And just HOW do you know your friend is the one sending out the
messages? Do the Received headers trace back to his e-mail server and
Give the headers from an example e-mail that you received. Munge out
the usernames in any e-mail addresses (but keep the domains since those
are public info, anyway). Munge out any account or user names mentioned
in the headers. Then copy the edited headers here. Tell us from what
e-mail provider or its domain he sends his e-mails. Then others can
tell you if that example e-mail came from his account.
Unless your friend is infected with a trojan spewing out e-mails through
his account(s) or an e-mail account owned by the author of the trojan,
the more likely scenario is that your friend's contact list got
harvested by malware that send back this list to a server where the
spammer/scammer can harvest those lists culled from infected hosts. If
your friend is keeping his contacts up on the server for his e-mail
provider then it is possible his account got hacked so the infiltrator
can harvest the list of contacts from there. The infiltrator could then
send to those contacts using the hacked account or send from someone
else using the harvested list of contacts.
Based on your assumption above (his PC is sending messages), just how
would one of his contacts have control over his e-mail client and his
e-mail account in order to send out those messages from there?
Tell your friend to stop publishing everyone's e-mail address when they
send to multiple recipients. When your friend puts multiple e-mail
addresses in the To or Cc headers then *all* recipients get to see
those e-mail addresses. He should instead put the list of recipients
in the Bcc header so no one gets to see to whom his e-mail got sent.
Some e-mail servers will not accept an e-mail with a blank To or blank Cc
field. For those, add your own e-mail address. After all, your own
e-mail address will be in the From header so you are not divulging
anything by including it in the To header.
However, if your friend has been publishing everyone's e-mail address
by putting multiple recipients in the To/Cc headers then it is too late.
Your friend correcting his behavior will not undo what he already did.
See who is really sending those e-mails by looking at the headers - and
the headers added by the e-mail servers, NOT those added by the sender
since any value can be specified in those.