Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Why Am I Getting Spam from Myself?

//
I get email from:

someone@somedomain.com
<myemail@hotmail.com>

where “someone@somedomain.com” is someone I don’t know, but “myemail@hotmail.com” is, in fact, my email address. It as if I was getting spam from myself, but I did not send it.

How do I stop these emails from coming into my box? It’s usually for drugs or financial services that I don’t need or would never be interested in. How can they use my own email? I can’t block them as it says it is illegal to block my own email.

I’ll start with the bad news: there’s almost nothing you can do.

This is spam, pure and simple. Abusing your email address is only one of many techniques spammers use to throw their garbage into our mail boxes.

The remedies are pretty standard, albeit less than 100% effective.

Become a Patron of Ask Leo! and go ad-free!

From: spoofing

What you’re seeing is called “spoofing” (or more correctly “From: spoofing”): sending email that appears as if it’s coming From: someone that it isn’t. Spammers hide where their emails originate, and do so very effectively.  Spoofing is used in just about every bit of spam you see today.

And it’s actually quite easy.

The From: address is meaningless on spam – it tells you absolutely nothing. There’s nothing in email protocol that actually requires or checks that what appears on the From: line of a message actually has anything to do with the message’s true origin. To discover the true origin requires more detailed analysis of the email headers, and even then, at best you might be able to get the IP address of the computer sending the email. And as I’ve discussed ad nauseam, the IP address is pretty much useless to you and me.

The fact that you’re seeing your email address used in the From: field shouldn’t alarm you. It might be annoying, but there’s no need to worry about it. You’re already on spammer’s lists to get spam, and they’re using that same list, or variations of it, to select which addresses to use when spoofing. Currently, there is no effective way to stop them.

Why you’re getting it

Spam!When you see your own address spoofed in the From: field of spam, it’s happening for one of two reasons:

  • They’re trying to spam you, and know that it’s unlikely you’ll block email from yourself. In fact, as you’ve seen, it’s not even always possible – but I’d consider it a bad idea, even if you could do it. It would prevent certain types of legitimate email from reaching you.
  • They’re trying to spam someone else, and what you’re seeing is a bounce message indicating that the original spam was rejected by its intended recipient. Since the email looks like it came From: you, you get the bounce message.

Now, as to why the “someone@somedomain.com <myemail@hotmail.com>” where the two email addresses don’t match, or the more common “Name <myemail@hotmail.com>”, where the name is obviously unrelated to the email address, I can only speculate. My guess is that it’s either intentional confusion to boost the chance that recipients will open the email, or a side effect of the tools spammers use that may not be able to put together a proper name/email address pair.

What to do about it

First, realize there’s nothing you can do to prevent From: spoofing. Spammers can put whatever they like in the From: line. If they want to put your email address there, they can.

Eventually, your email address is going to show up in the From: field of spam you had nothing to do with. In fact, as you’ve seen, it probably already has. The good news is that most automated spam filters realize the uselessness of the From: line, and probably won’t start blocking the email you send because some spammer happens to be using your address. Naturally, some people might not realize this, and they could try blocking you, but given that spammers spam everyone, the chances that it’s someone you know or care about is actually pretty slim.

The only thing you can do is to keep doing whatever it is you do to control spam. Typically that means marking spam as spam and moving on with your life.

The one thing to watch for

I want to be clear, questioner: since you’re able to log in to your own account to get your mail, what I’m about to caution you about is not very likely.

But it is possible.

Sometimes you’ll get spam from yourself if your account has been hacked. Now, like I said, you are able to log in to your account, so if your account is hacked, the hackers didn’t change the password. That happens, but it’s unusual. Normally a hacked account means you can’t log in to begin with.

Nonetheless, it’s something to be aware of, and perhaps check. For example, check the Sent Mail folder to see if there are messages you didn’t send. If so, take all the precautions outlined in Email Hacked? 7 Things You Need to do NOW.

Or, even if you don’t find any hard evidence of a hack, you might change your password, just to be on the safe side.

Podcast audio

Play

110 comments on “Why Am I Getting Spam from Myself?”

  1. Leo,
    Thank you for responding to my question. I wish we could do something about this, but now I know that it isn’t unusual or serious. Maybe one day hotmail will be able and willing to do something about this problem. J. Haring

    • Leo

      I always enjoy your radio show and has been an inspiration to me.

      I found this fix for the problem of receiving junk or spam e-mails when I send e-mails form hotmail to AOL. I went to options on my account. Then to general and changed Mail Away Message to blank as it had a default the inside the box. I tested right away and it works.

      Terence King

  2. There’s one way to redirect those messages to the SPAM folder, as long as you use Outlook 2007. Create a RULE to apply on messages arriving. The rule is messages from myname@myDomain and sent to myname@myDomain move to SPAM. You may choose to delete, instead of moving to SPAM, but I like to double check.

    Atleast they are not within the valid messages anymore.

    renato

  3. You might suggest to J. Haring that he/she get a gmail address from Google. Google email has an automatic spam drop that works well. It also learns from the user’s actions which additional email is classified as spam. Works great for me.

  4. It is harmless until Yahoo cancels your email account for “SPAM Abuse” because somebody was spoofing your email address….which happened to me.

  5. Why not have a do not e-mail list much like the do not call list? Most of the opt out options in e-mails don’t work,they just bring me to a blank page.I am wondering why more of us (people on the net) don’t get together and push for something more to be done.I mean my ISP has already blocked my account once for spamming and I knew nothing about it until I tried to get online and was blocked.I had to call them just to get my internet back and was told if it happens again my account will be canceled.I mean all this has gotten way out of hand and no one even wants to try to do something about it!!!
    Dave

    Spammers would simply ignore a “do not email” list. And by clicking on “opt out” links in spam, you’re likely getting MORE spam as a result.

    – Leo
    10-Nov-2008
  6. Good article. I have a Gmail account and I think that they do a great job of preventing spam, but I also get annoyed by the e-mails from myself, that are really not from myself.

    This is even doubly annoying, because sometimes I do send myself. Like sending myself an attachment at work, so that when I get home I can quickly download it. Gmail is simple to use because they give you up to 20MB for an attachment.

    But Google also added a cool little feature that may be beneficial here. You can add a “+” and any verbiage after the “+” as a tag to your e-mail address. In other words, you can address an e-mail to a gmail user like this: user+thisisatag@gmail.com. How this can be used is to send e-mails to yourself by addressing it as self+fromself@gmail.com. When you register your id at a site, register the e-mail address of self+ebay@gmail.com. This address will appear in the “to” field and you can easily create a filter to grab these and labels to them. Anything sent to you that doesn’t have a label will either be caught by your spam filter or end up in your inbox and easily spotted.

    The other option would be your own domain and creating “forwarding” e-mail addresses that you would register in much the same way as i described above. In other words, ebay@mydomain.com or paypal@mydomain.com or any other site you subscribe to. This will help you to quickly separate the legit e-mails from the false one’s. It’s tedious but stops all the guessing. The key is switching all of your existing accounts.

    Just my 2-cents.

  7. How often you will send an email to yourself, I keep my sent emails in my sent folder for records, I never cc myself, so, why not just block the email sent from myself?

    • u cannot block ur own email address when it is used by a scammer or hacker. I experienced this just a few days ago, receiving a mail in my spam box. By opening the mail source, I discovered that the mail was sent from an IP in a place close to Istanbul, Turkey. I could only delete that mail and hope there will not another anymore.

  8. So, i get that there isnt anything that anyone can do about this, but let me get this straight, i’m sending a bunch of people mail from my address, right? can’t i ask my mail provider to monitor my account activity or something? I’m a little more concerned that i’m sending a bunch of people dumb stuff.

    No. You are not sending anything. Spammers are sending things from wherever they send things that look like you, but are not you.

    – Leo
    09-Dec-2008
  9. There are some things you can do. There is a little program called Xxxxbully (xx out because we don’t want to advertise for anyone) that will elimininate most spam, even those with your own name on it. This is if you don’t “whitelist” yourself. (Not always desired though). Most email failures will come from your isp server, “service@youisp.com”
    Now for users with Outlook or outlook express, you have a pop&smtp account. Contact your isp about secure SMTP server. This requires you to have a username and password to send email OUT. The account information you put in originally was only for RECEIVING your email. Anyone can send our your email server.
    Now if your a yahoo or hotmail user, you just gotta lie there an take it. Many have a premium email feature that allows you to whitelist and create filters too.

  10. Just a side note. Here are the top money makers;
    *Pills (viagra, cialis etc)
    *Gambeling
    *Porn
    *email address collection so they can send you the above.

    Spammers love chain letters. They can get one email from one person, (from a hijacked computer) and it is lible to have 100 email addresses!!!
    So from now on, repeat after me, “I will learn to use the BCC button”. Why? It hides everyone’s email address in the body of the email.
    From this last chain email I got, I could make 100 dollars from selling YOUR email addresses.

  11. One day someone will invent a requirement that IP addresses are required to send email. That should take care of it – only being able to send emails from IP to IP.

    • That would still be useless, since we have the ability to spoof IP addresses with the usage of proxies. Or someone could just create a botnet using other’s IP addresses.

      • Yes, and most spam comes from botnets, even now. It is being sent from hundreds of thousands or millions of infected computers of unsuspecting users.

  12. I have all my email accounts hooked up through gmail, and there is an aggressive spoof spammer sending messages to one of the accounts i have linked under my domain. If i click “report spam”, will gmail think that my domain is a spam domain and block us? They are sending spam to me from my business, and i dont want to accidentally blacklist myself!

  13. I understood from the article that the spoof emails are not actually from me… but I replied to one of them just to make sure, and the reply showed up instantly in my inbox. It seems that it really is me.

    It is not you. The spoof makes it look like it came from you, and that also fakes out your mailer when you try to reply.

    – Leo
    14-Jan-2009
  14. Using Spamassasin there a few rules that deal with self signed or spoofed emails. We have put rules in place that people on a specific list can send emails (the white list). They can send mails to others on the domain, only if the mail originates from our Exchange server. The spamassasin rule blocks all email from outside from anybody on the white list. The fallout from this is that if someone wants to send email outside the domain to an email address in the domain they have to use the Exchange web client to send it for it must originate from inside the network.

    My personal belief is that until there is a financial cost associated with email we will never get rid of SPAM. I would pay 1 or 2 cents an email. It would amount to a small amount for most of us. That one or two cents though would be hundreds of thousands of dollars for a spammer thus making the marketing ploy not cost effective.

  15. I can’t block my own email address, as on my website I have a booking form which sends to my email from my email (well that is what it looks like)…I know that booking forms will appear the way they do, but I still get other companies, ie drugs, insurance, etc cloning my email address to spam me.

  16. Would ithelp if I changed my email address? Or are the spammers working with other parameters over which I have no control?

    Changing your email address may help for a short while, but the spam “from” yourself will return at your new address as well. I wouldn’t bother.

    – Leo
    08-May-2009
  17. Here’s my Thunderbird filter
    Set to require ‘all’ lines
    1. From – contains – my_real_email_address
    2. To – contains – my_real_email_address
    3. Subject – does not contain – test

    Do this: mark as Junk

    The third requirement allows me to send myself
    a test message, if I think there is some problem
    with the email service.

    I don’t automatically delete junk.

  18. Well Firstly I have to disagree. I understand the spoofing, but in general, when you start getting spam from you own *account*@hostname.com the chances of a bug/hijack application is pretty high. That’s something you can check out.

  19. Is the fact that my email address is in the FROM box going to get me added to a SPAM Blacklist?

    Best I can say is “maybe”. There are SO MANY blacklists, and they all follow different rules. Hopefully most realize that the from address is a bad way to determine what is and is not spam, but still … I’m sure some do.

    – Leo
    25-Jun-2009

  20. Is there a way of blocking e-mails that contain a keyword in the body of the e-mail? e.g. Viagra. I notice that most of these spams never mention the word in the header.

    That depends entirely on the services your email provider includes, and what specific email program you use.

    Leo
    11-Aug-2009

  21. I think most of the problem occurs with the fact that when sending mail to ourselves the sender is labeled ” me ” If Gmail would allow us to change this ( and not just when sending to someone else ) then the spam wouldn’t irritate us so much. If I sent a mail to myself and it said ” blushin ” on it, I’d know it was from me, when I recieve one that says from ” me ” I would block it. But Gmail makes it impossible to do this.

  22. I get tons of spam “from” myself, thankfully my email filters it out very effectively. My question is whether or not the spammers are able to send these spoof emails to OTHERS with MY email address in the “from” field. Are they able to spam others and make it look as if the spam was sent from my address?

    Yep.

    Leo
    06-Nov-2009

  23. it is so frustrating to me as it has now happened twice via my hotmail address – spam being sent to me and all my adressees – some of my addressees have warned me and I have profusely apologised, but am afraid I will be blacklisted. How can I stop the spam from reaching those on my addressee list? I dont care about myself. It is just embarrassing – particularly to those I have subscribed to their newsletters….

  24. Please explain why blocking mail from my own address will prevent me from receiving legitimate emails. I don’t get that — I never send myself mail, the only mail I get with my email in the “from” is from spoofers.

    It varies based on how people use emails, but for example people often “CC:” themselves on messages that they want to somehow see or act on again later from their inbox. For some people “blocking yourself” might be OK. Also realize that the display name might be your email address, but the email address actually being used (in < >) might be someone else – in which case blocking yourself won’t work.

    Leo
    08-Dec-2009

  25. So why isn’t there a way to report IP addresses (those are not as easy to fake) and/or domains from which the spoof emails are coming from.

    Someone needs to put this in place so that people can get this [edited] to stop. It’s irritating.

    There have been blacklists – both for IP addresses and domains – for years. They’re decreasing in effectiveness, as botnets – which use hunreds of thousands of computers spread out around the world – now distriubute the task of sending spam. Block those IP addresses and you could well be blocking your friends or even yourself as IP addresses get reassigned to various users.

    Leo
    19-Feb-2010

  26. I get spam “from myself” too. And, unfortunately they’re sending it to people in my address book. How did they accomplish that? Is my address book compromised too? I use AOL.

  27. Today I received a message which was supposedly “from” my brother Philip, telling me all about the wonderful new phone he’s bought and the online store he got it from. The only problem with this is, I know Philip was found dead two months ago! (And the spammer who’s hijacked his account and address book had the usual poor spammer English; another patent giveaway.)

  28. Hi, I am Samir from http://www.indianetcraft.com
    I am regularly getting spams from my own email id, it may possible they can send email to others as well from my email. Is it possible that my email got listed as spam origin? If yes it will be a real disaster for my business. Please let me know if I can do something to stop them.

  29. I have to disagree with you Leo, my tecnique works 100% of the time.
    The easiest way to fix this is to use OUTLOOK Rules and Alerts. You want it to look for the sending email address is the same as your email address. If so DELETE it.
    You can also use Rules and Alerts to check for specific words like Sex, Porn, Erotic, Pharmacy, Pfizer, Viagra, watches, Replica etc. Note you may have to enter some twice because the case (upper or lower) makes a difference. After 45 years in the computer industry I am very familiar with most of the techniques these people use. However I still check with Leo first in case it is something I have not come across before.

  30. Recently a bad roommate moved out and sure enough 2 days later I noticed spam going out from one of my e-mail addresses to all MY contacts!! this was horrific… how did this person do this? I was able to change my password and still have my account, when I went into the sent box the messages were there as if they were sent from my account.

  31. 2 – just notices that some of the contacts that were sent the spam were not in my contact list, so does this mean that another contact list (OUTLOOK) may have been breached?

  32. I solved this problem simply. My email address is all caps and most programs automatically convert to lower case, which works anyway, but spammers use the lower case. I blocked the lower case address and the upper case I use to send memos or information to myself still goes throug just fine. I have AOL and was able to do this very simply by adjusting my email settings. Hope this helps.

  33. I sent just a quick test return email back to an email that supposedly came from me, and guess what? It sent it to my inbox. So they aren’t just spoofing my email address, they’re somehow actually using it! I changed my password. Hopefully that will help.

    Your test does not indicate that they’re using your account. All your test proves is that email you send to your email address ends up in your inbox – as it should.

    Leo
    20-Aug-2010

  34. I have just started to receive emails ‘from myself’ on a Hotmail account after my first email account with the original provider I joined years ago has had them for ages. Surely other people are getting them as well, and they will think the emails are from me as it’s my email address on them? It doesn’t matter that they aren’t actually coming from me. Recipients will think they are.

    If anyone complains, point them at this, or Someone’s sending from my email address! How do I stop them?! or any of hundreds of other articles on the internet that describe “From Spoofing” and how you cannot rely on the “From:” line, particularly when it comes to spam.

    Leo
    21-Aug-2010

  35. I route all mail coming to my name@domain address through SpamCop before it comes to my ISP mail address. That cleans out a lot of junk, including ones spoofing my address. Of course, you have to list with SpamCop ALL the legitimate addresses you have set up in your domain, so it does not report you as a spammer. It knows how to parse the headers to report spammers.

  36. It isn’t so much that MY address book has been hijacked as someone else’s address book has been hijacked, and one of the addresses in it happens to be mine.

    The issue for me is not how to block spam coming to me from “myself”, but when it goes to others. They see it as the spam that it is, and then block me. No problem by itself. But some of those spam blockers utilize an internet database, and so I’m blocked all over the internet.

    I do BCC: myself along with all other recipients to ensure that my emails get through. And I’m constantly having to UNspam myself on Gmail.

    And it’s not just me. I’ve had to unspam known good emails on Gmail from others who use AOL, Comcast, and SBC email providers. I’m envisioning the day when no legitimate emails get through, and only spammers can get through.

  37. thank you so so much for the information you are giving us. I was so worried because this email adress I have has been hacked a few years ago by someone with whom i’ve talked and that has given it back ( an explanation is needed: he got my email and password with the help of some virus that i don’t have on my computer anymore) meaning that he gave me the password he used so that i could log in and change it after the virus was removed and so i got my adress back. so I’m always concerned that he is trying to steal it again or that he already succeded, so your explanation is very reassuring. but do you think I should still be concerned about the vulnerability of my adress? and sorry if something doesn’t really make sense, english is not my native language

  38. Hi, it’s me again 🙂 I want to thank you again for how much you are helping all of us understand how things work and how to solve problems, I love your website! I read all I could in the email category but I can’t find what I’m interested in so I think it hasn’t been asked before. I might seriously missunderstand how yahoo works but I am extremely allarmed by something. I have myself in my contacts and messenger list and today, when I logged in on the yahoo mail page, I’ve noticed that, in the “chat & mobile text” box, under the mobile contacts there’s my own id followed by my phone number! my phone number which I have never added to my account information, or anywhere else.Why is it there? Can anyone else see it? If my account were to be hacked, the hacker would see it, how do I erase it? I have used the internet from my mobile phone (it must have been a year since then) and I got to the yahoo web page and logged into my internet accounts (I have more then one) but I don’t think this is the cause of the problem, or is it? and if so, why doesn’t this happen with my other accounts? have you ever heard of this before? Has anyone else in here? Please, share any information you have on the topic. It might be a ‘normal’ feature that I just don’t know about, especially since I’m using yahoo US and things are different there (I’m from Romania), but it’s very inconvenient for me and I need to have that phone number erased. I hope I explained the problem clearly. Any help from anyone would be much appreciated. Thank you!

  39. After receiving bounce back spoofing email, I contacted everyone in my address book to let them know that any email coming from me soliciting jobs or products are not coming from me.

  40. If the email goes to my junk mail, but is says it’s from my email address and to my email address, could they be sending the same emails (saying it’s from my email address) to others in my address book? I’ve received spam emails from friend’s accounts saying that it’s from them, but it’s trying to sell Viagra or something. Could the same thing be getting sent to my contacts also???

    They could certainly be sending to other addresses, but your contacts may or may not be involved at all.

    Leo
    09-Feb-2011

  41. Hello Leo,

    I have read your explanation about this happens. However, in my case the name and the e-mail address do match. Also because it is a hotmail account and when I am connected to my webmail it shows whether I am online on messenger/space/profile etc it shows that on the email. I receive spam of myself in the junk folders with my name and email matching. Also, I have blocked emails that came of myself into my junk folder but they keep on coming in my junk on occassions. The way you described spoofing seems like it only happens when they only spoof either the name or the email address? I dont really know what to do and whether I am spamming other people with these spam emails. What would u recommend and what do you think is the problem..
    Thank you.

    Spammers can certainly spoof both name and email address – it could still be random spam. That being said, ask some of your contacts if they’ve gotten spam from you. You can also consider changing your password and everything else associated with your account: Is changing my password enough?

    Leo
    28-Feb-2011
  42. Alright. Email looks to have been sent from me, to me and everyone in my address book, including my work email. That is, the address in the from is my personal address, and in the “to” is all my address book contacts, and my work email.

    Checked the sent folder to see if it was there, and it was not.

    Checked my work email, and my work email did not have the email from my personal email address.

    Spoof or Hack? I’ve changed my password and personal credentials (the people who use this address already know who I am, so no real need for a “profile”) just in case, but I’m curious.

    Furthermore, it had no subject line, and their was a link in the body of the email. The link went to a numeric IP address.

    Your help would be greatly appreciated in understanding what is likely going on here.

    Thanks,

    Charlie

    However,

    My work email never got any email

  43. That’s the wierd thing. The names in the To: did not get any email. As an example, my work email address was in the To: but did not recieve the email.

  44. The simplest way to stop spams is delete completely your emails after backing up important emails and contacts. It’s not worth to keep the email address if it is affected.

  45. Shouldn’t it be possible, when they are selling something, to contact the distributor/actual seller of the product and tell them people are getting annoyed by way of their product is being marketed?

  46. Hey Leo..

    I discovered a new scam…. On facebook… I created a 2nd account one day and decided to try to locate friends. The mini app requests my email account title and PW and like a dummy I do so. Within seconds the app is perusing my address book and I can’t stop the routine quick enough. Overnight I get hate/angry emails from some of my contacts asking “WTF” Then lately I am receiving emails from myself using the unique “pseudonym” I used to create that 2nd FB account. So my conclusion is that it sourced from the creator of the FB app…(is it Zuckerberg? That little Turd!!)

    I knew FB sucked pretty bad this confirms that FB is a waste of electricity.

    Anyways I use AOL as my actual main email account and the email controls there allow me to AUTODELETE any spams I set up in the powerful word/phrase list as well as sender list… both lists allow “wild cards” and I can even reject emails from myself. I confirmed that by attempting to send myself an simple safe generic email and indeed I received the MailerDeamon rejected letter notice…..

    Spammers hate me

  47. When overwhelmed 2 years ago by spammers, I elected to escape them. The common denominator is the email address itself. So I set up a new email account, and ent out a mass email to those in my address book informing them that, in 3 months’ time, the abused original email account would be closed down. I changed info on accounts that needed to have the updated address. Finally, I did close the abused account. Today, by virtue of carefully monitoring what comes through email (and deleting unseen the garbage), I’m largely Spam-free. Makes for a lot less stress.

  48. I do not understand why the providers of service, the internet provider sending email, do not require the senders email address to be in the header? Or at least check that WhoEver@hotmail, came from hotmail account. That is, if the email is coming from an AOL account then the header would have to have that info. Wouldn’t that preclude spammers from being completely anonymous? It would seem obvious that a IP provider would be able to check that paring with a simple computer program ?
    My Outlook, spam filter works extremely well.

    • Actually Yahoo! has started requesting that people do exactly that – if the message says that it’s from a Yahoo! account then it must be sent by a Yahoo! server. The result? THOUSANDS of mailing lists broke across the internet. Mailing lists are just one example of email being sent from a server that’s completely unrelated to the “From:” address. It’s just not that simple a problem to solve.

  49. I use Thunderbird and one of my email addresses is about 95% Spam. I created a Filter to send ALL messages addressed to that account to Trash. From there, I can do a quick review for real email.

    Yes, I do need to make sure what I am deleting is spam. I can do a Print Preview if I am not sure. I have caught some genuine emails that way that came after I had asked a question on a web site.

  50. I have a friend who was notorious for following the ‘send this to everyone you know’ instructions on every chain email he’d get. He was every bit as bad about forwarding things he found on the internet, joke site, cartoon, “news” flashes, and anything that grabbed his fancy to everybody in his mailing list. He’d enter people’s email addresses without a second though on sites he found interesting and amusing so they, too could share his interests.

    I knew how he was -he even lost $5,000+ to a Nigeria originated girlfriend scam AFTER being warned dozens of times! I would never give him my ‘real’ email address and instead provided him with one of the free disposable email accounts I keep for people and places that haven’t earned my trust yet. It was a wise move!

    I would get petitions from him that had hundreds of email addresses in the “To:” and “CC:” section. I do mean HUNREDS! He ignored every warning I gave him that spammers look for people like him that are linked to so many other recipients. I still believe that that’s who starts these chain letters- spammers! What better way to harvest active emails?

    Sure enough, my email account began filling with SPAM appearing to come from him. Within a few days he called me in a panic because his Mom and sisters were being hit with ads he was forwarding to them inviting them to visit porn sites he was personally endorsing, some of them pretty off the hook! besides being able to say “I told you so!” I told him you can only wait until they go away. Things got so bad, everyone he knew blocked his emails. At one point I was getting between 50 and 100 every day! Even though it was a junk email account, I had to block him as well.

    Whatever the new method of online advertising is that isn’t related to tracking cookies is as bad as SPAM. I’m talking about where anything I look at anywhere on line like eBay or Amazon follows me from site to site appearing as an ad somewhere on the page. I have heard that these ads are also shared with people on contact lists on sites like Facebook. I read of cases where people’s gift purchases last Holiday season were shared quite publically wrecking Christmas surprises. This new advertising method has me experimenting with a proxy server/VPN service for anonymous web browsing. I have been using a service called IPVanish on a trial basis which allows me to be online from servers all around the world, configurable to change every hour or so, or remain with one. One day I was logged in from Bulgaria, Romania, the Netherlands, the Philippines, Chicago, and several other places. Performance and my ability to do things on the Internet is indistinguishable between using the service and connecting through my ISP the regular way. One click switches back and forth between it and my ISP. The cost is very reasonable, setup and use is a snap.

    The only downside is because everything works the same I forget I have it turned on and when I go to a site that requires log in I get the ‘your computer is not recognized’ routine and have to verify my identity. I’ll get a notice that there was an unusual login attempt which also lets me know the watchdogs are watching. I switch it off and try again with my regular ISP connection or just do the verification.

    I remember trying a service like that in the early days of the Internet and it was useless because pages wouldn’t display, you couldn’t up or download. I think eventually such services are going to become far more common, at least until the telecoms seize the internet and quash them.

    Meanwhile, I think I am going to stay with them. privacy is VERY important to me online even though I don’t do anything I need to hide.

  51. @J Matt No matter how useful any FB app may seem, every EULA allows the originator of that app to circumvent any and all privacy settings. I have seen some that grant permission to use your photos, make up things you didn’t say and attribute them to you, access you address book- people just do not pay attention to EULAS and it isn’t always FB that’s behind those abuses. Birthday reminders? How harmful could that be? Clicking a link to Brittany’s Most Embarrassing Moment couldn’t possible be the reason someone’s smiling face is now endorsing adult diapers, could it? Some of them even say you grant them permission to access your friend’s pages and posts!

    People simply will not listen that those FB apps, games, and often the ‘Likes’ have strings attached and are deals with the Internet Devil. No matter how careful you are, someone you know can slip and affect you.

  52. i tried to send an e mail to an email address, but it keeps coming in my e mail, (spam, trash,drafts). how can I effectively send it?

    • You’d have to include more details such as which email program or web interface you are using and explain exactly what you are doing when this happens in order for someone to be able to analyze what’s happening.

  53. I can’t believe microsoft can’t/won’t detect email that isn’t from one of their own IP addresses. This should be automatic. I shouldn’t even have to add block manually.

  54. Spam email from “yourself” . Create a Signature in the outgoing emails. ie. ( ### Your Signature etc. ###) without the brackets.
    Go to ypur email client ie. Sky/Yahoo email.
    In Settings click Filters.
    Create a fllter with your email address in the FROM field.
    In the Body Text field add ( does not contain ### Your Signature etc. ###)
    This should insure you do not get any emails from yourself…

  55. Leo,
    I have a question. My gmail address somehow got connected to some spam and now I get over 200 message every day trying to sell me bank accounts, women, drugs, vacations and you name it. I’m tired of it and want to be done with that address. I am going to delete the address but need to let my contacts know I’m changing addresses. Can I notify them without the “spam” getting my new address and following me? Here are my questions: Can you please walk me through the steps to best notify my contacts of my new address? Can you please walk me through the best way to delete the old account? Can you give me some tips on how to guard from this happening again?
    Thanks in advance for any help you can give.

    • There is no easy way to do it. If you want to be very careful about not informing anyone except your legitimate contacts, then you’ll need to go through your address book one by one and send them a message. Alternately, you could download your contact list to a spreadsheet. Go through the sheet and clean it up, then upload it to your new account. Then you would be able to send to small groups of contacts using the bcc field.

      But honestly, it’s better to just find ways to filter all that spam. Once the new email address is found you’ll just have to do the whole thing over again. Here’s a good article from Leo about spam: https://askleo.com/how_do_i_stop_all_this_spam/

    • This is pointless. Spam happens to all email addresses eventually. The best thing to do is NOT change email addresses, but rather mark all incoming spam as spam so that eventually Google knows to place it into yoru spam folder instead of your inbox. Then … just carry on.

  56. I figured out one way to prevent spam emails from those spammers who fake my email address as the source for junk email. This is how you can do it. Make a new rule for sorting incoming email. Set the recipient’s and sender’s email address for that rule to your email address, and then set the action to delete. By doing this the sorting rules will delete the email if both the sender and recipient are your email address. This will result in emails from spammers who fake your email address to be deleted.

  57. Thanks very much for this, you’ve answered the very question I was asking about receiving spam that looks as if it’s come from my own email address. I marked it as spam, and now that I know that’s all I can do I’ll just keep doing it if it happens again in the future.

  58. There isn’t much you can do, but the ISP or email service provider could just configure their SPF record correctly to eliminate most of this type of spam.

    • ACtually that’s not true in practice. While SPF promises much, my understanding is that it’s “advisory” only, and as such is actually ignored or not acted on that strictly by many email providers. It could help, and should be done, but I don’t believe it would come anywhere close to eliminating “most” of this kind of spam.

      • Hi,

        it is changing…
        SPF alone is a going thing but not enough (for the novice it permit to have a list of authorized email server to send emails for a domain)
        Then came DKIM which sign emails at the server level, the signature can be verified and the receiving server can accredite it is legitimately sent from the signing domain.
        Last, DMARC has arrived and permit to unify all those. It is currently supported by the major public services (gmail, yahoo, outlook.com, paypal.com …) and spreading through companies.
        All those combined make life difficult for spammer and more important to SPOOFING and PHISHING (if the received support checking those, an email from info@paypal.com will just go to junk or refused because they support DMARC)

        So it is not yet the end of SPAM but a good way to.

        My 2 cents.

        Olivier

  59. The anomaly in all this seems to me to be that major corporations (domains) do not seem to suffer from this kind of issue.

    At least I’ve never seen it. i.e. email from Microsoft.com, Google.com, Google Alerts , Facebook , Popular in your network and so on.

    If it is simply the ability the forge the “from” field in an email address then why do these types of email not seem to suffer from “from spoofing”?

    • Spammers probably just didn’t feel like setting it up for those. Literally nothing is there to stop them from sending emails like that though, if they really wanted to.

  60. I am just so horrified that my own email is advertising sex! I do what hotmail says and have virus protector and still they get through…Disgusting!! Thanks Leo though for what you said it is supportive yet frustrating as it seems not much I can do…… Grrrrrr….

  61. lately i’ve been getting spam from “myself” at first i thought my account had been hacked so i changed my password but spam from “myself” keeps happening and i don’t what to do. please help me!

  62. Lately, I’ve been opening up the email, scrolling down to section where it says, UNSUBSCRIBE. Unsubscribe, means, the sender has to take your name off of the mailing list. I’ll block them, too, even though they are using my email address to get into my account. I’ve also changed my password, but, they still get in. Everything works, but, the spammer has so many accounts, it will spam you with another email name. Plus, they have a system, using bots to get into our accounts. They have a system, that, every time we go against it, they already have another comeback, especially, if we have our email on automatic login. I refuse to accept, there is nothing we can do. I will continue to try to figure it out on how I can stop them. So, annoying. sigh…

    • “Unsubscribe, means, the sender has to take your name off of the mailing list” – No. Spammers don’t. NEVER “UNSUBSCRIBE” FROM SPAM. It only gets you more spam.

    • Actually the relationships are rarely that direct. (And you could cause your competitors websites to be shut down by running a spam campaign on their behalf.) But it also does happen.

  63. Hosting accounts offer two filtering options. The first, which is very unreliable when dealing with multiple attacks from unknown addresses on your domain and is the User Filtering. If spam is arriving only for one or two addresses then this filtering will work. But if you receive multiple spam from different unknown addresses sent to and from your domain, then the second option named Account Filtering is best. I will use Bluehost as an example, but your mileage may vary.

    Configuring Account Filtering will be the same as with its counterpart except a wildcard will be used that covers any address under that specific entire domain.
    First you need to setup a new filter that matches the rules below. The Action will be to DISCARD MESSAGE at the end :

    RULES:
    FROM | EQUALS | *.domain.com

    And make sure to add AND at the end of that line. Then add an additional line using the plus sign, and add matches:

    TO | EQUALS | *.domain.com

    And add a OR variable at the end. Add a third line using the plus sign again. This is the one used for testing. Add a match:

    SUBJECT | DOES NOT CONTAIN | test

    ACTIONS
    DISCARD MESSAGE

    Once this is in place, any mail sent from AND to a email address will automatically be silently removed.

    Vision24

  64. Leo, please help. Not only is my incoming email into my junk filter from me, but when I click on the sender it immediately shows my correct email (again), my mobile phone number and detail to my 15 year old daughter.

    Normally I ‘block’ all my junk emails when I log onto the main hotmail account (opposed to being on my phone). My concern is that my email not from myself, to myself, shows my mobile and part of my family.

  65. The SpamCop.net reporting service (mentioned above) allows one to file complaints with appropriate mail-server administrators about any spam. The reports then generate statistics, which are fed to the SpamCop Blocking Service to automatically keep it up to date.

    For me, SpamCop has been a godsend. Whenever I get an ‘underliverable’ notice from a spoofed address, I just copy/paste the full-email into SpamCop’s Report Spam dialog box. It, then automatically decodes exactly which server the failed email originated from, as well as filing a complaint report directly with the responsible adminstrator about it.

  66. A way to protect others in your address book is to not use an address book. Put them somewhere else and I won’t be specific here. Anywhere, but your address book.

    • Better is to secure your account properly so you don’t get hacked. It’s totally counter-productive to plan after-hack protection.

  67. i keep getting emails from a bunch of letters and numbers then after them is adviceselective.com and the emails say someone visited my profile and sent me accounts they all go to my spam but what is this.

      • Not to mention that the address is likely forged anyway to an address that doesn’t exist. For example, I doubt that (at)pornhub.edu is a real email address.

    • Email addresses with the @myself.com domain belong to mail.com. If you go to mail.com, you can sign up for an @myself.com address.

  68. Someone is using my name and changing the way my email is is was always {email removed} and it was my secondary to {email removed} but they changed the SheilaSLaber to something different and Yahoo was how I went onto Facebook. Help me if you can If not. Just close my account because I never changed it.
    Thank You!

  69. Thanks so much, I didn’t think to check the sent folder, no emails actually sent from my account, but its still frustrating someone is using my address to send all manner of spam to others

  70. I can live with the delete and move on.

    My only question is whether or not someone in law enforcement could easily establish that the email did not really come from me.

    Imagine instead of it being a harmless spam add to myself it is a group of people planning an act of terror, or dealling arms/drugs that use this to make it appear I am the sender.

    In the current climate the burden of proof has shifted and I would need to be assured that they would know this wa not me before I spent 56 days in detention without charge.

    • From spoofing is easy to spot. Doesn’t even require law enforcement. Follow the several articles referenced in the “Read more” section and you’ll learn about that. Also, as mentioned at the end of this article… if you’ve been hacked then the email is actually coming from you. That’s a different situation all together.

    • It really depends on whether your account was actually hacked. The traditional techniques that spammers use that don’t need your account are actually pretty easy to detect. If not obvious from the “From:” line, it’s typically pretty obvious to those who understand the normally unseen “headers” that track an email’s path through the internet. If your account really IS hacked, then things are more complicated, of course.

  71. I got maybe 5-6 spam messages from myself containing a hyperlink and some of my contacts (not all) did also receive spam messages from me and i did find this in my sent folder. Of course i did not click on the malicious links. My question is, why are they spamming me if they already compromised my account ?

  72. Hi Leo,

    Yes it WAS a bad news, but your reply to my situation was the most real and wise one of all.
    This is my story: ,
    1-I stupidly tried “PlayHugeLottos.com”, lost some money, decided not to give’m more money,
    2-BUT they started calling me repeatedly,
    3-Drove me mad and told them what they deserve,
    4- XXX= They started throwing me some strange sender emails,
    5-FILTERED them= to JUNK, all of a sudden I started getting 100s of crazy and variety subjects JUNK( Financial savings, Datings, YOU NAME it),
    6- I started RULING them out , got worse,
    7- Ruling & Filtering & wrong steps caused even my contacts and business mails go to JUNK and EVEN DELETED!!
    SEEMS LIKE HAVE TO SUFFER , and do not know for how long??
    Thank you for clearing things, from now on I will ask YOU my question DEAR.

  73. I suspected I’d been hacked (or not) after receiving NUMEROUS emails from myself, so I changed my email password (comcast.net on macbook and iphone) Since then, on my iPhone 6, my email will receive emails but will not allow me to send. All other settings have remained the same. Any advice?

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.