When it's from you, but it's not you.
someone@somedomain.com <myemail@outlook.com>
where "someone@somedomain.com" is someone I don't know, but "myemail@outlook.com" is, in fact, my email address. It was as if I was getting spam from myself, but I did not send it.
How do I stop these emails from coming into my inbox? How do I stop them from being sent? It's usually for drugs or financial services that I don't need or would never be interested in. How can they use my own email? I can't block them, as my email program says it is illegal to block my own email.
I'll start with the bad news: there's almost nothing you can do.
This is spam, pure and simple. Abusing your email address is only one of many techniques spammers use to throw their garbage into our mailboxes.
The remedies are pretty standard, albeit less than 100% effective.
Become a Patron of Ask Leo! and go ad-free!
Getting spam from yourself
The email protocols make the "From:" line pretty meaningless because it is so easy for spammers to send email that looks like it came from you. This is typically not a sign of a hack. It's also not something you can avoid. All you can do is keep marking spam as spam.
From: spoofing
What you're seeing is called "spoofing", or more correctly, From: spoofing: sending email that appears as if it's coming from someone it isn't.
Spammers hide the origin of their emails effectively. They use spoofing in almost all spam you see.
And it's quite easy.
So easy, in fact, that the From: address in spam tells you absolutely nothing. There's nothing in the email protocol requiring the From: line of a message to have anything to do with the message's true origin.
To discover the true origin requires a more detailed analysis of email headers (which you normally don't see), and even then, at best, you might get the IP address of the computer sending the email. And as I've discussed ad nauseam, the IP address is pretty much useless to you and me.
They're not using your account
Many worry that because the email looks like it came from you means the spammer has access to your email account.
They do not need access to your account to send spam that looks like it came from you.
Don't be alarmed. It might be annoying, but there's no need to worry about it. You're already on spammers' lists to get spam, and they're using that same list, or variations of it, to select which addresses to use when spoofing.
Currently, there is no effective way to stop them.
Why you're getting it
When you see your own address spoofed in the From: field of spam, it's usually happening for one of two reasons.
- They're trying to spam you, and know it's unlikely you'll block email from yourself. In fact, as you've seen, it's not even always possible. It's a bad idea even if you could; it could prevent legitimate email from reaching you.
- They're trying to spam someone else, and what you're seeing is a bounce message showing that the original spam was rejected by its intended recipient. Since the email looks like it came from you, even though you didn't really send it, you get the bounce message.
Now, as to why the "someone@somedomain.com <myemail@outlook.com>", where the two email addresses don't match, or the more common "Name <myemail@outlook.com>", where the name is obviously unrelated to the email address, I can only speculate. My guess is it's intentionally confusing to boost the chance recipients will open the email out of curiosity, or a side effect of the tools spammers use, which may not be able to put together a proper name/email address pair.
What to do about it
There's nothing you can do to prevent From: spoofing.
Spammers can put whatever they like in the From: line. If they want to put your email address there, they can.
The good news is, most automated spam filters realize the uselessness of the From: line, and probably won't start blocking the email you send because some spammer happens to be using your address. Naturally, some people might not realize this, and they could try blocking you, but given that spammers spam everyone, the chances that it's someone you know or care about is pretty slim.
The only thing you can do is to keep doing whatever you already do to control spam. Typically, that's marking spam as spam and moving on with your life.
The one thing to watch for
I want to be clear: since you're able to log in to your own account to get your mail, what I'm about to caution you about is not very likely.
But it is possible.
Sometimes you'll get spam from yourself if someone has hacked your account.
In your question, it's clear you are able to sign in to your account, so if someone has hacked your account, they didn't change the password. That's unusual. Normally, a hacked account means you can't log in.
It's something to be aware of and perhaps check. For example, check the Sent Mail folder to see if there are messages you didn't send. If so, take all the precautions outlined in Email Hacked? 7 Things You Need to Do NOW.
Even if you don't find any hard evidence of a hack, there's no harm in changing your password just to be on the safe side.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Leo,
Thank you for responding to my question. I wish we could do something about this, but now I know that it isn’t unusual or serious. Maybe one day hotmail will be able and willing to do something about this problem. J. Haring
Leo
I found this fix for the problem of receiving junk or spam e-mails when I send e-mails form hotmail to AOL. I went to options on my account. Then to general and changed Mail Away Message to blank as it had a default the inside the box. I tested right away and it works.
Terence King
I’m not on the radio. You’re thinking of Leo Laporte.
There’s one way to redirect those messages to the SPAM folder, as long as you use Outlook 2007. Create a RULE to apply on messages arriving. The rule is messages from myname@myDomain and sent to myname@myDomain move to SPAM. You may choose to delete, instead of moving to SPAM, but I like to double check.
Atleast they are not within the valid messages anymore.
renato
You might suggest to J. Haring that he/she get a gmail address from Google. Google email has an automatic spam drop that works well. It also learns from the user’s actions which additional email is classified as spam. Works great for me.
Yes dear DOES NOT WORK ON HOTMAIL!!
It is harmless until Yahoo cancels your email account for “SPAM Abuse” because somebody was spoofing your email address….which happened to me.
Why not have a do not e-mail list much like the do not call list? Most of the opt out options in e-mails don’t work,they just bring me to a blank page.I am wondering why more of us (people on the net) don’t get together and push for something more to be done.I mean my ISP has already blocked my account once for spamming and I knew nothing about it until I tried to get online and was blocked.I had to call them just to get my internet back and was told if it happens again my account will be canceled.I mean all this has gotten way out of hand and no one even wants to try to do something about it!!!
Dave
10-Nov-2008
Good article. I have a Gmail account and I think that they do a great job of preventing spam, but I also get annoyed by the e-mails from myself, that are really not from myself.
This is even doubly annoying, because sometimes I do send myself. Like sending myself an attachment at work, so that when I get home I can quickly download it. Gmail is simple to use because they give you up to 20MB for an attachment.
But Google also added a cool little feature that may be beneficial here. You can add a “+” and any verbiage after the “+” as a tag to your e-mail address. In other words, you can address an e-mail to a gmail user like this: user+thisisatag@gmail.com. How this can be used is to send e-mails to yourself by addressing it as self+fromself@gmail.com. When you register your id at a site, register the e-mail address of self+ebay@gmail.com. This address will appear in the “to” field and you can easily create a filter to grab these and labels to them. Anything sent to you that doesn’t have a label will either be caught by your spam filter or end up in your inbox and easily spotted.
The other option would be your own domain and creating “forwarding” e-mail addresses that you would register in much the same way as i described above. In other words, ebay@mydomain.com or paypal@mydomain.com or any other site you subscribe to. This will help you to quickly separate the legit e-mails from the false one’s. It’s tedious but stops all the guessing. The key is switching all of your existing accounts.
Just my 2-cents.
How often you will send an email to yourself, I keep my sent emails in my sent folder for records, I never cc myself, so, why not just block the email sent from myself?
u cannot block ur own email address when it is used by a scammer or hacker. I experienced this just a few days ago, receiving a mail in my spam box. By opening the mail source, I discovered that the mail was sent from an IP in a place close to Istanbul, Turkey. I could only delete that mail and hope there will not another anymore.
So, i get that there isnt anything that anyone can do about this, but let me get this straight, i’m sending a bunch of people mail from my address, right? can’t i ask my mail provider to monitor my account activity or something? I’m a little more concerned that i’m sending a bunch of people dumb stuff.
09-Dec-2008
There are some things you can do. There is a little program called Xxxxbully (xx out because we don’t want to advertise for anyone) that will elimininate most spam, even those with your own name on it. This is if you don’t “whitelist” yourself. (Not always desired though). Most email failures will come from your isp server, “service@youisp.com”
Now for users with Outlook or outlook express, you have a pop&smtp account. Contact your isp about secure SMTP server. This requires you to have a username and password to send email OUT. The account information you put in originally was only for RECEIVING your email. Anyone can send our your email server.
Now if your a yahoo or hotmail user, you just gotta lie there an take it. Many have a premium email feature that allows you to whitelist and create filters too.
Just a side note. Here are the top money makers;
*Pills (viagra, cialis etc)
*Gambeling
*Porn
*email address collection so they can send you the above.
Spammers love chain letters. They can get one email from one person, (from a hijacked computer) and it is lible to have 100 email addresses!!!
So from now on, repeat after me, “I will learn to use the BCC button”. Why? It hides everyone’s email address in the body of the email.
From this last chain email I got, I could make 100 dollars from selling YOUR email addresses.
I have all my email accounts hooked up through gmail, and there is an aggressive spoof spammer sending messages to one of the accounts i have linked under my domain. If i click “report spam”, will gmail think that my domain is a spam domain and block us? They are sending spam to me from my business, and i dont want to accidentally blacklist myself!
I understood from the article that the spoof emails are not actually from me… but I replied to one of them just to make sure, and the reply showed up instantly in my inbox. It seems that it really is me.
14-Jan-2009
Using Spamassasin there a few rules that deal with self signed or spoofed emails. We have put rules in place that people on a specific list can send emails (the white list). They can send mails to others on the domain, only if the mail originates from our Exchange server. The spamassasin rule blocks all email from outside from anybody on the white list. The fallout from this is that if someone wants to send email outside the domain to an email address in the domain they have to use the Exchange web client to send it for it must originate from inside the network.
My personal belief is that until there is a financial cost associated with email we will never get rid of SPAM. I would pay 1 or 2 cents an email. It would amount to a small amount for most of us. That one or two cents though would be hundreds of thousands of dollars for a spammer thus making the marketing ploy not cost effective.
I can’t block my own email address, as on my website I have a booking form which sends to my email from my email (well that is what it looks like)…I know that booking forms will appear the way they do, but I still get other companies, ie drugs, insurance, etc cloning my email address to spam me.
Would ithelp if I changed my email address? Or are the spammers working with other parameters over which I have no control?
08-May-2009
Here’s my Thunderbird filter
Set to require ‘all’ lines
1. From – contains – my_real_email_address
2. To – contains – my_real_email_address
3. Subject – does not contain – test
Do this: mark as Junk
The third requirement allows me to send myself
a test message, if I think there is some problem
with the email service.
I don’t automatically delete junk.
Is the fact that my email address is in the FROM box going to get me added to a SPAM Blacklist?
25-Jun-2009
Is there a way of blocking e-mails that contain a keyword in the body of the e-mail? e.g. Viagra. I notice that most of these spams never mention the word in the header.
11-Aug-2009
I think most of the problem occurs with the fact that when sending mail to ourselves the sender is labeled ” me ” If Gmail would allow us to change this ( and not just when sending to someone else ) then the spam wouldn’t irritate us so much. If I sent a mail to myself and it said ” blushin ” on it, I’d know it was from me, when I recieve one that says from ” me ” I would block it. But Gmail makes it impossible to do this.
I get tons of spam “from” myself, thankfully my email filters it out very effectively. My question is whether or not the spammers are able to send these spoof emails to OTHERS with MY email address in the “from” field. Are they able to spam others and make it look as if the spam was sent from my address?
06-Nov-2009
it is so frustrating to me as it has now happened twice via my hotmail address – spam being sent to me and all my adressees – some of my addressees have warned me and I have profusely apologised, but am afraid I will be blacklisted. How can I stop the spam from reaching those on my addressee list? I dont care about myself. It is just embarrassing – particularly to those I have subscribed to their newsletters….
Please explain why blocking mail from my own address will prevent me from receiving legitimate emails. I don’t get that — I never send myself mail, the only mail I get with my email in the “from” is from spoofers.
08-Dec-2009
So why isn’t there a way to report IP addresses (those are not as easy to fake) and/or domains from which the spoof emails are coming from.
Someone needs to put this in place so that people can get this [edited] to stop. It’s irritating.
19-Feb-2010
Today I received a message which was supposedly “from” my brother Philip, telling me all about the wonderful new phone he’s bought and the online store he got it from. The only problem with this is, I know Philip was found dead two months ago! (And the spammer who’s hijacked his account and address book had the usual poor spammer English; another patent giveaway.)
I have to disagree with you Leo, my tecnique works 100% of the time.
The easiest way to fix this is to use OUTLOOK Rules and Alerts. You want it to look for the sending email address is the same as your email address. If so DELETE it.
You can also use Rules and Alerts to check for specific words like Sex, Porn, Erotic, Pharmacy, Pfizer, Viagra, watches, Replica etc. Note you may have to enter some twice because the case (upper or lower) makes a difference. After 45 years in the computer industry I am very familiar with most of the techniques these people use. However I still check with Leo first in case it is something I have not come across before.
Recently a bad roommate moved out and sure enough 2 days later I noticed spam going out from one of my e-mail addresses to all MY contacts!! this was horrific… how did this person do this? I was able to change my password and still have my account, when I went into the sent box the messages were there as if they were sent from my account.
I can’t say how he did it, but I can say how he could have done it.
Being your roommate, he could have accessed your computer and copied your address book when you were away from it. T
I solved this problem simply. My email address is all caps and most programs automatically convert to lower case, which works anyway, but spammers use the lower case. I blocked the lower case address and the upper case I use to send memos or information to myself still goes throug just fine. I have AOL and was able to do this very simply by adjusting my email settings. Hope this helps.
I sent just a quick test return email back to an email that supposedly came from me, and guess what? It sent it to my inbox. So they aren’t just spoofing my email address, they’re somehow actually using it! I changed my password. Hopefully that will help.
20-Aug-2010
I have just started to receive emails ‘from myself’ on a Hotmail account after my first email account with the original provider I joined years ago has had them for ages. Surely other people are getting them as well, and they will think the emails are from me as it’s my email address on them? It doesn’t matter that they aren’t actually coming from me. Recipients will think they are.
21-Aug-2010
I route all mail coming to my name@domain address through SpamCop before it comes to my ISP mail address. That cleans out a lot of junk, including ones spoofing my address. Of course, you have to list with SpamCop ALL the legitimate addresses you have set up in your domain, so it does not report you as a spammer. It knows how to parse the headers to report spammers.
It isn’t so much that MY address book has been hijacked as someone else’s address book has been hijacked, and one of the addresses in it happens to be mine.
The issue for me is not how to block spam coming to me from “myself”, but when it goes to others. They see it as the spam that it is, and then block me. No problem by itself. But some of those spam blockers utilize an internet database, and so I’m blocked all over the internet.
I do BCC: myself along with all other recipients to ensure that my emails get through. And I’m constantly having to UNspam myself on Gmail.
And it’s not just me. I’ve had to unspam known good emails on Gmail from others who use AOL, Comcast, and SBC email providers. I’m envisioning the day when no legitimate emails get through, and only spammers can get through.
thank you so so much for the information you are giving us. I was so worried because this email adress I have has been hacked a few years ago by someone with whom i’ve talked and that has given it back ( an explanation is needed: he got my email and password with the help of some virus that i don’t have on my computer anymore) meaning that he gave me the password he used so that i could log in and change it after the virus was removed and so i got my adress back. so I’m always concerned that he is trying to steal it again or that he already succeded, so your explanation is very reassuring. but do you think I should still be concerned about the vulnerability of my adress? and sorry if something doesn’t really make sense, english is not my native language
Hi, it’s me again :) I want to thank you again for how much you are helping all of us understand how things work and how to solve problems, I love your website! I read all I could in the email category but I can’t find what I’m interested in so I think it hasn’t been asked before. I might seriously missunderstand how yahoo works but I am extremely allarmed by something. I have myself in my contacts and messenger list and today, when I logged in on the yahoo mail page, I’ve noticed that, in the “chat & mobile text” box, under the mobile contacts there’s my own id followed by my phone number! my phone number which I have never added to my account information, or anywhere else.Why is it there? Can anyone else see it? If my account were to be hacked, the hacker would see it, how do I erase it? I have used the internet from my mobile phone (it must have been a year since then) and I got to the yahoo web page and logged into my internet accounts (I have more then one) but I don’t think this is the cause of the problem, or is it? and if so, why doesn’t this happen with my other accounts? have you ever heard of this before? Has anyone else in here? Please, share any information you have on the topic. It might be a ‘normal’ feature that I just don’t know about, especially since I’m using yahoo US and things are different there (I’m from Romania), but it’s very inconvenient for me and I need to have that phone number erased. I hope I explained the problem clearly. Any help from anyone would be much appreciated. Thank you!
After receiving bounce back spoofing email, I contacted everyone in my address book to let them know that any email coming from me soliciting jobs or products are not coming from me.
If the email goes to my junk mail, but is says it’s from my email address and to my email address, could they be sending the same emails (saying it’s from my email address) to others in my address book? I’ve received spam emails from friend’s accounts saying that it’s from them, but it’s trying to sell Viagra or something. Could the same thing be getting sent to my contacts also???
09-Feb-2011
Hello Leo,
I have read your explanation about this happens. However, in my case the name and the e-mail address do match. Also because it is a hotmail account and when I am connected to my webmail it shows whether I am online on messenger/space/profile etc it shows that on the email. I receive spam of myself in the junk folders with my name and email matching. Also, I have blocked emails that came of myself into my junk folder but they keep on coming in my junk on occassions. The way you described spoofing seems like it only happens when they only spoof either the name or the email address? I dont really know what to do and whether I am spamming other people with these spam emails. What would u recommend and what do you think is the problem..
Thank you.
28-Feb-2011
Alright. Email looks to have been sent from me, to me and everyone in my address book, including my work email. That is, the address in the from is my personal address, and in the “to” is all my address book contacts, and my work email.
Checked the sent folder to see if it was there, and it was not.
Checked my work email, and my work email did not have the email from my personal email address.
Spoof or Hack? I’ve changed my password and personal credentials (the people who use this address already know who I am, so no real need for a “profile”) just in case, but I’m curious.
Furthermore, it had no subject line, and their was a link in the body of the email. The link went to a numeric IP address.
Your help would be greatly appreciated in understanding what is likely going on here.
Thanks,
Charlie
However,
My work email never got any email
@Charles
If people in your address book or contact list are getting spam that appears to be from you it’s very likely that your email account has been hacked or otherwise compromised.
You’ll find more in this article:
http://ask-leo.com/someones_sending_email_that_looks_like_its_from_me_to_my_contacts_what_can_i_do.html
I setup a message rule to delete messages which come from me, AND which contain certain words in the subject line.
Hey Leo..
I discovered a new scam…. On facebook… I created a 2nd account one day and decided to try to locate friends. The mini app requests my email account title and PW and like a dummy I do so. Within seconds the app is perusing my address book and I can’t stop the routine quick enough. Overnight I get hate/angry emails from some of my contacts asking “WTF” Then lately I am receiving emails from myself using the unique “pseudonym” I used to create that 2nd FB account. So my conclusion is that it sourced from the creator of the FB app…(is it Zuckerberg? That little Turd!!)
I knew FB sucked pretty bad this confirms that FB is a waste of electricity.
Anyways I use AOL as my actual main email account and the email controls there allow me to AUTODELETE any spams I set up in the powerful word/phrase list as well as sender list… both lists allow “wild cards” and I can even reject emails from myself. I confirmed that by attempting to send myself an simple safe generic email and indeed I received the MailerDeamon rejected letter notice…..
Spammers hate me
When overwhelmed 2 years ago by spammers, I elected to escape them. The common denominator is the email address itself. So I set up a new email account, and ent out a mass email to those in my address book informing them that, in 3 months’ time, the abused original email account would be closed down. I changed info on accounts that needed to have the updated address. Finally, I did close the abused account. Today, by virtue of carefully monitoring what comes through email (and deleting unseen the garbage), I’m largely Spam-free. Makes for a lot less stress.
I do not understand why the providers of service, the internet provider sending email, do not require the senders email address to be in the header? Or at least check that WhoEver@hotmail, came from hotmail account. That is, if the email is coming from an AOL account then the header would have to have that info. Wouldn’t that preclude spammers from being completely anonymous? It would seem obvious that a IP provider would be able to check that paring with a simple computer program ?
My Outlook, spam filter works extremely well.
Actually Yahoo! has started requesting that people do exactly that – if the message says that it’s from a Yahoo! account then it must be sent by a Yahoo! server. The result? THOUSANDS of mailing lists broke across the internet. Mailing lists are just one example of email being sent from a server that’s completely unrelated to the “From:” address. It’s just not that simple a problem to solve.
I use Thunderbird and one of my email addresses is about 95% Spam. I created a Filter to send ALL messages addressed to that account to Trash. From there, I can do a quick review for real email.
Yes, I do need to make sure what I am deleting is spam. I can do a Print Preview if I am not sure. I have caught some genuine emails that way that came after I had asked a question on a web site.
I have a friend who was notorious for following the ‘send this to everyone you know’ instructions on every chain email he’d get. He was every bit as bad about forwarding things he found on the internet, joke site, cartoon, “news” flashes, and anything that grabbed his fancy to everybody in his mailing list. He’d enter people’s email addresses without a second though on sites he found interesting and amusing so they, too could share his interests.
I knew how he was -he even lost $5,000+ to a Nigeria originated girlfriend scam AFTER being warned dozens of times! I would never give him my ‘real’ email address and instead provided him with one of the free disposable email accounts I keep for people and places that haven’t earned my trust yet. It was a wise move!
I would get petitions from him that had hundreds of email addresses in the “To:” and “CC:” section. I do mean HUNREDS! He ignored every warning I gave him that spammers look for people like him that are linked to so many other recipients. I still believe that that’s who starts these chain letters- spammers! What better way to harvest active emails?
Sure enough, my email account began filling with SPAM appearing to come from him. Within a few days he called me in a panic because his Mom and sisters were being hit with ads he was forwarding to them inviting them to visit porn sites he was personally endorsing, some of them pretty off the hook! besides being able to say “I told you so!” I told him you can only wait until they go away. Things got so bad, everyone he knew blocked his emails. At one point I was getting between 50 and 100 every day! Even though it was a junk email account, I had to block him as well.
Whatever the new method of online advertising is that isn’t related to tracking cookies is as bad as SPAM. I’m talking about where anything I look at anywhere on line like eBay or Amazon follows me from site to site appearing as an ad somewhere on the page. I have heard that these ads are also shared with people on contact lists on sites like Facebook. I read of cases where people’s gift purchases last Holiday season were shared quite publically wrecking Christmas surprises. This new advertising method has me experimenting with a proxy server/VPN service for anonymous web browsing. I have been using a service called IPVanish on a trial basis which allows me to be online from servers all around the world, configurable to change every hour or so, or remain with one. One day I was logged in from Bulgaria, Romania, the Netherlands, the Philippines, Chicago, and several other places. Performance and my ability to do things on the Internet is indistinguishable between using the service and connecting through my ISP the regular way. One click switches back and forth between it and my ISP. The cost is very reasonable, setup and use is a snap.
The only downside is because everything works the same I forget I have it turned on and when I go to a site that requires log in I get the ‘your computer is not recognized’ routine and have to verify my identity. I’ll get a notice that there was an unusual login attempt which also lets me know the watchdogs are watching. I switch it off and try again with my regular ISP connection or just do the verification.
I remember trying a service like that in the early days of the Internet and it was useless because pages wouldn’t display, you couldn’t up or download. I think eventually such services are going to become far more common, at least until the telecoms seize the internet and quash them.
Meanwhile, I think I am going to stay with them. privacy is VERY important to me online even though I don’t do anything I need to hide.
@J Matt No matter how useful any FB app may seem, every EULA allows the originator of that app to circumvent any and all privacy settings. I have seen some that grant permission to use your photos, make up things you didn’t say and attribute them to you, access you address book- people just do not pay attention to EULAS and it isn’t always FB that’s behind those abuses. Birthday reminders? How harmful could that be? Clicking a link to Brittany’s Most Embarrassing Moment couldn’t possible be the reason someone’s smiling face is now endorsing adult diapers, could it? Some of them even say you grant them permission to access your friend’s pages and posts!
People simply will not listen that those FB apps, games, and often the ‘Likes’ have strings attached and are deals with the Internet Devil. No matter how careful you are, someone you know can slip and affect you.
I can’t believe microsoft can’t/won’t detect email that isn’t from one of their own IP addresses. This should be automatic. I shouldn’t even have to add block manually.
Spam email from “yourself” . Create a Signature in the outgoing emails. ie. ( ### Your Signature etc. ###) without the brackets.
Go to ypur email client ie. Sky/Yahoo email.
In Settings click Filters.
Create a fllter with your email address in the FROM field.
In the Body Text field add ( does not contain ### Your Signature etc. ###)
This should insure you do not get any emails from yourself…
Leo,
I have a question. My gmail address somehow got connected to some spam and now I get over 200 message every day trying to sell me bank accounts, women, drugs, vacations and you name it. I’m tired of it and want to be done with that address. I am going to delete the address but need to let my contacts know I’m changing addresses. Can I notify them without the “spam” getting my new address and following me? Here are my questions: Can you please walk me through the steps to best notify my contacts of my new address? Can you please walk me through the best way to delete the old account? Can you give me some tips on how to guard from this happening again?
Thanks in advance for any help you can give.
There is no easy way to do it. If you want to be very careful about not informing anyone except your legitimate contacts, then you’ll need to go through your address book one by one and send them a message. Alternately, you could download your contact list to a spreadsheet. Go through the sheet and clean it up, then upload it to your new account. Then you would be able to send to small groups of contacts using the bcc field.
But honestly, it’s better to just find ways to filter all that spam. Once the new email address is found you’ll just have to do the whole thing over again. Here’s a good article from Leo about spam: https://askleo.com/how_do_i_stop_all_this_spam/
This is pointless. Spam happens to all email addresses eventually. The best thing to do is NOT change email addresses, but rather mark all incoming spam as spam so that eventually Google knows to place it into yoru spam folder instead of your inbox. Then … just carry on.
I figured out one way to prevent spam emails from those spammers who fake my email address as the source for junk email. This is how you can do it. Make a new rule for sorting incoming email. Set the recipient’s and sender’s email address for that rule to your email address, and then set the action to delete. By doing this the sorting rules will delete the email if both the sender and recipient are your email address. This will result in emails from spammers who fake your email address to be deleted.
There isn’t much you can do, but the ISP or email service provider could just configure their SPF record correctly to eliminate most of this type of spam.
Actually that’s not true in practice. While SPF promises much, my understanding is that it’s “advisory” only, and as such is actually ignored or not acted on that strictly by many email providers. It could help, and should be done, but I don’t believe it would come anywhere close to eliminating “most” of this kind of spam.
Hi,
it is changing…
SPF alone is a going thing but not enough (for the novice it permit to have a list of authorized email server to send emails for a domain)
Then came DKIM which sign emails at the server level, the signature can be verified and the receiving server can accredite it is legitimately sent from the signing domain.
Last, DMARC has arrived and permit to unify all those. It is currently supported by the major public services (gmail, yahoo, outlook.com, paypal.com …) and spreading through companies.
All those combined make life difficult for spammer and more important to SPOOFING and PHISHING (if the received support checking those, an email from info@paypal.com will just go to junk or refused because they support DMARC)
So it is not yet the end of SPAM but a good way to.
My 2 cents.
Olivier
The anomaly in all this seems to me to be that major corporations (domains) do not seem to suffer from this kind of issue.
At least I’ve never seen it. i.e. email from Microsoft.com, Google.com, Google Alerts , Facebook , Popular in your network and so on.
If it is simply the ability the forge the “from” field in an email address then why do these types of email not seem to suffer from “from spoofing”?
Spammers probably just didn’t feel like setting it up for those. Literally nothing is there to stop them from sending emails like that though, if they really wanted to.
I’ve gotten spam with addresses spoofed from major companies, such as Facebook, Amazon, PayPal, Microsoft, etc.
I am just so horrified that my own email is advertising sex! I do what hotmail says and have virus protector and still they get through…Disgusting!! Thanks Leo though for what you said it is supportive yet frustrating as it seems not much I can do…… Grrrrrr….
Lately, I’ve been opening up the email, scrolling down to section where it says, UNSUBSCRIBE. Unsubscribe, means, the sender has to take your name off of the mailing list. I’ll block them, too, even though they are using my email address to get into my account. I’ve also changed my password, but, they still get in. Everything works, but, the spammer has so many accounts, it will spam you with another email name. Plus, they have a system, using bots to get into our accounts. They have a system, that, every time we go against it, they already have another comeback, especially, if we have our email on automatic login. I refuse to accept, there is nothing we can do. I will continue to try to figure it out on how I can stop them. So, annoying. sigh…
“Unsubscribe, means, the sender has to take your name off of the mailing list” – No. Spammers don’t. NEVER “UNSUBSCRIBE” FROM SPAM. It only gets you more spam.
how about shutting down all the websites that they are advertising for? get to the root of the problem!
Actually the relationships are rarely that direct. (And you could cause your competitors websites to be shut down by running a spam campaign on their behalf.) But it also does happen.
Hosting accounts offer two filtering options. The first, which is very unreliable when dealing with multiple attacks from unknown addresses on your domain and is the User Filtering. If spam is arriving only for one or two addresses then this filtering will work. But if you receive multiple spam from different unknown addresses sent to and from your domain, then the second option named Account Filtering is best. I will use Bluehost as an example, but your mileage may vary.
Configuring Account Filtering will be the same as with its counterpart except a wildcard will be used that covers any address under that specific entire domain.
First you need to setup a new filter that matches the rules below. The Action will be to DISCARD MESSAGE at the end :
RULES:
FROM | EQUALS | *.domain.com
And make sure to add AND at the end of that line. Then add an additional line using the plus sign, and add matches:
TO | EQUALS | *.domain.com
And add a OR variable at the end. Add a third line using the plus sign again. This is the one used for testing. Add a match:
SUBJECT | DOES NOT CONTAIN | test
ACTIONS
DISCARD MESSAGE
Once this is in place, any mail sent from AND to a email address will automatically be silently removed.
Vision24
Leo, please help. Not only is my incoming email into my junk filter from me, but when I click on the sender it immediately shows my correct email (again), my mobile phone number and detail to my 15 year old daughter.
Normally I ‘block’ all my junk emails when I log onto the main hotmail account (opposed to being on my phone). My concern is that my email not from myself, to myself, shows my mobile and part of my family.
The SpamCop.net reporting service (mentioned above) allows one to file complaints with appropriate mail-server administrators about any spam. The reports then generate statistics, which are fed to the SpamCop Blocking Service to automatically keep it up to date.
For me, SpamCop has been a godsend. Whenever I get an ‘underliverable’ notice from a spoofed address, I just copy/paste the full-email into SpamCop’s Report Spam dialog box. It, then automatically decodes exactly which server the failed email originated from, as well as filing a complaint report directly with the responsible adminstrator about it.
A way to protect others in your address book is to not use an address book. Put them somewhere else and I won’t be specific here. Anywhere, but your address book.
Better is to secure your account properly so you don’t get hacked. It’s totally counter-productive to plan after-hack protection.
i keep getting emails from a bunch of letters and numbers then after them is adviceselective.com and the emails say someone visited my profile and sent me accounts they all go to my spam but what is this.
That’s spam. You can ignore them.
Hi Leo, is there any way one can bounce spam back to the sender? thanks for all your info.
Bouncing wouldn’t work. Spammers wouldn’t pay attention to bounced mail. In fact it might bring even more spam.
Not to mention that the address is likely forged anyway to an address that doesn’t exist. For example, I doubt that (at)pornhub.edu is a real email address.
hi i was just wondering what website you can login to you account for email @myself.com
Email addresses with the @myself.com domain belong to mail.com. If you go to mail.com, you can sign up for an @myself.com address.
Someone is using my name and changing the way my email is is was always {email removed} and it was my secondary to {email removed} but they changed the SheilaSLaber to something different and Yahoo was how I went onto Facebook. Help me if you can If not. Just close my account because I never changed it.
Thank You!
We cannot close your account. We are not Yahoo.
If they changed the portion of your email address before the @yahoo.com – THEY DID NOT CHANGE YOUR ACCOUNT. That’s a brand new different account. Your old one should work just fine.
We cannot recover or close hacked accounts, lost or forgotten passwords. Please see this article for more information on your options:
http://ask-leo.com/would_you_please_recover_my_password_my_account_has_been_hacked_or_ive_forgotten_it.html
If this is a Facebook account then please see: http://askleo.com/how_do_i_recover_my_facebook_log_in_password/ and/or http://askleo.com/how-do-i-recover-my-hacked-facebook-account/
Thanks so much, I didn’t think to check the sent folder, no emails actually sent from my account, but its still frustrating someone is using my address to send all manner of spam to others
I checked mine and the spam is from me only listed to me.
I can live with the delete and move on.
My only question is whether or not someone in law enforcement could easily establish that the email did not really come from me.
Imagine instead of it being a harmless spam add to myself it is a group of people planning an act of terror, or dealling arms/drugs that use this to make it appear I am the sender.
In the current climate the burden of proof has shifted and I would need to be assured that they would know this wa not me before I spent 56 days in detention without charge.
From spoofing is easy to spot. Doesn’t even require law enforcement. Follow the several articles referenced in the “Read more” section and you’ll learn about that. Also, as mentioned at the end of this article… if you’ve been hacked then the email is actually coming from you. That’s a different situation all together.
It really depends on whether your account was actually hacked. The traditional techniques that spammers use that don’t need your account are actually pretty easy to detect. If not obvious from the “From:” line, it’s typically pretty obvious to those who understand the normally unseen “headers” that track an email’s path through the internet. If your account really IS hacked, then things are more complicated, of course.
I got maybe 5-6 spam messages from myself containing a hyperlink and some of my contacts (not all) did also receive spam messages from me and i did find this in my sent folder. Of course i did not click on the malicious links. My question is, why are they spamming me if they already compromised my account ?
Everything is just on huge lists and databases. They aren’t spamming “you” personally. If you see that messages have been sent from your actual email client then you need to take immediate steps to secure your account. This article will help. https://askleo.com/email_hacked_7_things_you_need_to_do_now/
It’s UNlikely that your account has been compromised.
That would still be useless, since we have the ability to spoof IP addresses with the usage of proxies. Or someone could just create a botnet using other’s IP addresses.
Yes, and most spam comes from botnets*, even now. It is being sent from hundreds of thousands or millions of infected computers of unsuspecting users.
*Botnet: malware that hijacks computers and uses them to perform certain tasks such as sending spam, mining bitcoins or just about anything that can make the hacker money.
Hi Leo,
Yes it WAS a bad news, but your reply to my situation was the most real and wise one of all.
This is my story: ,
1-I stupidly tried “PlayHugeLottos.com”, lost some money, decided not to give’m more money,
2-BUT they started calling me repeatedly,
3-Drove me mad and told them what they deserve,
4- XXX= They started throwing me some strange sender emails,
5-FILTERED them= to JUNK, all of a sudden I started getting 100s of crazy and variety subjects JUNK( Financial savings, Datings, YOU NAME it),
6- I started RULING them out , got worse,
7- Ruling & Filtering & wrong steps caused even my contacts and business mails go to JUNK and EVEN DELETED!!
SEEMS LIKE HAVE TO SUFFER , and do not know for how long??
Thank you for clearing things, from now on I will ask YOU my question DEAR.
I suspected I’d been hacked (or not) after receiving NUMEROUS emails from myself, so I changed my email password (comcast.net on macbook and iphone) Since then, on my iPhone 6, my email will receive emails but will not allow me to send. All other settings have remained the same. Any advice?
Typically send is a separate configuration (SMTP) that you also need to update with the new password.