Are the mails from mailer-daemon@googlemail.com authentic?
Some months ago, I started to receive some emails from "Mail Delivery Subsystem" (mailer-daemon@googlemail.com). Despite this being an "automatic" failure email, I thought these emails were spam, so I just ignored them. But today I received many more emails, and this started to disturb me.
These emails are sent from mailer-daemon@googlemail.com (there is an icon that indicates a reply email) and says that "MYEMAIL@aol.com couldn't be found". "MYEMAIL" is the email that is receiving these messages, but with domain "aol.com" (I don't have any email from this domain).
In these emails, there is always an attached file about something attractive, like diets and wines. I think the most curious detail is that I was receiving these emails but in a "normal way". Before receiving mailer-daemon, I was receiving spam like normal, even with the same subject, and at some point this changed to mailer-daemon. Another detail is despite these emails always having an attached file, I can't see the attached file icon until I open the email. Only then, when I close the email, I can see the attached file icon. Obviously I never downloaded these files
I already changed my password, checked login's entries and everything seems to be normal. I can just block emails from mailer-daemon@googlemail.com, but I'm concerned about why this is happening.
This mailer-daemon@googlemail.com is probably backscatter spam, in which a spammer sends out junk with a forged sender address. Recipient addresses that bounce (on servers misconfigured to send bounce messages as external email) will be sent to that forged sender address. In this case, that was you. However, it seems highly unlikely that Google is so misconfigured. If you can paste a copy of one of those bounces as source code in your question, I can help you determine whether it truly came from Google or if the whole thing is forged. My suspicion is that you're forwarding these messages to another (non-Google) account and the receiving system has SMTP-rejected them as spam, which will generate a legitimate bounce message back to you.