Idiot tech support, rather than a client, but ...
We've recently been 'Joe Jobbed'. Someone is sending out spam emails with a from: address at our company domain. We first noticed this when we started to get bounces to random people who were supposedly at our company (n_rodreguez@, j_smith@ etc).

I was annoyed, but not concerned until we got a bounce from AOL which said that they may start to blacklist our domain. As some of our clients use AOL this would be a major inconvenience, so I rang AOL UK to reassure them that were not sending spam, and can they make sure that we didn’t get blacklisted.

The tech support call got through to an Indian call centre, who forwarded me to an engineer. I outlined the problem to him and after to-ing and fro-ing about whether I was an AOL customer or not he told me that someone must have infiltrated our network or cracked our password. His suggested remedy was to change the password for our email account.

I said that the person sending the mail didn’t care about reading our email, merely that he was sending out viagra-plugging spam with a forged reply address at our domain but using SMTP servers for a different ISP. He then replied that it was impossible to forge an email address, and that the person must have access to our network and that we should change our passwords.

As politely as I could, I pointed out that it is perfectly possible to forge an email address – and more to the point, we don’t have an SMTP server of our own - we use our ISP’s (blueyonder). Even still, he stuck to his guns and repeatedly insisted that, with all due respect, I was wrong and that you couldn’t forge an address, and that if I just changed my passwords it would *click*

*hangs up*

FYI – after a phone call to AOL in the US it turns out that they block SMTP servers, rather than actual domains, so all is okay - though the bounces are still coming in
(jazi, Mon 29 Dec 2003, 16:29, Reply)