Helping people with computers... one answer at a time.

There's a lot of spam flying around, and much of it might claim to be from you. It's not. Whether you have a bot infection is a different questions.

I have discovered that people are receiving junk email from at least two of my business email addresses. I had it suggested that my system is being hijacked and turn into a bot. Might this be the case and how can I find out and stop it?

Let me be clear up front: the two are not related.

You may or may not be infected by a 'bot, and that has nothing to do with whether or not people are getting spam that appears to come from you.

As usual, the "what to do" is fairly simple.

I've discussed all of these topics here before, but now's the time to tie them all together, since many people are under the mistaken impression that a 'bot will send email that looks like it came from you. That's simply not the case.

From: You?

Someone's sending from my email address! How do I stop them?! discusses the concept we now call "From spoofing". The bottom line is that it's actually trivial to set the "From:" line on an email to be anything. So, what spammers do is to use real email addresses like yours and place them in the "From:" field of the spam that they send.

And it has absolutely nothing to do with you.

Or your machine.

The only thing it takes for this to happen is for your email address to be on a spammer's list somewhere. And if you've gotten any spam (and who hasn't?), you know you're on the list.

What's worse is that since it has nothing to do with you, there's nothing you can do to stop it. Period.

By You?

What's a botnet? Or zombie? And how do I protect myself from whatever it is? discusses the concept of a bot and a network of bots called, not surprisingly, a botnet.

As to whether your machine has become a participant in a botnet, the only real symptom that you'll typically see is unexpected slowdowns on your machine, particularly in internet connectivity as the bot sends its load of spam.

Bots are the ones typically spoofing From: addresses as we've discussed above. But for one thing they'd be stupid to use your account, since that would just make them that much easier to track back to your machine. For another, they probably don't even know your account, or anything else about you.

All bots really care about is that they've been able to infect you, and that they can access the internet. With that connection they can then receive their instructions (including the email addresses to use) from a remote "bot herder" who controls their operation.

It's very likely that a bot infecting your machine is completely ignoring any and all of your data, including email addresses. It's getting everything it needs remotely.

Now What?

The first line of defense is, of course, not to get infected in the first place. That means following the advice I'm sure we're all tired of hearing: don't open attachments unless you're positive that they're safe; don't visit questionable web sites; make absolutely certain you are behind a firewall; keep Windows and your anti-malware software up to date.

You know the drill.

Internet Safety: How do I keep my computer safe on the internet? has the details if you need a reminder.

Once you have been infected (which good anti-malware software will tell you) there are two schools of thought:

  • Once infected you can never trust your machine again. You have no way of knowing what the infection might have done, and no amount of cleaning will guarantee that there isn't something that wasn't caught. Reformat your machine and start over.

  • That's too extreme for most cases. Use good and up-to-date anti-virus and anti-spyware programs, more than one if you have to, to clean the infection off of your machine. Once they say you're clean, then chances are you are.

So don't get infected in the first place, and be prepared for a little cleanup work if you do.

And don't take the "From:" line on spam as really meaning anything at all.

Article C3353 - April 17, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

2 Comments
Ken Crook
April 19, 2008 4:44 PM

I routinely get spam sent by my own E-mail address.

David Nitzsche-Bell
April 5, 2012 12:14 PM

I've been telling friends/clients the same thing about "From spoofing" for years, namely that your name is on a list, it's coming from a completely different computer and you can't do anything about it. They never like that answer.

But, it happened again this week and as I *hate* my current answer, I wanted to see if there was anything new.

So, I looked at the spam that I had received "from" my friend. Then I looked at an email I received that she really *had* sent to me. I looked at the mail headers and lo and behold, they all look very legit and similar from both messages.

I'm now beginning to wonder if maybe there is something more to the issue.

Any thoughts?

Email accounts are also getting compromised/hacked at an increasing rate, it seems.
Leo
05-Apr-2012

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.