When the email that came from you didn't really come from you, what do you do?
It's highly unlikely someone has hacked your account. This is typically something significantly more benign. Annoying, but benign.
Sadly, it's something you can do almost nothing about.
Become a Patron of Ask Leo! and go ad-free!
Someone's sending from my email address
So-called "From: spoofing" is rampant. Spammers fake emails to look like they came "From:" email addresses that have nothing to do with them. If that happens to be your email address, there's nothing you can do.
"From:" forgery
Spammers forge the "From:" address for the email they send. We refer to this technique as "From:" spoofing.
Spammers are constantly trying to worm their way past spam filters. If the email came from a consistent email address, those messages would be trivial to identify and block.
So spammers collect and use random "From:" addresses to make blocking ineffective.
Spammers rely on people taking action on the contents of their message instead. Sadly, enough people do to make spam worth it to the spammers.
What's important is this: spam messages lie about who the sender is.
Spammers use any email address they can find. That could include other email addresses they're sending to, email addresses fed to them by a botnet, email addresses harvested online, or perhaps even the addresses in the address books of infected machines. For instance, your email address can end up in the address books of people you don't know. Some email programs automatically collect email addresses included on messages received or from forwarded email.
If they can, spammers try to make it look like the email comes from someone you know, often by discovering who your friends are on social media and other sites.
They use all this information to create and send email messages with your name and email address in the "From:" line -- email you never sent and have nothing to do with.
It happens to me
As you might imagine, one of my email addresses is well known: leo@askleo.com. It gets a lot of spam.
Not that long ago, I started getting hundreds of bounce messages for emails I'd never sent. (I also got a few abusive responses from people who didn't realize I had nothing to do with the messages.)
The spam generally included a "From:" line of the form:
From: Someone's Name <leo@askleo.com>
"Someone's Name" would be a random name unrelated to anything, and of course "leo@askleo.com" was the email address used in the forgery. Spammers made it "look like" it came from me. Needless to say, it did not.
I had nothing to do with it.
There's nothing you can do
If someone accuses you of sending spam and you are positive you did not do it, you have very little recourse other than to educate them about how viruses work.
Point them at this article if you like.
But let's be clear: your machine does not need to be infected with malware, and your account does not need to be compromised, for this to occur. If this kind of spam is the only symptom, then both are highly unlikely.
It's just a third party -- the spammer -- making all this happen.
There's nothing you can do.
Welcome to the world of email malware, where you can get blamed for something you have no control over.
Do this
If people are getting spam from you that you didn't send, and you're certain your account is secure, then... don't sweat it. There's nothing you can do. Educate anyone who complains and simply move on.
Want another good source of information? Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Talking about information being available in the headers… What are the chances that mail gateways and virus scanners become intelligent enough to know when a “From:” field is spoofed? I mean – the information is there about who the *actual* person is who sent it. Why not extract that? This could have a siginifcant impact on viruses specifically.
Is tehre any specific reason why this is *not* done? I can’t believe that nobody have thought about this before, so, there must be some reason for it not being like this…
Regards,
Kobus
Well, there are two problems: 1) *all* the information in mail headers can be spoofed – meaning you’re not guaranteed that you know who the actual person is. 2) Many mailers get it “wrong” … meaning that legitimate email can often not pass the type of test you’re talking about. Many mail servers have the ability to enable additional checking along those lines … when I turned that on on my server I started losing about 2% of *legitimate* email.
If there’s to be a real solution, IMO it needs to be with some fundamental protocol changes that will formally validate the sender. There are proposals out there, but wide scale adoption fo any is a way out, I think.
Leo
I’m not a lawyer, but … I don’t believe that the company who’s products are being sold is neccessarily liable … it’s the company that’s doing the advertising campaign (typically a third party). That being said, there are definitely proposals to go after the businesses being advertised … the problem is they can always claim “we had no idea, we hired these marketters over here”.
Personally I’m not convinced we can sue our way out of this.
Leo
I own a domain … and, in that domain I have it set to receive all email that’s sent to ANYTHING @ mydomain.com. Well, this morning, I received 126 “returned mail” messages, and looking at the headers, I could see that they were sent “from” all sorts of different usernames @ mydomain.com. There was no rhyme or reason to the subject matter … some were spam-related, others seemed to definitely be virus-related. I guess my question is … Has my domain been compromised, or my email, or my computer? Or all of the above? I’ve turned off the feature on my website that forwards all email to me, no matter what the info before “@” is, but this will only make it so that I’m not bothered with the returned mail. It won’t fix the problem, right? Is there anywhere that I can report all this abuse? I obviously want to delete all the messages, but want to make sure first that there isn’t somewhere I can forward them. I mean, this IS illegal, isn’t it?
Thanks for any advice …
One thing you can do is to report the IP addresses. From the header of the emails you can get the IP address of the sender (https://www.xmyip.com/trace-mail). Next, you may find the “owner” of the IP address and report the abuse. The IPs are probably used by proxies or VPNs, but you should report the abuse to hosting providers. The chances that the abuser is blacklisted are higher. Also, you may report the IPs to https://www.abuseipdb.com/ and to https://www.spamcop.net/anonsignup.shtml.
It’s a classic case of *exactly* what this article is all about. You’ve not been compromised, it’s not your fault, and there’s nothing you can really do. Tracking is almost impossible, and there’s nowhere to report the level of information you do have. Sucks, I know. I’m in the same situation with a couple of domains. In my case my junk mail filter (Outlook 2003’s built in) works really well at filtering out the junk. I’ve noticed that many of the “bounces” are actually to a handfull of bogus addresses @ my domain. If your emailer supports any kind of rules, you could simply auto-delete mail sent to those addresses you know are bogus.
And yes, it’s illegal: there’s a virus writer out there that deserves some serious jail time, in my opinion.
Leo
I have been experiencing the problem with apparent unauthorized usage of my email (returned mail that I never sent). There are some other things that have occurred within the same time frame and I am wondering if they are related. By the way I have changed my email and computer passwords and the problems persist. The other things that happened are:
1. I was unable to change the internet options on IE6. An error message appeared saying that this was restricted and I should contact the system administrator (me!). This was corrected by going back a month with the system restore.
2. The other anomaly is that my Norton firewall keeps turning off and and the intrusion protections is also deactivated. The options in Norton are set so this should not happen. It does each time I reboot.
I run virus scans every few days and have never been “infected” according to Norton. I have had a few rejected emails and a few intrusion alerts.
Any suggestions would be appreciated. Thank you.
Well, there is a small chance you are still infected with a virus … not all scanners catch all viruses, and some viruses are good at hiding from the scanners. Try one of the other scanners (there are free on-line one’s that I’d use for this purpose), and see if they report anything.
Also spyware may be suspect as well. Especially for the IE behaviour you described. Grab a copy of Spybot or Ad-Aware and run those scans as well.
(Links on my recommendations page: http://pugetsoundsoftware.com/recommend.html )
Best of luck,
Leo
Same thing is happening to me as Heide above – except I’m getting fewer – about ten failed delivery notices each day relating to invented names at my own domain, plus a few ‘virus warning’ replies from other companies. If a virus is spoofing my email address how likely do you think it is that providers might put a block on mail from our domain, which would mean that our legitimate business mail wouldn’t get through? What would we do if this happens?
Glenn: ‘likely’, probably not any more, since most email administrators are now aware of this issue. However it is, unfortunately, still possible. Wrong. But possible.
Leo
A friend of mine claims she has gotten some virus from me and I know I did not send one. I have McAfee virus protection, I have checked my computer for spyware, it shows no spyware on the computer. Could the friend possibly have gotten E-mail from me that I did not send?
If you mean the type of email as described in the article here, yes that’s certainly a possibilty. Has your friend identified which virus?
As the full article outlines, there’s almost nothing you can do.
someone is sending my picture all over the internet how do i stop it.
It depends on the specifics, but in general … once something is out on the internet there’s no way to get it back.
Someone has hacked into my emails and is causing both me and my family considerable problems
Is there a way to find out how this was done and to which email adress my info was tranfered to?
Not that I’m aware of. This article has more: http://ask-leo.com/someone_has_stolen_my_email_account_what_can_i_do_to_get_it_back.html
Sounds like classic virus or spam on someone else’s machine. As the article outlines, there’s not a lot you can do.
someone has gotten into my ex boyfriends account, as well as mine… and has been sending emails and lying emails to my current boyfriend… how can i find out who is doing this. i have changed the password, as well as the ex changing his password, but the damage is done and theres nothing i can do about it now… how can i find out who did this??
Chances are that you cannot.
You want this article: http://ask-leo.com/ive_forgotten_the_answer_to_my_msn_hotmail_secret_question_and_my_password_what_do_i_do.html
Is it conceivable that someone could send an email from a Yahoo account without having access to the password or computer? An email originating from Yahoo was replied to with the format “name wrote:” + the text in the body of the reply. The account owner/email sender claims he has no knowledge of it and never sent it. How could that be possible? I appreciate any information. Thanks.
Someone is using my info and reading someone’s mail! That person is threatening me! What can I do? I think I know who it is!
Quite possible. It’s very easy to type up a message body that looks like whatever you want.
Well there is one thing known as Full Headers which contains many informations that might be helpful in locating the sender. Of course you will not be able to pin point a person, but still it can tell you about the geographical location and other info depending upon the email server and headers. If you get the IP address, one can use web sites like “VisualRoute” to trace its location.
Remember that when you use a IP tracing service, you are getting the location OF THE SENDER’S ISP, NOT THE SENDER. They could be in two completely different, unrelated, locations. For example all AOL senders look like they’re in Virginia (I think) because that’s where AOL is located.
You want this article: http://ask-leo.com/ive_forgotten_the_answer_to_my_msn_hotmail_secret_question_and_my_password_what_do_i_do.html
Is it possible that my yahoo account and not my computer is infected with a virus? it is behaving very strangly.
No, if there’s a virus, it’d be on your computer. Any problems on the Yahoo side would be temporary, and cleared up very quickly.
Someone is sending very threatening emails using my email address through a website called deadfake.com. They have not actually hacked into my email acct. but are able to disguise theirselves as me by using my email address on this webisite which sends out the emails. I am receiving messages from people telling me that they are contacting the police due to ”my” threatening emails… it’s very scarey and I don’t know how to stop it.
Leo: I hope you have heard of this scam but if not here’s a new one for you. I am part of a committee that is putting on a high school reunion. The committee chair suggested I go to Yahoo.com and look into their “reunion groups” which I did. The only link they had to reunions was a website called “REUNIONS.com” to I clicked on the website. In order to access the information for your high school, you of course had to register, which I did. As I was looking at the information that they had, I thought I could use this information for say the next 90 days to get out notices to the people on Reunions.com list that went to my high school. So I paid by credit card 36 bucks for 90 days. When I hit submit, not only did they take my money but they stole my entire email address book from my computer!! without a password but I was signed in of course.
Within minutes I was receiving dozens of emails and phone calls from people livid about me giving out their email addresses, which I of course had to explain. This went on for two weeks! I wrote Reunion.com an angry note and told them they could keep my money (they had a no return policy anyway) and stick it where the sun didn’t shine. They still send me emails about who has been trying to contact me but I won’t open them as I am afraid that they will again steal my address book. I have changed my password. I don’t know who to pass this information on to, other than everyone on my email list. Is there a website I can report this to or do I go to the police? Got any suggestions? Thanks for your time.
Tim
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
It never hurts to change your password. Just make sure to
pick a good one.
http://ask-leo.com/whats_a_good_password.html
Leo
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFIh11+CMEe9B/8oqERAhTdAJ9L8VLIBq/8mB3J443SGpdY8USPtgCeI0Uv
9if2txZ91dxiJlQhVB9MTUg=
=3OJm
—–END PGP SIGNATURE—–
I keep getting email on my windows mail and it says from me but in the right click property it says (may be forge)so do i need to report this to my ISP or not to worry .I can get the ip address on them.should I turn them in?
-Leo
I gave my x-wife my email address with hopes she would not call me anymoe and that she would send me emails instead. I was just informed that she could now use my email address to sign up for porn sites and such. Is this true and how will I be able to prove she was the one that used my email address.
28-Nov-2008
Someone else is getting the same emails, I’m getting??? Apparently, we have the same email add…..is that possible??
03-Dec-2008
So much like everyone else, someone used by email address to send spam to everyone on my contact list. I changed my password, but still whenever I start a new email or hit reply to reply to an email sent to me, the spam message shows up in the new message I’m typing. I erase it before I start typing, but I’d like to fix my email so it stops automatically popping up at the start of all my emails. Help!
12-Sep-2009
When I checked my e-mail inbox today, I found that there were about 20 “Delivery Status Notification (failure)” messages. When I opened them, they all contained the same message, and it seems they got sent to everyone in my contact list (200+ addresses).
I checked my “sent” messages list, and there was no trace that I (or someone who might have hacked my account) had even sent the messages in the first place. The only reason I noticed that this had happened is because some of the addresses in my contact list don’t exist anymore and the emails got bounced back to me.
I changed my password, but it seems more likely this is a virus problem. I have an up-to-date virus scanner, and it hasn’t picked any up. Any ideas?
hi..someone used my email & password to send an ‘obscene’ email to themselves..they are now taking me to court over this..i DID NOT SEND IT..i contacted my ISP they cannot help me as it was sent thru windows live account..how do i prove this in court..they deleted it from my ‘sent’ box but not from my ‘deleted item’s this is how i found it! i am furious! i need to prove it was sent from what ever computer they used & not mine at home as they dont reside with me even..can you please help..i need to prove them wrong..police cannot help it is a civil matter not criminal i asked them…any suggestions?
24-Sep-2009
There have been several occassions where emails have been sent from my hotmail account to each individual in my address book; AND the emails are in my sent folder. All of these emails are some type of advertisement for a product or ‘store’. This doesn’t seem to fit the example above since the email is being sent from my address to the people in my address book. Would this signify that there is a virus on my computer (my virus scan shows nothing)? Or is it being done by the advertisers in the emails. If so, is there a way to do anything about it? Thanks.
27-Oct-2009
When I arrived at home this am,I had a e-mail from a buddy,It was bad but I never sent it.Furthmore another friend got all kinds of personal information about my kids.The only way they could have gotten this info was to be inside my computer.I am pretty computer savy and run anti-virus and check my ports But on this one I am lost.
Some one had hacked into my 3 email address used for Business
Been using this one for years
use this with my girlf.
Can this account be reset, or destroyed as I have business information on the , and contacts on this one, and the other 2 are private.
Please Help as I have 3 Hotmail account and all 3 were hacked.
07-Nov-2009
When I get e-mails the person sending it to me immediately gets an e-mail saying it’s from me but they know it isn’t as it contains many spelling and grammer errors. This also happens with e-mails that I get from commercial entities and then I get an e-mail that says that I can’t reply to that address. I have virus protection but this is continuing. It seems it only does it once per sender as far as I can tell.
I receive e-mails with myself as sender advertising Viagra and other medicine – to both of my e-mail addresses. I wonder if the thieves recieve e-mails sent to me by my friends?
25-Dec-2009
Hi,
I have Little bit different problem. in your example virus on my PC tries to send email to the all email add in my address book.
but in my case it does not send it to all but to my self. with the subject line “Viagra at 10% discount ” ect.
Please help me. I also did following.
Formated the PC and installed a new fresh OS and AV.
changed the password of my account.
but no use.
Thanks
20-Jan-2010
A have a related question. I am the owner of a domain name: mydomain.com
My domain is hosted by Godaddy
I have 3 email accounts setup for my host, one of them is a catchall account.
Today, I started receiving bounced mail in my catchall account. Upon closer observation I found that the “From” email address was a bogus username@mydomain.com.
Is there a way to prevent someone from doing this? I don’t want unauthorized users to be able to send messages using my @mydomain.com hostname.
Thanks for your help!
I get e-mail in my new mail box that looks like I sent it to myself…where does that come from and why does it happen?
14-Feb-2010
I have another question.
What if you have an ex-boyfriend that is a computer science major and this fool can crack your new password with this anti-software protection equipment?
When I change my passwords he seems to be able to retrieve them from remote locations, because he does not live with me.
Futhermore my incoming e-mails can be blocked, read, or deleted by him without my knowledge.
It is like a SPY.
What can I do to protect myself and my incoming e-mails.
Can he also stop or change my outgoing e-mails? Lately I have been sending copies of all outgoing e-mails to myself to ensure that I recieve them and hope that the other party shall recieve theirs as well.
Please advise.
Thank you.
“Concerned”
I received an e-mail from a friend who said he suddenly went to Ireland, had been robbed, and needed a quick cash transfer to get back to the US. Just a loan, of course. The way it was written, I figured it wasn’t my friend, but for a brief moment, I wondered if it was true. Such are the results of a stolen e-mail address.
Hello, Leo. Recently, somebody has hacked into my hotmail account and sent the email of a simple link to all of my contacts. At first, I thought this was a mistake, but then it happened again, on March 10th, 2010. It even sent to emails that aren’t even in service anymore! Another thing that they did was send it to emails I have previously sent to, and one of them was the FOX Broadcasting email. I immediately changed my password after the second time, and I would like to know your views on this whole situation. Thanks for your time, Jessica.
14-Mar-2010
Wow, it seems like half of you didn’t even bother to read the article above…
19-Mar-2010
Leo, I suspect that most of us did read your article. We’re all just hoping that it isn’t really true. My followup question may be outside your expertise, but is there anything that can be done by way of legal regulation? I must add though that I am also very wary of half-baked, “well-intended” reforms.
26-Mar-2010
My hotmail is sending emails to people by itself. I’m not sending them. It’s not sending it to my address book, just emails starting with the latter A so far. I havn’t opened any suspect emails. I keep getting postmaster error emails saying the address could not be found. In my sent items are all the emails that I did not send. What can I do?
02-Apr-2010
My yahoo email account got hacked last week. I just deleted that email account and notified as many of my friends as possible to block all emails coming from that account. I didn’t want to just change the password. I thought it was time for a clean start with a new email account. I learned it is wise to change my password regularly.
whenever I try to send a message in my hotmail and hit the new to compose an e-mail there is already one message by a chinese company wich will go with my message if I don’t remove it. How can I get read this. Plse help.
24-Apr-2010
Olarene,
Getting a new email address would help for awhile. Eventually spammers will find you again and put you on their lists.
Hi
recently I checked my email inbox and saw 5 failure notice from yahoo. When I saw my sent mail, there was some mails which were sent to many of my contact. The mails contented a webpage. when I click the webpage address, it open google.com. This mails are repeated again and again. My last use of net and yahoomail was at a coffee net. what should I do? I also changed my password immediately. would you mind helping me?
Thanks
Mehrdad,
Sounds like your email has been compromised. Here is an article to help you:
http://askleo.com/email_hacked_7_things_you_need_to_do_now/
Read the article you just commented on, and this one: Email Hacked? 7 Things You Need to do NOW
There was an email in our “read” box that looked like it was opened by one of us. Neither one of us opened it and it shouldn’t of even been there. It said it was From my wifes address and sent To her cousin. Neither know anything about it and it contains personal info. How can this happen? Thank you.
I just sent you a question and to add to it is this. : The Sent area reads Thursday, Octber 3,2013
10:46:39 PM GMT -6:00 Guadalajara/ Mexico City/ Monterrey. So does this mean it was sent from Mexico? Neither party was in Mexico City. Thanks again.
Perhaps your account was hacked. Email Hacked? 7 Things You Need to do NOW
Hi I have a problem with an email I sent. The email I sent was actually sent to one person and CC to a second person. However I received a reply from someone else on my contact list as if they were apart of the email but the reply came only to me. They were not part of that email however.I checked my sent messages and I saw that I didnt send it them but there is that reply from them under the same email. I don’t understand how that happened. Does that mean that the person not intended to receive the email did in fact get it?
One possibility is that one of the people who received that email sent it to that third person.
Anna,
Leo has some really good articles on online privacy which you may want to read. You should never think of email as private because once it is out of your hands you have no control over it at all. Here’s a good article on that:
http://askleo.com/how-long-does-google-keep-my-account-information/
Hi
A friend recently had her account hacked and it sent out one of those – I’m aboard and need money emails. I opened it but did not reply.
I am now however receiving emails in my SPAM folder saying “Hi I’m a cute sexy girl etc” but the email address is mine.
I have changed my email password to a 20 char one and my alternative address and my questions. However I am still receiving these emails and my password hasn’t been changed or reset. Should I ignore these or is my account still compromised?
Many thanks in advance.
David
David,
It’s always best to err on the side of caution. Take a look at this article from Leo about how to secure your account. It never hurts to change your password and double check your recovery info.
http://askleo.com/email_hacked_7_things_you_need_to_do_now/
Also, what probably happened is that the hackers didn’t get into your account. They probably just grabbed your email off her contact list, and added you to their spam lists. That’s a sad and unfortunate result of the world of email. All you can really do in that case is try to manage it. Leo has some good suggestions here:
http://askleo.com/how_do_i_get_rid_of_all_this_spam/
Leo has an article on that Why am I getting spam from myself?
I had long since deduced that the computers of certain of my friends were being “hijacked.” These of course were computers that were always on and connected to the internet. The ‘hijacking occurred at such times that they would be unlikely to be at the keyboard, but in bet asleep. My own computers if at all feasible are unplugged and the batteries released when not in use. In addition, the modem is unplugged. If not feasible, then the wireless is disabled. I pick up my e-mails through an IP rather than outlook express.
I had been getting forwarded e-mails from friends involving political issues, but any reply entered the black hole of D.C. I have an idea that the hijacker’s are not some foreign types, but real people associated with the government seeking to “turn” the American citizens for their own personal objectives. I counted two or three individuals involved. If three, then one appeared to promote the democratic party, one the replublican party, and one an unknown third party. This is a non-political profile of the observed content of the “forwarded” e-mails.
I’m pretty sure it wasn’t their computers that were being hacked, but rather that spam was being sent with their email address as the spoofed sender. If there was a hack at all, it sounds like it was their online account, and once again not their computer.
Hi leo,
My email provider is accusing me of “suspected outbound spam activity” from my account without giving any proof of it. I know I do not spam anyone with this account, I am also pretty sure I haven’t been hacked or compromised.
I change the password but it doesn’t change anything, I always get these “images, codes challenges” to login. It’s very annoying.
In my opinion, if you’re email provider challenges you on these points, he should at least give proofs of these gratuitous accusations. I asked them but of course, they ignore my request.
What am I entitled to do and what can I do besides deleting my account and changing provider ?
Can I legally attempt an action for false accusation ?
That’s a legal question I can’t answer. I would absolutely make sure your machines are COMPLETELY malware free. Most often these types of “accusations” are the result of malware on your machine that’s part of a spam-sending botnet.
Hi Leo,
and thank you for your previous answer. Sorry to ask about legal matters.
I have checked with various up to date anti virus, anti malware programs to find spam-sending botnet, but none have been found.
Also, my email provider never answered to me when I asked for a log of all activities on my account since 15 days to check if there was any suspicious activity (of course, I am not the NSA, so they ignore my request :-)).
My question is: How do you find out if you are victim of hacking or spam-sending botnet on your email account.
And how technically can you find out, find the IP of the person using your email or the program doing so ?
Trying to find out about that, I suddenly ended up on a website stating me that my IP was starting by 10.xxx.xxx.xx, (a Private Ip Address Lan as you know). While, as you probably see it now, it is not at all this kind of address.
Is it related to my issue with emails and does that mean I am victim of some hacker accessing my PC ?
Thank you again for your help
I keep a couple of my own email addresses in my Contacts list. If my computer gets hacked, I would get a copy of any emails sent out.
I do know I keep getting email supposedly sent from my own email addresses.
As I understand it is easy to spoof an email address anyway?
If I am not sure an email is spam, I will use Print Preview in Thunderbird. HTML emails do not show up as opened when reviewed in that way.
F8 will turn off the regular preview window and is highly recommended.
I have caught a couple of genuine emails I actually wanted that way.
If there are only links to other sites, audio or videos files, I will just delete.
Hello,
I would just like to know how come
there isn’t anything that can be
done about viruses that send out
email.
Are these people just trying to
bother people.
Or are they spammers. If they are
spammers they must be trying to
sell something. And would have
to be using a return address for
people to order from.
So if sending a virus is illegal.
How come the police don’t go after them
Thank You
Jim
Here’s an article you will enjoy: http://ask-leo.com/why_do_hackers_hack_and_spammers_spam.html
Bottom line is that spammers make a lot of money, or if their intent is to destroy – they can easily satisfy that. And stuff comes from countries all over the world that may or may not have a similar legal system as yours, or even the resources to do anything about it. So bottom line is that it becomes our responsibility to protect ourselves.
Hi Leo,
and thank you for your previous answer. Sorry to ask about legal matters.
I have checked with various up to date anti virus, anti malware programs to find spam-sending botnet, but none have been found.
Also, my email provider never answered to me when I asked for a log of all activities on my account since 15 days to check if there was any suspicious activity (of course, I am not the NSA, so they ignore my request :-)).
My question is: How do you find out if you are victim of hacking or spam-sending botnet on your email account.
And how technically can you find out, find the IP of the person using your email or the program doing so ?
Trying to find out about that, I suddenly ended up on a website stating me that my IP was starting by 10.xxx.xxx.xx, (a Private Ip Address Lan as you know). While, as you probably see it now, it is not at all this kind of address.
Is it related to my issue with emails and does that mean I am victim of some hacker accessing my PC ?
Thank you again for your help
Several times in the past 5 years I have received a bunch of returned emails within a couple of days. I now ( think I) know that means that some crook has figured out my email password and is using my email account. Some of the addresses he sends to, using my email address, have been closed so the email is returned to me. I immediately go to my email account and change my email password. That stops all returned mail. The email provider has gotten more pro-active too and requires that I sign on with my password fairly often.
That doesn’t necessarily mean you were hacked, but it could be. It’s also possible for someone who knows your email address to falsely use it as their return address. To be on the safe side I’d follow the steps necessary to secure my email account after being hacked.
Email Hacked? 7 Things You Need to do NOW
Unfortunately, if you haven’t been hacked, you won’t be able to stop getting those bounce messages because thy could simply continue to spoof your address to send emails.
I think someone has set up forwarding email addresses from my phone and i dont recieve my email to change password and someone has recently changed i dont know how to stop this its as if i have no control and someone has linked all my info plesase help been going on for some time i think they have set up multiple email addresses how can i check to see ifsomething is linked to my address want to clean it up not sure why i have no control
You’ll need to login to your email account on the web and check the account settings to make sure there are no forwarders in place.
I’ve recently moved to gmail from yahoo because this kept happening to me (I haven’t closed the Yahoo address because some people still send me stuff there even though I told them not to). Its a little different to the situation you describe because emails are being sent to my contacts, not to random addresses. Yahoo records no sign in, nothing in my sent folder, and here’s the clincher – some of the emails that bounce back include the real senders IP address which turns out to be in Russia! I’ve emailed the ISP’s abuse address so who knows if they’ll do anything, (or even understand my email!), but its causing me embarrassment because my contacts are still getting spam from my old address. I can only think I must have been hacked in the past and someone downloaded my contacts (couldn’t be recently as I deleted them all).
This scam may not be Yahoo’s fault, but I do think their security is terrible and they really don’t seem to care. It does make me think though that servers must know Yahoo isn’t in Russia, so by comparing the IP to the return address they could instantly see its fake and could even automatically report it to the ISP instead of me having to do it. What do you think?
Can I also say I’m really impressed that you’ve answered so many of these comments. I’d suggest that you delete some of the questions where people haven’t read the article or are asking stupid questions as the discussion here is a bit too long and might put people off reading through to the end.
Unfortunately, closing the email account in question probably won’t solve the problem. The spammers already have the contact list and can continue to send out spam to those on the list and even continue to make it look as if it’s from you. The Russian IP number is the real sender of the email, and they can just make it look like it’s from Yahoo.
As for deleting not so relevant posts, you can imagine how long a process that would be. All of the new comments come up on a queue, so nothing is lost in the haystack of comments. Commenting on the title without reading the article is the norm on the Web nowadays. Ask Leo! commenters by and large are an exception to that.
This isn’t quite the same thing but I’ve recently noticed that some of the spam emails I’m receiving are headed ‘Charlie’ or ‘Ethan’ or various other names. What has me worried is that many of these names – more than seems coincidental – are the names of characters I’ve recently created in various screenplays and treatments I’ve been working on. Is it possible that my documents are being viewed remotely or that I have some kind of Trojan Horse on my system that is monitoring my keystrokes? I’d be interested to hear your thoughts.
I often get spam with the first names of people that I know, but I believe it’s pure coincidence.
A young college kid that I know needs some help. Her email was hacked as was her facebook account and malicious and untrue emails were sent in her name. She was reapplying for a job at a camp that she had this summer and the hacker harassed the camp for the past 2 months as well as any other jobs that she has applied for via email. She is in London, camp is in US. She changed her email and again, the harasser seemed to find this out as well. She will not be able to return unless this person is identified because there is too much info that needs to travel via the internet for this to be accomplished. I will encourage her to contact facebook and her ISP, however, are there any other suggestions? Does this change because it is now international? thanks.
She needs to contact the appropriate law enforcement for where she’s located.
Sounds to me like the malware sent her email address to the hackers and they are now sending spam using her email address. Unfortunately, there’s probably nothing else you can do about this other than stop using the account.
Dear Leo,
My email is also spoofed. But since I read your article, I am not going to repeat the other million questions that you already answered in your article. READ IT PEOPLE. THERE IS NOTHING YOU CAN DO.
However, I want to thank you. For a while, I thought that I had some kind of email virus, and have done everything I know how to do to clean my computer–even though it started during a period of time that I wasn’t even logged on to my computer.
Anyway, it is good to know that it is not my fault, I have nothing to do with it, and I can let it go.
I just wish I could figure out how to set up a rule to delete the tens of emails I get every day, without the possibility of losing a legitimate bounce back email. I will continue to try and figure it out. The problem is that I get so many, that I am losing sight of actual emails I need to respond to, as they are buried amidst that garbage.
Thanks again for the article. Good luck to us all.
p.s., not that I could find them anyway, but the header info.–on the few that include the original email in the bounce back–have very little info., accept to show a fake name in the “from” field. But if you want to find out Oprah’s secret, let me know. :)
I have several ways to stay out of spammers firing lines
buy a domain and every site you sign up at create a email address just for them ex here — askleo.com@yourdomain.com
this way if I get emails NOT from say Leo direct – then I redirect the email address back to where it will stay
on the address I created —> askleo.com@yourdomain.com <—
in 7 years I have had less spam than I did with hotmail and gmail together when I let my isp address out
which is bad
if you need more info just ask
{links removed}
I realize this is in reply to a 10-year old comment, but what I have done is proactively created the several email addresses I know I will want on the main servers, and just occasionally use them to keep them active.
Not cool for the others who share my name, but it does help protect my name.
I would also suggest this for parents also to protect the name and internet-never-forgets reputation of their children, even young ones. (Or especially young ones.)
Hello i have been recently accused of sending emails out and which i never do half of my friends receive it and my family as well i lost half of people on my Facebook but help i will tell you what do if you have version as an internet service provider when you on that email juts put it in spam change yr pass word as told and email as well do not use the same email address that happened to me mail bounces back my hacker was china i had received several threats from him and Chinese letter as i should have printed them out but how do these f**** sleep at night when using someone else information eventually i will expose all my hacker was coming at night started at 4:00 in the morning, when mail comes in go to spam and verizon will take care they send me all of the proof i need good luck irene stamelos.
Funny / not so funny that in the 11 years since this article was written it is still happening, I mean someone should be able to fiigure this out, and get it stopped. Seems the internet is geared for spammers to get away with anything, First why would / should ISP allow anyone to have an email address that mimmics say a banking instution ? Anyway.
I’v been having this same issue, someone using my email to send spam, it quite a problem as it is the email address connected to my website, and in the last couple of weeks I’ve been black listed twice, which means I can not even send emails to my real customers.
I am having the same trouble, spam emails from myself, they are using my email address and I changed my password and security questions but they are still getting in, the question is how? It says above there is little we can do about it, that does not help us really though does it, I am getting 15 emails a day from myself. I found and traced the address to North America by their ip address look up, but it seems that little is done about this. I reported it to my internet provider. They are using my email to send out crap. I have now asked also in martin lewis tech site as I dont know what else to do to stop this. Otherwise I will be getting this crap every single day if I cant stop it.
It’s actually very helpful to understand that little can be done, because you can then relax and stop letting it stress you out. You’ve changed your password and security questions so you can feel that you have secure control of your email. Hopefully you chose a secure password that is long and complex. You are tracing the IP addresses to various different locations which proves that these emails are not actually coming from your account. You are actually in no danger. One thing you may want to consider is routing your email through Gmail, which has an excellent spam filter and will likely prevent you from seeing these spam emails. Here’s an article on that: https://askleo.com/how_do_i_route_my_email_through_gmail/
Leo, I often tell people that spoofing is similar to someone putting an addressed envelope in a mailbox but using YOUR address as the return address. You can’t stop it, and you can’t stop the letter from being returned to you if it is returned not deliverable. It doesn’t make a difference who put the envelope in the mailbox, where they did it, or who they sent it to.
For some reason spoofing is really hard for many people to understand. The “envelope with a wrong return address” analogy often helps them get the picture.
you mention in spam emails that the isp address of the spammer can be known, so why isnt there an option of blocking all mail to your pc from that isp address? If this can be done, then it wont matter what email address the spammer uses from that particular pc
The problem with that is that IP (not ISP) addresses change constantly, and often spam is sent from thousands of spambots (malware infected personal computers) which makes it impossible to block them effectively.
https://askleo.com/why_doesnt_blocking_email_senders_work/
They also use hacked computers and spread their sending across multiple servers, compromised machines and more. They’re unlikely to come in from the same IP address every time.
Leo,
I have read through the items above and I have a related issue that doesn’t seem to be addressed here – if it is elsewhere on AskLeo I would appreciate a link to it. In my (actually my wife’s) case her contacts are getting emails which purport to come from her but are actually from other machines using here email address as the indicated sender. They all follow a single format, a short message in the subject line such as “FW: new message” with a single but different link in the body of the message. This must be intentional rather than a virus on some other machine somewhere, else why reference a bunch of different links in the body? I haven’t wanted to click on any of the links to invite malware which they may point too. Googling around I find a lot of people started getting these in August 2015, first in Germany, then the UK, and now a number of other countries. Do you have any related information?
Thanks for all you do,
Here’s an article that addresses that: https://askleo.com/someones_sending_email_that_looks_like_its_from_me_to_my_contacts_what_can_i_do/
If all of her contacts are getting emails that look like they are from her, then it indicates that her account was hacked and her contact list stolen. It could also easily happen if she forwards emails, or sends lots of “cc” email, and doesn’t use “bcc” to hide the addresses. If that’s the case, the lists on those emails could have been harvested by a hacker.
Sounds like this one: https://askleo.com/someones_sending_email_that_looks_like_its_from_me_to_my_contacts_what_can_i_do/
Hi Leo,
My company’s account manager (Controler) starts receiving fake emails occasionally from the company’s president(with real company email address) to transfer/wire money to bank accounts. What we can do to stop these fake emails.
Those are just normal phishing spam emails. There’s nothing you can do other than mark them aas spam and train your spam filter to recognize them as spam.
my most used email address cannot be used suddenly. I now found a strange new email address when trying to sort this out.
my email address is {email removed}
The email address is {email removed} (Tara)
What can I do to track this hack?
Today I received an email using a made-up email address with my name. This is horrible. Is there no way to stop dregs from doing this?
They actually received my email using the same address (test) so they are slimy and have nothing in life to keep them from being bored and harrassing people. Today I also had to organize my next cataract operation so that is distressing for me. At nearly 69 years of age this is appalling behaviour and to think there is no policing of the email internet yet? I have installed new security software so it has also cost me as a pensioner. I have spent my life doing good for others and there is no truth in ‘carma’ working here. However, I will not give up hope and hope this person (a male from USA or even France) certainly not a female as he is using a female identity name (Tara). I will use this character in my next book…!! Tara from Troveit in a distant place in USA who is not sure of his identity and has a crush on an old woman! Mmmm.
Someone I know (not a friend) used my email address to log into a CaringBridge website..used to pray for pastor’s wife who is having surgery today. Is there any way to stop this non-friend? Should I close this account and open another?
I don’t think you need to go that far. If all she did was use your email address at that site, you can simply ignore all emails that come from that site.
You can also mark any emails from Caring Bridge as spam and block their address. A well designed website wouldn’t allow anyone to use someone else’s email address to sign up. A well designed website would send a confirmation email to that address to check if it was the owner of that email address signing up. For example, Ask Leo! does this before adding someone to the mailing lists.
Just had this with a client in the Netherlands. In his case he also recently received about 20 undeliverable e-mails in Microsoft Outlook on his laptop. When we logged into Webmail at his internet provider’s website, we saw that somebody had been busy sending fake Netflix invoices with attachments from his e-mail account. I assume there were viruses in the attachments, I don’t know. Since his e-mail in Outlook is a POP account he had no idea what was going on in Sent in Webmail. He never looks at it. Luckily his internet provider KPN also sent a warning message the same day. I’m still puzzled how these guys managed to hack his account since he has a complicated password to get into Webmail. No way to guess that. We changed his password straight away and that was the end of it. So my advice would be to check the Sent folder in your Webmail, if you have a similar provider situation. And most important, change your e-mail account password straight away.
A new variation of this that I have noticed in the last year or so is one that uses email addresses that I know, but when I examine the _entire_ address, it only looks like one I know. I’ve even got these emails, which look like they are from me!
Example:
There is an entry in my address book for a friend, who is listed as “Friend@hisdomain.whichever”.
I get an email that looks like it comes from that address. Friend@hisdomain.whichever is the address displayed.
When I make a closer observation of the address, I see one of 2 variations:
Friend@hisdomain.whichever@strangedomain
Friend@strangedomain.someplaceoverseas
Now when I get these, I just check the address to see if it is “real” or not. If not, I ignore it.
I’ve come to the same conclusion that you state here, there is nothing I can do about it.
I finally have the aster to this one
I use outlook for my e mail account and set the setting filters to stop them altogether
I was simply annoyed at the amount of filth from men asking me if I needed a ‘hard’ one etc plus the offer of russian female ! plus lots more
I don’t get any in my junk mail or otherwise having set the filters to preclude them
This article isn’t talking about receiving spam. It’s talking about spammers sending email using your email address to send spam. It the same thing as a person sending snail mail and using your address as the return address. There’s no way to stop that.
If you have your own domain name and you find that someone is spoofing one or more of your e-mail addresses, then getting your hosting provider to add a “SPF” DNS entry to your domain will help. Any receiving mail server which is configured to run SPF checks on incoming mail will be able to verify whether the sending server is authorised to send from the domain. If the server from which the mail originates is listed in the SPF record, then the mail will be accepted. If not, then the mail will be rejected.
Hey Leo I was playing minecraft lifeboat server and someone told me that there brother was hacking me. I went to another server and forgot about it. But then minecraft got updated and everything changed. So now I need to log in to Xbox live to access it. I tried it and it said that someone has been spam emailing off my email and that is against the Microsoft code or something…..?
Sorry about not saying my name I just don’t think it would be safe
I had this problem with my hotmail account. I was getting 20 phishing emails a day (Viagara, Bitcoin etc) all supposedly sent by ME as {email removed} into my own account. These emails cannot be blocked. Hotmail staff advised me to ignore as them as they go to JUNK and are deleted after some time. The real emails (often containing valuable personal data from banks, telcos, employers and the like) also get deleted by me by choice. The problem was that ALL these supposedly deleted files can still be ‘recovered’ should any hacker actually take control of my account. They can only be deleted by individually ‘purging’ each email from the recovery cache. Closing the account is not ideal. Not only do I lose all the account features (Skype, Calender, Contacts etc) but my email account can later be taken up by a spammer and used legitimately — global scams with my name Fred Smith attached!
What to do? I found the trick.
(1) Sign into your account at {email removed}
(2) Go to your account details via your name at top right of page. It will produce the Microsoft dashboard.
(3) Choose MyInfo tab and weblink “Manage your sign in email or phone number.” Confirm your identity. Your email address will be on view.
(4) Add a new account alias (something innocuous such as {email removed}). Make this the primary account identity.
(5) Remove the previous email account access {email removed}
(6) Tell your banks and friends of your new email address as {email removed}.
Job done! No more hideous spam sent to you in your own name. And your regular users can still send to your account.
Based on the date of the first couple of comments, this article was written almost 13 years ago. Just curious, has anything changed? Someone is spoofing my email address and I have received more than 10,000 bounced and returned emails. I set my spam filter to capture all of the returns coming from my server, but I still deal with the bounces and out of office messages on a daily basis. It’s been going on for about three weeks now. I wouldn’t even mind paying someone to find this *person* and deactivate their equipment…. Anyway, am I still at the mercy of whenever they decide to move onto a new victim or will that never happen and will I need to change my email address?
This article was updated in May 2017, so it’s pretty up to date.
Thanks – I picked up a few tips from the article and all of the comments.
SUCCESS – I just wanted to circle back and add an update. As earlier explained, my email was being hosted by a friend (as a favor to me, at no cost) who runs a business and hosts his own website on rented server space. Someone spoofed my email address as the return email address for their spam operation and I was receiving thousands of bounced email. Based on one of the recommendations in this thread I changed my email service to, in this case Register.com, and the problem subsided ($60/yr well spent). I’m not sure if, as LennonZA suggests, the spoofed email is being rejected and the spoofer has moved on to another victim, or if the new service is capturing the bounces and preventing them from hitting my account. Either way, hosting my email account with an email service vice hosting it myself provided added protections for me that solved my problem. Additional information, I was already using MX Guard Dog to combat the annoying spam directed at me, and they were not successful in protecting my email address from being spoofed. Hope this helps someone in a similar situation.
My husband has got an email that was supposedly sent to me to my personal email account from a lover but the e-mail address is slightly wrong. then there is a reply supposedly sent from me but I have not sent it. and I do not know the other person and they are not on my contact list! My marriage is now in jeopardy. Is there anything that I can do, is there anyone I can ask to help? My husband does not know that I know about these e-mails, I have not seen the originals just a forwarded copy.
Hi,
Having read the information you have at the start of your website, about people using your email address, which you’ve stated, Sadly, it’s something you can do almost nothing about. Isn’t it due to the website they are sending the spam from that are assisting them with crime?
For example, say I’m using a website to send multiple emails from, would the emails I’m using not need clarified first? That is that they forward an email to my email address to clarify that I’m the proper user. Other than them just typing in any old email they want to use and it not needing clarification, as like I say, if that is something that isn’t being carried out, the website they are using are partly responsible?
Best wishes
David
Can they show up in your sent email folder?
Only if your account has been hacked, which as the article outlines, is typically not the case. (There are some scenarios with Gmail where it might take the “From:” email address, and seeing it was yours, place it in the Sent label. Then the only way to really make sure is to look at the email headers.)
I’m going through my emails and I have so many that I no longer have contact with them. How do I delete them.
That depends on how how access your emails. Do you use an email program? Which one? Do you use your email provider’s web page? Which one?
Amazon received an email, with my correct email address, saying I was reporting an order shipment delay. The greeting was “Hi-ya”, which I never use, was signed only by “Thanks.” (I have an auto-signature line on all emails), not to mention I knew there were no shipment problems with any previous orders.” Amazon responded to the email, which I received, apologizing for the shipment delay (weird, as there were no delays). I notified Amazon, changed my Amazon ad Yahoo passwords immediately. There was no such email in my sent folder, but I believe it was sent thru the Amazon customer service website so I don’t think it would’ve shown even if I had sent it myself. Is there anything else I need to do? All Amazon did was verify that they couldn’t verify the origin of that email.
Seems to me you’ve covered all the important bases.
Hi Leo. I just receive an email with a spoofed “From” line. There is a way to find out if my account has been hacked, or it is just a spoofed “From” line?
Just a spoofed From.
I believe this article needs updating. There are now 3 things that you can do to deal with this problem –
1) Implement Sender Policy Framework (SPF), Sender ID, and content filters
2) Configure Domain Key Identified Mail (DKIM) and content filters
3) Configure Domain-based Message Authentication, Reporting & Conformance (DMARC) and content filters
I know that these are a fiddle, but it will help a lot.
These are not things that the average computer user has access do, and can only be implemented at the domain level. They’re not available at all for gmail, hotmail, outlook.com accounts and similar.
So basically, I was using my phone one day and one of my friends texted me saying that they got an email from my address. This shook me as I did not send them anything. So my first guess was that it was a hacker that got my account and was sending scam emails, but the strange thing was no one else got emails from me. So if it was a person, they were only sending emails to that one person which is very strange and doesn’t make sense. Boomer signing out
Makes complete sense … read the article you just commented on and you’ll see why.
I read quite a few of these comments and we have a real problem here, I hope you all know how to write with pen and paper. Too much precedence is given to an individuals privacy in what we call “The Free World”. There has to be limits to freedom because at this time people have the right to make other peoples lives a misery for no reason whatsoever. Why should anyone have the right to secrecy and anonymity, if you do not want someone to know you are doing something then perhaps you should not be doing it. Time to give rights to the innocent rather than the guilty, if you commit a crime then that’s tough because you have just forfeited any rights you have. You will still get a fair trial but it will be fair for the victim as well and you won’t get to choose what evidence is allowed.
That may be true in a truly free society but in countries like China or Russia and others, they say the same thing, “If you are not doing anything wrong then you should have nothing to hide.”
I know what you mean but I would strictly limit what the State is allowed to hide as well. I agree this might be a dream too far, honesty is not a strong point when it comes to humans and as a race we are incredibly greedy and destructive. Perhaps, as I just told my grandson 5 minutes ago, it’s time to grow up and eat our veggies.
Peter Cannell
I have just received the news that our messages cannot be delivered because we aren’t recognised as valid senders. The most common reason for this is that our email address is suspected of sending Spam, and is no longer able to send messages outside of our organisation.
We have been inundated by “Russian Girls” “viagra”,and other self-explanatory Junk, which I have been Deleting, with no difference. A lot of them come with three numbers attached to the address, and impossible to block. I think these have been spread to many of my schoolfriends addresses, and I am no longer welcome on that site either.
We have just been
Remember that being unable to send is completely unrelated to the spam you receive. These are two completely different problems.
Hi, I was in the process of forwarding an email on my Verizon account using the AOL app on my Note 9. I wanted to choose a different email address to send from and one I don’t recognize came up. I Googled it and it belongs to someone I don’t know. How is this possible? How do I remove it? I tried another one of my accounts and it came up with an address associated to the free Verizon web page they used to give us that we somehow connected to Linked In. What do I do? I will give you an email address that didn’t do that.
I mean, it WAS connected to my Linked In account.
UPDATE: I asked Tech support. Verizon created alias an email address for each account before they sold to AOL. It is something AOL can’t remove but they said it is perfectly safe.
I call total bull corn on this. I don’t believe that for example gmail can’t tell that an email was not sent by me to me. They can tell nearly every single thing I do and they could detect this and at the least send me a notice asking if I sent this. If that starts being done these clowns will probably stop doing this stuff. I also bet the gov’t has a system to stop these kind of things. Don’t tell me nothing can be done. Acting like nothing can be done is adding to nothing being done.
What, specifically, can the average user do? That’s who I’m trying to answer this for. That Google or the government or someone else could theoretically do something doesn’t change the fact that there is nothing you or I can do.