When the email that came from you didn’t really come from you.
It’s highly unlikely someone has hacked your account. This is typically something significantly more benign. Annoying, but benign.
Sadly, it’s something you can do almost nothing about.
Become a Patron of Ask Leo! and go ad-free!
Someone's sending from my email address
So called “From: spoofing” is rampant. Spammers fake emails to look like they came “From:” email addresses that had nothing to do with it. If that happens to be your email address, there’s nothing you can do.
Spammers forge the “From:” address for the email they send. We refer to this technique as “From:” spoofing.
Spammers use any email address they can find. That could include other email addresses they’re sending to, email addresses fed to them by a botnet, email addresses harvested online, or perhaps even the addresses in the address books of infected machines. For instance, your email address can end up in the address books of people you don’t know. Some email programs automatically collect email addresses included on messages received, or possibly from forwarded email.
If they can, spammers try to make it look like the email comes from someone you know, often by discovering who your friends are on social media and other sites.
They use all this information to create and send email messages with your name and email address in the “From:” line — email you never sent and had nothing to do with.
It happens to me
As you might imagine, one of my email addresses is well known: firstname.lastname@example.org. It gets a lot of spam.
Not that long ago, I started getting hundreds of bounce messages for emails I’d never sent. (I also got a few abusive responses from people who didn’t realize I had nothing to do with the messages.)
The spam generally included a “From:” line of the form:
From: Someone’s Name <email@example.com>
“Someone’s Name” would be a random name, unrelated to anything, and of course “firstname.lastname@example.org” was the email address used in the forgery. Spammers made it “look like” it came from me. Needless to say, it did not.
I had nothing to do with it.
Remember that spammers are constantly trying to worm their way past spam filters. If the email came from a consistent email address, those messages would be trivial to identify and block.
So, spammers collect and use random “From:” addresses, so as to make blocking ineffective.
Spammers rely on people taking action on the contents of their message instead. Sadly, enough people still do, making spam worth it to the spammers.
What’s important is this: spam messages lie about who the sender is.
There’s nothing you can do
If someone accuses you of sending spam, and you are positive you did not do it, you have very little recourse other than to educate them about how viruses work.
Point them at this article if you like.
But let’s be clear: your machine does not need to be infected with malware, and your account does not need to be compromised. If this kind of spam is the only symptom, then both are highly unlikely.
It’s just some third party — the spammer — making all this happen.
In other words: there’s nothing you can do.
Welcome to the world of email malware, where you can get blamed for something you have no control over.
If people are getting spam from you that you didn’t send, and you’re certain your account is secure, then … don’t sweat it. There’s nothing you can do. Educate anyone who complains, and simply move on.
Want another good source of information? Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.