Summary: Among the spam we all get are messages that we appear to have sent ourselves. From-spoofing is just a way spammers try to get their email delivered.
|
I get email from: someone@somedomain.com <myemail@hotmail.com> where "someone@somedomain.com" is someone I don't know, but "myemail@hotmail.com" is, in fact, my email address. It as if the email was sent by me, but I did not send it. How do I stop these email from coming into my box? It's usually for drugs or financial services that I don't need or would never be interested in. How can they use my own email? I can't block them as it says it is illegal to block my own email. |
I'll start with the bad news: there's almost nothing you can do.
This is spam, pure and simple. Abusing your email address is only one of many techniques spammers use to throw their garbage into our mail boxes.
The remedies are pretty standard, albeit less than 100% effective.
•
What you're seeing is called "spoofing" or more correctly "From-spoofing" - sending email that appears as if it's coming "From:" someone that its not.
Spoofing is a technique that is used in just about every bit of spam you see today. Spammers are trying to hide where the email comes from and are doing so very effectively. The From: address is meaningless on spam - it tells you absolutely nothing. It requires more detailed analysis of the email headers, and even then at best you might be able to get the IP address of the computer sending the email. As I've discussed ad nauseam, the IP address is pretty much useless to you and me.
The fact that you're seeing your email address used in the "From:" field shouldn't alarm you. It might be annoying, but there's no need to worry about it. You're already on spammers lists to get spam and they're using that same list, or variations of it, to select which addresses to use when spoofing. And there's currently no effective way to stop them from spoofing.
When you see your own address spoofed in the From: field of spam, it's happening for one of two reasons:
They're trying to spam you, and know that it's unlikely you'll block email from yourself. In fact, as you've seen, it's not even always possible, but I'd consider it a bad idea even if you could do it. It'll prevent certain types of legitimate email from reaching you.
They're trying to spam someone else, and what you're seeing is a bounce message indicating that the original spam was rejected by its intended recipient. Since the email looks like it came "From:" you, you get the bounce message.
Now, as to why the "someone@somedomain.com <myemail@hotmail.com>" where the two email addresses don't match, or the more common "Name <myemail@hotmail.com>" where the name is obviously unrelated to the email address, I can only speculate. My guess is that it's either intentional confusion to perhaps boost the chance that recipients will open the email, or a side effect of the tools that spammers use that may not be able to put together a proper name/email address pair.
•
"But what do I do?"
First, realize there's nothing you can do to prevent From-spoofing. Eventually your email address is going to show up in the "From:" field of spam that you had nothing to do with. In fact as you've seen, it probably already has.
The only thing you can do is to keep doing whatever it is you do to control spam. I run two levels of spam filters, and even then some gets through. It's a juggling act because I don't want to risk marking something as spam that isn't - hence a little more spam gets through. Depending on your mail program and your mail provider, you may have similar or additional options available.
Related:
Ask Leo! - Someone's sending from my email address! How do I stop them?!
Ask Leo! - How do I get rid of all this spam?!?!
Ask Leo! - Why are email addresses sometimes in angle-brackets?
Article C3131 - August 27, 2007
One day someone will invent a requirement that IP addresses are required to send email. That should take care of it - only being able to send emails from IP to IP.
Posted by: Clare at December 30, 2008 1:34 PMOne can set a "filter" in the Thunderbird email client to divert this kind of message into your junk folder.
Posted by: Phillip at January 9, 2009 11:46 AMI have all my email accounts hooked up through gmail, and there is an aggressive spoof spammer sending messages to one of the accounts i have linked under my domain. If i click "report spam", will gmail think that my domain is a spam domain and block us? They are sending spam to me from my business, and i dont want to accidentally blacklist myself!
Posted by: Steph at January 11, 2009 6:24 PMI understood from the article that the spoof emails are not actually from me... but I replied to one of them just to make sure, and the reply showed up instantly in my inbox. It seems that it really is me.
14-Jan-2009
Using Spamassasin there a few rules that deal with self signed or spoofed emails. We have put rules in place that people on a specific list can send emails (the white list). They can send mails to others on the domain, only if the mail originates from our Exchange server. The spamassasin rule blocks all email from outside from anybody on the white list. The fallout from this is that if someone wants to send email outside the domain to an email address in the domain they have to use the Exchange web client to send it for it must originate from inside the network.
My personal belief is that until there is a financial cost associated with email we will never get rid of SPAM. I would pay 1 or 2 cents an email. It would amount to a small amount for most of us. That one or two cents though would be hundreds of thousands of dollars for a spammer thus making the marketing ploy not cost effective.
Posted by: Richard Barnes at February 3, 2009 7:00 AMI can't block my own email address, as on my website I have a booking form which sends to my email from my email (well that is what it looks like)...I know that booking forms will appear the way they do, but I still get other companies, ie drugs, insurance, etc cloning my email address to spam me.
Posted by: Andrea at March 2, 2009 3:24 AMWould ithelp if I changed my email address? Or are the spammers working with other parameters over which I have no control?
08-May-2009
Here's my Thunderbird filter
Set to require 'all' lines
1. From - contains - my_real_email_address
2. To - contains - my_real_email_address
3. Subject - does not contain - test
Do this: mark as Junk
The third requirement allows me to send myself
a test message, if I think there is some problem
with the email service.
I don't automatically delete junk.
Posted by: Doug at May 26, 2009 10:27 AMWell Firstly I have to disagree. I understand the spoofing, but in general, when you start getting spam from you own *account*@hostname.com the chances of a bug/hijack application is pretty high. That's something you can check out.
Posted by: Spamhater at June 4, 2009 12:51 AMIs the fact that my email address is in the FROM box going to get me added to a SPAM Blacklist?
25-Jun-2009
Posted by: Alan at June 25, 2009 6:58 AM