Spam Appears Sent from Your Email Address? Here's Why

Mon Nov 5, 2007 11:21PM EST

See Comments (29)

Reader Denise Brown writes: I just read your article "Follow the Spam." There was a sentence in there regarding unsuspecting users' email accounts being used to send spam. About two weeks ago, I received spam from what appeared to be my own email account. The address was the same as my email account, and I thought it was weird, but just used the Yahoo! Delete Spam button. Should I be concerned about my email account? If so, what should I do? I like my email address, have used it for years, and don't particularly want to change it, but will if I have to.

This is an important point that I probably should have clarified at the time. Put simply: What you see in the "From" field on an email has little bearing on where it was actually sent from. Why? It's one of the easiest things to forge in the book.

In fact, so-called address spoofing is such a common trick that it's become a major tool in phishing scams. The hope is that a suspicious recipient will just look at the sender, see it says "admin@ebay.com" or "service@paypal.com," and assume the message is legitimate. Of course, it's as phony as a three-dollar bill, and if you click on the links in that message, you'll be whisked off to a scam website.

With general "Viagra"-style spam, one common trick is to simply forge the email of the recipient as the sender as well, which is what you're seeing. So you@yahoo.com receives email sent from you@yahoo.com, or so it seems. Again, the idea is that you might trick a few people into thinking they actually emailed themselves. Of course, it's all a fiction.

That doesn't mean that spam never comes from the address in the From field or that legitimate email accounts can't be hijacked for evil ends. They can. But compared to spoofing, both are fairly rare: It makes much more sense for a spammer to hide his tracks as much as possible to prolong the amount of time before he gets caught and that account or computer becomes defunct. It should go without saying that you should protect yourself thoroughly with antivirus and anti-spyware applications so that doesn't happen to you.

Comments on Spam Appears Sent from Your Email Address? Here's Why

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 6 Posted by rogueist on Thu Sep 3, 2009 8:49PM EDT Report Abuse

    Look at all the headers in the received email message. Several of the header lines will be with "Received:" track down the list for "Received:" and you will have the IP address of each location that the mail flowed through, right on back to the original spamming computer's IP address. If it originated from Nigeria, Australia, Turkey, China or anywhere in the MidEast - its directly sent spam. If the IP address is a US IP, then in all likelyhood it came from a spambot network. Contact the originating ISP, give them the details about the IP address time and date that the offending email was sent, and ask them to check if the user that was on that IP address at that point in time has been compromized and is using a spam zombie computer. This is the point where it usually breaks down since most ISPs will NOT persue unless the FBI or some other law enforcement agency comes along and forces them to do so. In the meantime, you informed them - so when it comes time to file the lawsuit against the ISP for damages for their failure to stop sending the tide of emails to you, you have a leg to stand on, and a possible winnable case.

  • 7 Posted by agrjs on Thu Sep 3, 2009 2:47PM EDT Report Abuse

    I have received several "From: me, To: me emails which I have moved to a special folder. I have not been shut down as a couple above have. Should I expect to be? Am I helpless?

  • 8 Posted by d_violan on Thu Sep 3, 2009 3:50PM EDT Report Abuse

    I have my previous e-mail address and I received a lot of fraudulent e-mails and two months ago I was not able to log in anymore to that account. I tried to recover the password but it won't sign me in. How can I remove all the information in my previous account since I can no longer use that e-mail address?

  • 9 Posted by stevejac1 on Thu Sep 3, 2009 9:43PM EDT Report Abuse

    OK, Chris, so they can spoof my email address. How is this done? What can I do to prevent some bot from doing this? How can I do it to them?

  • 10 Posted by itr206 on Thu Sep 3, 2009 4:25PM EDT Report Abuse

    Simple answer to an annoying problem. . . . Ignore the emails. Anything looks or sounds fishy, delete it! Don't even bother to read it and deff don't click on the links. There is nothing you can do about it and reporting it won't get you far either.

  • 11 Posted by lshipley on Thu Sep 3, 2009 6:58PM EDT Report Abuse

    There is a lot more to the spoofing than Christpher mentions. Many viruses old and new harvest emails from your computer and deliver them to spam servers. They in turn send spam either from your email account, or spoofed as your account, to all the other accounts it has acquired. So when you receive emails from yourself, my guess is that it used your email address to send stuff to tens of thousands of email addresses in its data base, including yours. If this happens from a certain type of account like yahoo etc that is free, then it is likely that you can be shut down but it depends on spam getting through and people complaining. The other types of attacks include combinations of email addresses at a domain like yahoo, so you are likely to be victimized as both a sender and receiver. So, my advise is to not change your email address if you don't have to. They will figure out the next one anyway.

  • 12 Posted by jpsimon78 on Tue Nov 13, 2007 10:41PM EST Report Abuse

    Everyone who has trouble with Spam should use Spam Cop. Its a great tool for help with telling where to report the Spam to. You can sign up for a free reporting e-mail address at www.spamcop.net

  • 13 Posted by manj34 on Thu Sep 3, 2009 7:05PM EDT Report Abuse

    to all that posted a spam report I apologize to all of you if any e-mail got to you which the only thing that was in it was please read this and send it to someone else no nasty comments or anything else, I can't see how any adult would get so upset about something so simple. i get spam every day and i delete it you don't have to even read it. there was no e-mail sent from my e-mail address that should even offend a child.

  • 14 Posted by johncyoung2002 on Thu Sep 3, 2009 4:38PM EDT Report Abuse

    So what do you you make of an email appearing in your outbox addressed to all your address list containing a message selling the services of some electrical retailer you know nothing about? That happened to me yesterday and I am awaiting a reply from yahoo about it.

  • 15 Posted by wwicks333 on Thu Sep 3, 2009 10:51PM EDT Report Abuse

    I use several ways to keep from spamming myself. Athough it happened quite frequently earlier. I use read-email.com

  • 16 Posted by ipyongs on Thu Sep 3, 2009 4:24PM EDT Report Abuse

    To all of you whose emails got spammed everyday, the safest way you gonna do is to change your password once every two months and be sure to combine letters and numbers for added security.

  • 17 Posted by karatemike2002 on Thu Sep 3, 2009 4:46PM EDT Report Abuse

    I have asked yahoo why i can play all music/etc from all other sites but not yahoo. no answer!!!

  • 18 Posted by outspokin98 on Thu Sep 3, 2009 7:47PM EDT Report Abuse

    As mentioned in one of the previous comments I also had a yahoo account that apparently got hijacked. I went to log in one day and my password would not work. After several emails it became clear that yahoo had no intention of helping me gain access to the account. I would not be surprised if a spammer is using the account, but I'm no doubt Yahoo could care less. It would have taken I little bit off effort on their part to solve my issue. Beware if you at some point are not able to log into your account and you are sure of what the password is, because you will loose all your email and your address book.

  • 19 Posted by m_hiromi on Thu Sep 3, 2009 7:32PM EDT Report Abuse

    The exact same thing happened to me, with the "scam" from your own email address. This article really helped me understand!

  • 20 Posted by rochellesdragons on Thu Sep 3, 2009 8:47PM EDT Report Abuse

    IN DECEMBER MY SYSTEM CRASHED AND I HAVE SINCE REPAIRED IT BUT, NOW I CAN'T GET INTO ANY OF THE CATALOGS THAT I GET EMAILED TO ME BECAUSE I DO ALOT OF ONLINE SHOPPING. IF ANY ONE KNOWS HOW OR WHY THIS IS HAPPENING I WOULD LOVE TO HEAR FROM YOU.

  • 21 Posted by kathysellsmonroe on Thu Sep 3, 2009 4:47PM EDT Report Abuse

    I just went through this with e-mails from me...Yahoo was terrific. They showed me how to find out where it was coming from. There is a full header link...Go to Arpnic(whoisit) and you get a better idea where the e-mail originated..When I get those scam letters...I sometimes respond (using the info) and tell them the FBI is on to their scam...that we have narrowed the search and will apprehend them shortly..Boy, that's fun..I would actually let the fbi in on the scam,,BUT did you know they put a cookie on your computer while you are reporting this violation...??? that is like being revictimized..It's much more fun to scare the perp...

  • 22 Posted by rcmansid on Thu Sep 3, 2009 8:31PM EDT Report Abuse

    Solution: Use Yahoo email account which has the best spam filters. Local IPs are typicaly lousy. rcmansid

  • 23 Posted by jtfochtxp on Thu Sep 3, 2009 4:43PM EDT Report Abuse

    I don't think I've ever had this problem.

  • 24 Posted by littleganesh on Thu Sep 3, 2009 6:54PM EDT Report Abuse

    I am getting this kind of spam that is sent from my own email address. Here is what this article does not address - how on earth do I block it? If I hit "spam" on those emails so they go in my junk mail box not my inbox, then I'm blocking my own address. Somebody please walk me through the steps here to ID the true sender and block that email address. I know there's a way I'm just not proficient in it. Thank you.

  • 25 Posted by littleganesh on Thu Sep 3, 2009 6:54PM EDT Report Abuse

    Oh sorry, now I see there are more posts than I realized here with some instructions. I am VERY alarmed if my email address is being used to send spam to other people too. This is my professonal email address! And this only started when I started web hosting with Yahoo after having the domain for several years. The very day, in fact. Because I didn't realize the default setting on Yahoo hosting made my info PUBLIC. How lame is that? Must say, this does not reflect well on Yahoo. I never have this problem with domains I register with Go Daddy.

More Posts: First Prev 1 2 3 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.