Helping people with computers... one answer at a time.

Email headers, the place where the IP address information is stored, are incredibly easy to falsify. Spammers do this on purpose to hide their true location.

Someone including myself is receiving emails from fake email addresses, but the IP address leads back to my computer. I have Windows XP. They were all Yahoo accounts and Ymail accounts. My Yahoo account had been hacked a few days earlier. I've changed my password and even created a new account, so I can completely close the other one down once my stuff is transferred. I've cleared all the cookies and run a virus scan and the IP address has changed. I just don't understand how this happened.

In this excerpt from Answercast #63, I look at various ways that spam could be sent using your IP address.

IP address spam

Normally, it depends on exactly how you're determining that it's from your IP address.

Understand that email headers, the place where the IP address information is stored, are incredibly easy to falsify. Spammers do this on purpose to hide their true location. Since your email address (or your account) had been compromised, it's very possible that one of the things that they squirreled away was the IP address that you were using at the time - so that not only could they have the emails come from you (from your account while they had the account hacked), but by falsifying the header information, maybe they even went so far to make it look like it came from your IP address when it didn't.

So that's first thing that comes to mind.

A compromised computer

The second thing that comes to mind is zombies - botnets.

Basically what those are... those are malware that are installed on your machine that send email. In fact (depending on how they're configured), absolutely, the IP address of the email that those botnets send could look like it came from your machine - because it really, honestly did!

Now, you say you've run anti-malware scans, I'm going to say run them again:

  • Run them with up-to-date signatures.

  • Run them with an up-to-date program.

  • While you're at it, run the free program from malwarebytes.org.That often picks up a few things that some of the other utilities don't.

Run an anti-virus scan, run an anti-spyware scan, run the malwarebytes.org utility, and see if those don't catch something.

Finally, move on!

In the long run, as long as your machine is known to be clean... to be honest, spam is so convoluted and so complex, all it really boils down to is spammers are trying to obscure things and hide themselves. I would just continue to treat it as spam and not really get too worked up about it.

Next from Answercast #63 - Which is more secure: fax or email?

Article C5944 - October 22, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.