Summary: Email spoofing is rampant. Spammers often send email that looks like it came from you. And there's little you can do about it.
|
Someone's sending from my email address! How do I stop them?! |
You're minding your own business and one day you get email from someone you've never heard of and they're asking you to stop sending them email. Or worse, they're angry. Or worse yet, they accuse you of sending them a virus! But you don't know them, you've never heard of them, and you know you've never sent them email.
Welcome to the world of viruses where you can get the blame for someone else's infection. And there's worse news to come.
•
Before I get to that, there is always a small possibility that your email account has been compromised. The solution there is simple: change your password immediately. That should prevent someone who's using your account for malicious purposes from continuing, assuming you've chosen a good password.
But these days that's not the most common cause for the situation I've described, viruses are. And what's worse, there's almost nothing you can do.
The MyDoom/Novarg virus currently running rampant is a great example. The virus infects someone's machine and then looks in the email address book on that machine and emails a copy of itself to everyone it finds. What it also does is forge the "From:" address for the email that it sends. What does it use to forge the address? Why, the addresses in the address book, of course. So the infected machine will send email to everyone in the address book, looking as if it was sent by other people in that address book even though it was not.
Let's use a concrete example: Peter's machine gets infected with the MyDoom virus. In his address book are entries for friends Paul and Mary. Paul and Mary have never met, have never exchanged email, and do not know each other - they each just know Peter. The virus on Peter's machine will send email with the virus to Paul looking like it came from Mary. Paul may wonder who the heck this Mary person is and why she's sending him a virus, but she was never involved.
If you're in Mary's place, you can see that it would be frustrating to be accused of something that you had nothing to do with and have no control over.
For the record, your email address may end up in the address books of people you don't know as well. Various email programs will automatically hold on to additional email addresses that were included on email you received or possibly from email that was forwarded. Viruses have also been known to use other sources of email addresses or even forward them around as the virus spreads. What that means is that the simple "friend of a friend" example I used with Peter, Paul and Mary, while simple and certainly possible, is not the only way your email could show up as a forged "from" line.
What's important here is simply this: one way or another email viruses lie about who sent them.
If someone accuses you of sending a virus-laden email, and you are positive you did not, then you have very little recourse other than trying to educate them about how viruses work. Point them at this article if you like. But be clear: you're not necessarily infected nor is the person who received the mail claiming to be from you. It's some third party who is. (And identifying that third party is difficult - this is why virus writers use this technique.)
And of course be sure that you're not going to get infected yourself: don't open attachments from people you don't know and make sure you have an up-to-date virus checker and virus definitions file. I have recommendations for virus scanning software here.
Related:
Someone has stolen my email account. What can I do to get it back? The outlook is grim if your email account has been stolen, but there are a couple things that you can try to do to recover it.
How do I keep my computer safe on the internet? Internet Safety is difficult and yet critical. Here are the seven key steps to internet safety - steps to keep your computer safe on the internet.
How do I keep my computer safe from viruses? Computer viruses are a fact of modern connected life. Anti-virus software is required, and both it and the database it uses should be kept up-to-date.
Article C1887 - January 27, 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
It never hurts to change your password. Just make sure to
pick a good one.
http://ask-leo.com/whats_a_good_password.html
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIh11+CMEe9B/8oqERAhTdAJ9L8VLIBq/8mB3J443SGpdY8USPtgCeI0Uv
Posted by: Leo at July 23, 2008 9:34 AM9if2txZ91dxiJlQhVB9MTUg=
=3OJm
-----END PGP SIGNATURE-----
I keep getting email on my windows mail and it says from me but in the right click property it says (may be forge)so do i need to report this to my ISP or not to worry .I can get the ip address on them.should I turn them in?
-Leo
Hello Leo:
Posted by: christopher at September 29, 2008 2:54 PMI am hoping you can help ma and advise me what to do. It was just brought to my attention that someone has been reading all my mail. I have my MSN address on all my important documents including my resume. Anyway, I applied for a position and all went well and the Manager said he would contact me either way. So about 3 weeks went by and I called him. He was very suprised that I called b/c he stated that he wanted to hire me but the reply to address on my email which is plavelle@dartbrokerage.com which is not MINE! I was puzzled and thanked him and decided to email myself and in the reply to section is this address and I noticed somehow they get a copy of my outgoing as well. I just contacted MSN and haven't heard back yet. However, I attempted to contact this Dart Brokerage which appears to be an insurance company by their website, but both my emails to the company and their employee plavelle@dartbrokerage.com both came back as undeliverable because their boxes were full. What the heck is this, and why? How can I remove them on the reply to? I checked all my settings and they are nowhere but they appear on all my mail???
Hi Leo,
I am getting emails from myself! I tried looking at the "source" but I'm on outlook. I checked my email online and tried to find the sender, but not much success there. Is someone disguising as me, or is my computer actually sending out mail to me AND to others?
Thanks..
23-Oct-2008
I gave my x-wife my email address with hopes she would not call me anymoe and that she would send me emails instead. I was just informed that she could now use my email address to sign up for porn sites and such. Is this true and how will I be able to prove she was the one that used my email address.
28-Nov-2008
Someone else is getting the same emails, I'm getting??? Apparently, we have the same email add.....is that possible??
03-Dec-2008
When I checked my e-mail inbox today, I found that there were about 20 "Delivery Status Notification (failure)" messages. When I opened them, they all contained the same message, and it seems they got sent to everyone in my contact list (200+ addresses).
Posted by: David at December 5, 2008 5:37 PMI checked my "sent" messages list, and there was no trace that I (or someone who might have hacked my account) had even sent the messages in the first place. The only reason I noticed that this had happened is because some of the addresses in my contact list don't exist anymore and the emails got bounced back to me.
I changed my password, but it seems more likely this is a virus problem. I have an up-to-date virus scanner, and it hasn't picked any up. Any ideas?
Cheers,
David
OK - here's a twist. Some one has been using MY email address (15 yr old account I use for filling out web forms and registrations, etc) on application forms for the last 2-3 years for things like home loans, bank accounts, Pay Pal, ebay, and even notification of service on their car. I have actually located the home address and parcel ID, phone number, and even the VIN number on their car (Same state 20 miles from me). Interestingly enough, the name on the house is my name. I determined that my email account has not been breached and no fraudlulent inquiries have been made into my personal financial accounts using MY SSN. One Bank actually confirmed today that an account that I was receiving information on, that was NOT MINE, did indeed have my email address on it. So - it could really be someone with my name just using it (why?), or trying haplessly to break my password, or something. In any case got a suggestion? Not sure if this criminal or not ??? I am getting tired of sending the emails to fraud departments though and I hesitate to communicate to this person directly.
Posted by: Mike at January 28, 2009 5:28 PMI also got some emails that supposedly were sent by me and had bounced. These emails had me as a the sender. I used an IP tracing software and found that different persons in different countries were using my email address as the sender. I traced on email to a sender in Brazil, another to a sender in Germany and another to a sender in the US!! How they managed to forge my email address as the sender is what is puzzling me. Oh yeah, the usual use of my forged email was to flog sexual enhancement products. I lost a number of lady friends because one, they were embarrassed by the spam and two, they thought I was involved with porn!! Is there any legal remedy to deal with these [edited]?
07-May-2009
i changed my password after my account was hacked 2 days ago and this morning i found out that it was hacked again;(
Posted by: Dalal etoum at May 25, 2009 11:23 PM