What you can do about it.
This occurs either because it’s not really closed, or spammers don’t care that it’s closed.
Closing an account because you believe it’s sending spam typically doesn’t help.
The damage has already been done.
Become a Patron of Ask Leo! and go ad-free!
A “closed” account might seem to continue to send spam because:
- Your account was never hacked. The spam is simply “From:” spoofing.
- Hackers quickly re-opened the account for themselves.
- You accidentally re-opened the account.
- Your account was never involved, and your email address was simply spoofed as the sender.
- It’s now someone else’s account.
If you closed it because you thought it was hacked, you may have been wrong, and closing it had no effect.
Say you have an important email account on a popular email service.
One day, you get a number of reports complaining that you’re sending spam. The reports are from people you’ve corresponded with in the past. Some of your contacts might be upset because their machine has malware resulting from those emails.
Except you didn’t send them.
Fearing that a hacker has access to your email account, you back up your email and close the account so the hacker will no longer have access.
And yet the spam continues. Closing the account didn’t help.
There are several reasons this can happen.
Reason 1: Your account was never hacked
There’s a good chance your account had never been hacked.
This is the most common scenario.
What most people don’t realize is email is incredibly easy to fake. It’s trivial for a spammer to make it look like an email came “From:” your email address without needing access to your account. It’s called From: spoofing. Most spam comes “From:” email addresses having nothing to do with the spam at all. The sender has been completely faked.
But they did target your contacts. How did they do that?
Three things come to mind:
- Blind luck. With millions and millions of spam emails being sent every day, it’s possible your email address could have been randomly faked on spam sent to someone you know.
- Information leak. For a while, there was a way to determine some friend relationships and email addresses on Facebook without needing to be signed in. Any comparable data breach can expose similar relationships; even just communicating in a public forum where email addresses are exposed could do it. Email in transit is also visible to all servers it travels across, so information about who you’re mailing could be harvested if the servers themselves are compromised.
- Someone else got hacked. It could be one of your contacts who was hacked. It could be the contact list from their account that was harvested by the spammers, and thus your email address could have been harvested from it and then used to fake “From:” lines in spam targeted at other friends and contacts.
There’s really no certain way to know, but the first thing to do is check the Sent Mail folder of your online account or web interface. If you see the spam in that folder, which indicates it was sent from your account, then indeed you’ve been hacked, and should take all necessary steps to recover. If it’s not there, it’s not proof of anything, but I would not panic unless more evidence of a hack appears.
Reason 2: Hackers reopened the account
When most people close their account in a panic, they go through the steps and nothing more.
Not only is it ultimately ineffective, but closing your account is not enough.
If you do close your account, you’ll often find there’s an “out” — a way that, for a limited time, you can re-open the account should you later change your mind. (You’d be surprised how often people change their minds.)
The “I didn’t really mean it!” approach usually involves proving that you are the owner of the account, using your password, and additional identity verification or recovery steps.
Sometimes it’s as simple as signing into the account again after you’ve “closed” it.
Hackers know all this.
They know the account can often be reopened. They often know, or have changed, the account validation and alternate contact information.
So, within moments of your closing the account, the hacker just re-opens it and resumes sending spam from it.
Reason 3: You reopen the account
As I mentioned, sometimes signing into the account is enough to cancel the account closure.
Many accounts these days are more than just email. A Microsoft account is a good example. On that same account, you may have messaging programs (Skype), calendars, cloud storage (OneDrive), online applications (Office), and much, more. Microsoft accounts are also commonly used to sign into your computer.
If you cancel the email account and then sign into another service from the same provider using the same account ID and password, you may unknowingly have re-activated the email account.
If you intend to cancel the account, you have to walk away from everything that is part of the account.
Otherwise, the account may not get canceled.
Reason 4: Hackers don’t need your account anymore
A common hacker trick is to slip into a hacked account and steal the address book.
In that scenario, the damage has been done.
Even if you recover and completely secure the account, or even if you really, truly cancel the account:
- Hackers can still send spam to all your contacts because they’ve stolen those email addresses.
- Hackers can make spam look like it came from you even though they are no longer using your account. As I mentioned, “From: spoofing” is easy.
So you might put a lot of time and energy into closing the account, and even if you’re successful, it solves nothing because the hackers left it behind long ago.
Reason 5: It’s now someone else’s account
If you successfully close an account, most services hold on to the account name (usually the email address) for “a while” — anywhere from a few days to a few months.
Then they make it available for new accounts.
Someone could (and if your email name is particularly desirable, almost certainly will) open a new account with the email address you left behind. No, they won’t have your data or your contacts, but they now have your old email address.
They could get hacked. They could be spammers themselves. After really closing an account, you lose all control over the email address, and you have no idea who might get it someday in the future.
Your old “closed” account could come back to haunt you.
What can you do?
Aside from not getting hacked in the first place, there’s almost nothing you can do.
Of course, if your account has been hacked, you need to recover it. Start here as quickly as you can: Email Hacked? 7 Things You Need to do NOW. But it may be too late; the hackers may have copied all the information they need to keep spamming your friends and make it look like you.
What I can say is that closing your account isn’t going to help, and ultimately could make things even worse, as you relinquish all control over it.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Download (right-click, Save-As) (Duration: 8:52 — 9.9MB)
13 comments on “5 Reasons Your Closed Email Account Sends Spam”
There are a few problems with closing email account even if it’s possible to really do it. 1 A long lost friend or relative may have that address and try to contact you.(It’s happened to me more than once. I check that one once a month to keep it open) 2. If someone innocently opens a new account with your old email address, any email sent to you will go to them. My suggestion: get a new address but keep the old one and check it once a month.
I will extend Mark Jacobs’ suggestion.
Keep the old account with really weird, unguessable, information (was your mother’s maiden name actually ck39d$) for everything and save it so that you can get back in yourself. Then (if it is not a huge source of spam), set it to forward to a new account of yours.
By keeping it and changing ALL the information, you block the spammers from taking it back.
Another issue is that they may not have actually hacked your account. They may just be spoofing your address. Your friends may be seeing mail that looks like it is from you but isn’t. I get mail from “myself” all the time without my accounts being hacked.
I would disagree that there isn’t anything you can do. As I understand things Yahoo changed their DMARC policy (http://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-breaks-mailing-lists.html) and stopped spammers from forging emails from yahoo email addresses. If all valid email providers implemented it would seem like it would eliminate spam. Hence I suggest everyone contact your email provided and ask them to implement it.
I’ve been warning my friends and family for years about this. Many years ago I noticed spam emails being sent with warnings and alerts about questionable events and urgently urging the recipients to email everyone in their contacts, often including the sender. That’s it right there! If I was a spammer wanting to build a list of emails to target, I would come up with some crazy story like “wow, there’s a new scam going around where people at Walmart are getting ripped off and the cashiers are getting money from your account by adding a cash-back bla bla bla… Send this to all your contacts right away”. There has been thousands of made up articles and stories from religious subjects to missing children (pretty sad) sent out for the soul purpose of building a database of email addresses. Once they have your contacts, they can just spam them all while putting your email as the sender, it’s really that simple and easy. I usually to people to BCC (blind carbon copy) when sending emails to multiple recipients, this way they don’t get your list of email addresses. Aside from that, there’s not much else you can do to avoid this type of problem.
I have an older sister that is an avid user of FACEBOOK. She has EVERYONE in creation (including people that died 10 years ago) listed as Friends and Family. Now her Facebook account got hacked or so she thought, but in actuality one of her “Friends” just accessed her list of Friends.
You see where this leads?
EVERYONE on her list was bombarded with SPAM to and from everyone else on her list. Some even to and from themselves.
Since I don’t use Facebook and hadn’t since I registered, I simply de-activated my account. I did this long before my sister’s “hacking”. It was that I was getting requests from her list of friends inviting me to be their friends as well. I was getting 100’s of invitations daily.
For quite a few years I had my sisters eMail address on my browser’s SPAM list. She also had a habit of forwarding ALL of her eMails to ALL of her friends ALL of the time.
The point behind this story is that…….
You don’t need hackers for SPAM just a dumb friend and family member…………….Alan
Hello, i am wondering. My friend sended me once in every month a spam message for about six months, after that it stoped forever. I live in croatia and i asked him if he sended he said he did not. So he checked his send box and no strange messages and no delivery failure there. It seem that i am the only one recivening from him this spams. Because no one else has complained. He checked even resent activity email and nothing wrong. So he went to the full register of Facebook ip adresses and searched on everyone and nothing strange from a weird country of city. So his Facebook was never hacked even if he had the same password to email and Facebook. I assume this is a spoof but it is scary to think that it maybe was a hack. He can still log in and use his Facebook and email. We are very good friends on facebook comment pictures and that stuff. Should i be worry or not panic so much.
It’s likely that this email isn’t coming from your friend’s email account. Any spammer who know an email address can make it look like it is coming from that address.
If you’re *repeatedly* getting or sending spam that appears to be from or to a friend or contact it’s possible that the sending email account has been hacked or otherwise compromised. (Typically it’s NOT a virus.)
I’d point the owner of that sending account at this article:
and if confirmed, make sure they read this one:
Thanks i feel a bit relived, i got about four messages in a period of 5-6 months and then it stopped and have not happend again in 4 years. He still uses the same account for hotmail and facebook. Facebook as I said was never hacked. We have changed e mails with each other. We did this again this year but nothing has happend like spam but i think it is a spoof like you said was likley. It was no evidence at all. Surley they would like to hack other sites i think like Facebook. He looked then on ip adresses 2012 and looked again 2016 and he said nothing strange ip adress from another city or country. It is so strange. Wouldnt they want to change password or do something more?
He dosent use his hotmail at all i will add. He dosent use it actively.
If you cancel your hotmail.com, live.com, msn.com, or outlook.com account which is associated with Skype, OneDrive, OneNote, and/or your Windows login, it’s my understanding that it would close your Microsoft account and you would no longer have access any of those services as you would no longer have a Microsoft account.
So… if you close your Microsoft Account (hotmail or whatever) that you use to log into your Windows 10 computer, HOW can you log into your Windows 10 computer?
Even a worse-case scenario… if your Microsoft Account (hotmail or whatever) is hacked, how do you stop a hacker from logging into THEIR Windows 10 computer with YOUR credentials?
This article explains how:
How Do I Switch Back to a Local Account Sign-in for Windows 10?
If your account has been hacked, see this article:
What Are My Hotmail and Outlook.com Account Recovery Options.
You can readily see how easy the ‘from email’ faking is. Towards half of the spam I get every day appears to come from me!