When the email from you didn’t really come from you, what do you do?
It’s highly unlikely someone has hacked your account. This is typically something more benign. Annoying, but benign.
Sadly, it’s something you can do almost nothing about.
Become a Patron of Ask Leo! and go ad-free!
Someone's sending from my email address
So-called “From: spoofing” is rampant. Spammers fake emails to look like they came “From:” email addresses that have nothing to do with the emails. If that happens to be your email address, there’s nothing you can do.
“From:” spoofing
Spammers forge the “From:” address for the email they send. We refer to this as “From:” spoofing.
Spammers are constantly trying to worm their way past spam filters. If the email came from a consistent email address, those messages would be easily identified and blocked.
So spammers collect and use random “From:” addresses to make blocking ineffective.
Spammers rely on people taking action on the contents of their messages. Sadly, enough people do to make spam worth it to the spammers.
What’s important is this: spam messages lie about who the sender is.
Spammers use any email address they can find. That could include other email addresses they’re sending to, email addresses fed to them by a botnet, email addresses harvested online, or the addresses in the address books of infected machines. Some email programs automatically collect email addresses included on messages received or from forwarded email.
If they can, spammers try to make it look like the email comes from someone you know, often by discovering who your friends are on social media and other sites. If it looks like it’s from someone you know, you are more likely to pay attention to the spam.
In short, spammers may use all this information to create and send email messages with your name and email address in the “From:” line — email you never sent and have nothing to do with.
Related
Why Am I Getting Spam From Myself?
Getting spam from yourself? We all do. I'll look at why it happens, what little you can do about it, and something unlikely but important to check.It happens to me
As you might imagine, one of my email addresses is well known: leo@askleo.com. It gets a lot of spam.
Not that long ago, I started getting hundreds of bounce messages for emails I’d never sent. (I also got a few abusive responses from people who didn’t realize I had nothing to do with the messages.)
The spam generally included a “From:” line of the form:
From: Someone’s Name <leo@askleo.com>
“Someone’s Name” would be a random name unrelated to anything, and of course “leo@askleo.com” was the email address used in the forgery. Spammers made it “look like” it came from me. Needless to say, it did not.
I had nothing to do with it.
There’s nothing you can do
If someone accuses you of sending spam and you are positive you did not, there’s little you can do other than to educate them about how spam works.
Point them at this article if you like.
But let’s be clear: your machine does not need to be infected with malware, and your account does not need to be compromised, for this to occur. If this kind of spam is the only symptom, then both are highly unlikely.
It’s just a third party — the spammer — making all this happen.
There’s nothing you can do.
Welcome to the world of spam, where you can get blamed for something you have no control over.
Do this
If people are getting spam from you that you didn’t send, and you’re certain your account is secure, then… don’t sweat it. There’s nothing you can do. Educate anyone who complains, and move on.
Want another good source of information? Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I believe this article needs updating. There are now 3 things that you can do to deal with this problem –
1) Implement Sender Policy Framework (SPF), Sender ID, and content filters
2) Configure Domain Key Identified Mail (DKIM) and content filters
3) Configure Domain-based Message Authentication, Reporting & Conformance (DMARC) and content filters
I know that these are a fiddle, but it will help a lot.
These are not things that the average computer user has access do, and can only be implemented at the domain level. They’re not available at all for gmail, hotmail, outlook.com accounts and similar.
So basically, I was using my phone one day and one of my friends texted me saying that they got an email from my address. This shook me as I did not send them anything. So my first guess was that it was a hacker that got my account and was sending scam emails, but the strange thing was no one else got emails from me. So if it was a person, they were only sending emails to that one person which is very strange and doesn’t make sense. Boomer signing out
Makes complete sense … read the article you just commented on and you’ll see why.
I read quite a few of these comments and we have a real problem here, I hope you all know how to write with pen and paper. Too much precedence is given to an individuals privacy in what we call “The Free World”. There has to be limits to freedom because at this time people have the right to make other peoples lives a misery for no reason whatsoever. Why should anyone have the right to secrecy and anonymity, if you do not want someone to know you are doing something then perhaps you should not be doing it. Time to give rights to the innocent rather than the guilty, if you commit a crime then that’s tough because you have just forfeited any rights you have. You will still get a fair trial but it will be fair for the victim as well and you won’t get to choose what evidence is allowed.
That may be true in a truly free society but in countries like China or Russia and others, they say the same thing, “If you are not doing anything wrong then you should have nothing to hide.”
I know what you mean but I would strictly limit what the State is allowed to hide as well. I agree this might be a dream too far, honesty is not a strong point when it comes to humans and as a race we are incredibly greedy and destructive. Perhaps, as I just told my grandson 5 minutes ago, it’s time to grow up and eat our veggies.
Peter Cannell
I have just received the news that our messages cannot be delivered because we aren’t recognised as valid senders. The most common reason for this is that our email address is suspected of sending Spam, and is no longer able to send messages outside of our organisation.
We have been inundated by “Russian Girls” “viagra”,and other self-explanatory Junk, which I have been Deleting, with no difference. A lot of them come with three numbers attached to the address, and impossible to block. I think these have been spread to many of my schoolfriends addresses, and I am no longer welcome on that site either.
We have just been
Remember that being unable to send is completely unrelated to the spam you receive. These are two completely different problems.
Hi, I was in the process of forwarding an email on my Verizon account using the AOL app on my Note 9. I wanted to choose a different email address to send from and one I don’t recognize came up. I Googled it and it belongs to someone I don’t know. How is this possible? How do I remove it? I tried another one of my accounts and it came up with an address associated to the free Verizon web page they used to give us that we somehow connected to Linked In. What do I do? I will give you an email address that didn’t do that.
I mean, it WAS connected to my Linked In account.
UPDATE: I asked Tech support. Verizon created alias an email address for each account before they sold to AOL. It is something AOL can’t remove but they said it is perfectly safe.
I call total bull corn on this. I don’t believe that for example gmail can’t tell that an email was not sent by me to me. They can tell nearly every single thing I do and they could detect this and at the least send me a notice asking if I sent this. If that starts being done these clowns will probably stop doing this stuff. I also bet the gov’t has a system to stop these kind of things. Don’t tell me nothing can be done. Acting like nothing can be done is adding to nothing being done.
What, specifically, can the average user do? That’s who I’m trying to answer this for. That Google or the government or someone else could theoretically do something doesn’t change the fact that there is nothing you or I can do.