the "From" field of e-mails that they send, so that these e-mails appear to have been sent by the third party. For example:

User A receives an infected e-mail and the e-mail isopened.triggering propagation, The worm finds the addresses of Users Band C within the address book of User A. From the computer of User A, the worm sends an infected e-mail to User B, but the e-mail appears to have been sent from User C.

This can be particularly problematic in a corporate setting, where e-mail is sent to organisations with content filtering gateways, These gateways are often configured with default rules that send reply notices for messages that get blocked, so the example is often followed by: User B doesn't receive the message, but instead gets a message telling him that a virus sent to a recipient has been blocked. User C receives a message telling him that a virus sent by him has been blocked. This creates confusion for both Users Band C, while User A remains unaware of the actual infection.