Computer/Internet Issues & Troubleshooting Anyone with questions about the terribly complex world of computers or the internet should try here. NOT FOR REPORTING ISSUES WITH PPRuNe FORUMS! Please use the subforum "PPRuNe Problems or Queries."

Spam from my email address

Old 9th Aug 2009, 20:04
  #1 (permalink)  
DB6
Thread Starter
 
Join Date: Apr 1999
Location: Dundee, Scotland
Age: 59
Posts: 1,270
Likes: 0
Received 0 Likes on 0 Posts
Spam from my email address

I have noticed a few emails caught by various spam filters seem to have come from my email address, but called by a different name. I am sure this is a well-known phenomenon but I don't know much about it and it's time to put a stop to it, since people are not getting my emails as their spam filters are - understandably - telling me to piss off. Is the problem on my computer, the email Server, my ISP?
Can some kind souls enlighten me as to how best to sort it out?
DB6 is online now  
Old 9th Aug 2009, 20:25
  #2 (permalink)  
Upto The Buffers
 
Join Date: Apr 2006
Location: Leeds/Bradford
Age: 47
Posts: 1,112
Likes: 0
Received 0 Likes on 0 Posts
You can't sort it out. There's absolutely nothing to stop someone sending an email with yours as the senders address. Fundamental flaw in the system? Absolutely, but then it was designed decades ago when people were a little more trusting.
Shunter is offline  
Old 9th Aug 2009, 21:10
  #3 (permalink)  
 
Join Date: Nov 2000
Location: Cambridge, England, EU
Posts: 3,443
Likes: 0
Received 0 Likes on 0 Posts
The "From:" address in an email is whatever the sender chooses to set it to. (Ditto the "Relpy-To:" and various other sender identifications.)

I can send email claiming to come from you, nobody will or can stop me. You can send email claiming to come from me, nobody will or can stop you.

The only thing you can do about it is to stop worrying about it. Mostly these joe-jobs stop after a few days anyway.
Gertrude the Wombat is offline  
Old 9th Aug 2009, 21:19
  #4 (permalink)  
DB6
Thread Starter
 
Join Date: Apr 1999
Location: Dundee, Scotland
Age: 59
Posts: 1,270
Likes: 0
Received 0 Likes on 0 Posts
Gertrude, I can only send email addresses from my own account, so while I may call myself anything, the email address surely has to be mine? So somebody is using my email account to send spam - surely there must be a way to stop that?
DB6 is online now  
Old 9th Aug 2009, 22:47
  #5 (permalink)  
Moderator
 
Join Date: Sep 2003
Location: Twickenham, home of rugby
Posts: 6,846
Received 15 Likes on 10 Posts
DB6,

You are not understanding the responses.

No-one is using your email account to send spam.

Someone is using your email address in the "from" field of the emails they are sending out.

And as others have pointed out, it is trivial to accomplish and there is nothing that can be done about it.

You should be able to look inside the email header and see the actual source mail address, so you might try complaining to the registrar of the domain. But I wouldn't waste my time, if I were you.

SD
Saab Dastard is offline  
Old 10th Aug 2009, 09:24
  #6 (permalink)  
 
Join Date: Jan 2008
Location: LONDON
Age: 50
Posts: 525
Likes: 0
Received 0 Likes on 0 Posts
While SAAB is essentially correct you may not view anyone elses email address in the mail header you could indeed see your own there too.

DB6 - The problem you are experienceing is a weakness in the protocol for sending mail - this allows the application sending the mail to stamp any email address it likes as being the sender. The intended use for this was to allow the email account owner to move between networks (ISP's) and still be able to retain the same email address - however the SPAM merchants have exploited this for their own benefit.

A decent Antivirus/Antispam program will perform a domain lookup on the email address domain and compare that with the IP Address where the mail originated from and if they do not match will mark the message as spam.

There are some legitimate bulk mailing companies and mail re-directors that have registered their details with the leading AV companies so they dont get marked as spam but these operate on a code of conduct and should never send an email to you looking like its from yourself.

As SAAB said, whilst they are a pain in the rear the problem is so widespread that there is not the resources to tackle the problem at the source - the best thing you can do is install a good anti-spam program and alleviate the amount of spam that gets to your mail box.
Jofm5 is offline  
Old 10th Aug 2009, 10:29
  #7 (permalink)  
 
Join Date: Feb 2006
Location: UK
Posts: 591
Likes: 0
Received 0 Likes on 0 Posts
In a similar vein to what Jofm5 describes, I exploit this "from" feature to my advantage too; I prefer to use a mail client (in my case currently Mozilla Thunderbird and before that Outlook Express) installed on PC in lieu of the web mail access provided by all three mail service providers that I use. In Thunderbird I have therefore defined three mail separate accounts, each for a different address and each associated with a different domain. Only one is associated with BT, my internet connection provider.

I quite happily send mail "from" all three domains using the BT connection as well as receive (download) mail to them. BT know who I am in terms of authenticating the actual "send and receive" command (it will only work from home, on my own connection, not anywhere else where I take my laptop), so it succeeds. When I first discovered I could do this, for fun I invented a totally silly mail address name and defined an account on the PC using it as the "from" address. Something like [email protected]

Of course it sent without problem (as it happens to my work address where the spam filter successfully trapped it).

For the record DB6, my work spam filter traps fifty mails on a typical day of which 49 are probably using my own work address as the "from". There is no way on earth that anyone other than my employer's mail administrator or me has access to my account.
The late XV105 is offline  
Old 10th Aug 2009, 10:48
  #8 (permalink)  
 
Join Date: Jul 2009
Location: london
Posts: 33
Likes: 0
Received 0 Likes on 0 Posts
Treat your personel email address that you have from ISP as Gold dust, dont dish it out filling any sort of forms, only for personal communication, you can open an account with lots of browser based emails ie; Yahoo, Hotmail, Gmail etc etc and use them for all other stuff you want to do.

The spammers use Web Crawler Programs to fish for emails addresses from the WWW, if you dont have decent Firewall, they will also know what are your interest are through the various cookies embeded and unknowingly downloaded while browsing and then you will be bombarded with spam emails for those interests of yours..

As mentioned here earlier, if you right click the email, and see the properties, that should give you a path or source of the email sent to you.
you can than find the domain, google domain to ip address resolution and you will be able to find ISP, from here on you can inform the domain about the spammer at [email protected] but its not going to make much diffrence.
boe777 is offline  
Old 10th Aug 2009, 11:00
  #9 (permalink)  
 
Join Date: Feb 2006
Location: UK
Posts: 591
Likes: 0
Received 0 Likes on 0 Posts
I echo boe777's advice; my primary (ISP provided) mail address is only used for contact with close friends and family and in the ten year's I've owned it I've had only one item of spam. My other two mentioned mail addresses both exist for specific purposes, have a consequent small circle of receivers, and have never been spammed.

For all my online shopping I use another dedicated mail address and for forum membership another. Both of these are web-based. The online shopping account receives probably 10 items of spam a day and the forum one none, but either can be thrown away at the drop of a hat if spam becomes a nuisance.

Of course with on line shopping I look for the option to switch off authorization for further mail address usage, but one thing I am always careful to do with forums is to switch off any means of Joe Public (and web crawlers) finding the mail address too. Sometimes this can be done during registration, but if no option is given I always go back and look for it directly afterwards in "manage my account" or whatever.
The late XV105 is offline  
Old 10th Aug 2009, 11:34
  #10 (permalink)  
 
Join Date: Jul 2009
Location: london
Posts: 33
Likes: 0
Received 0 Likes on 0 Posts
Very True XV105,

Data protection Act means very little to some organisations, who would gladly sell the information at the right price.
boe777 is offline  
Old 10th Aug 2009, 13:16
  #11 (permalink)  
 
Join Date: Jun 2008
Location: Thinking about it, give me a minute.
Posts: 256
Likes: 0
Received 0 Likes on 0 Posts
DB6 (do you have one?)
This topic comes up every so often in this forum. Most folks have had a similar experience at some time.
Since you know that you don't ever send yourself email from your own account one of the simplest methods of control is to blacklist yourself, I know it sounds cooky but it's worked for lots of folks.

Blade
BladePilot is offline  
Old 10th Aug 2009, 15:15
  #12 (permalink)  
DB6
Thread Starter
 
Join Date: Apr 1999
Location: Dundee, Scotland
Age: 59
Posts: 1,270
Likes: 0
Received 0 Likes on 0 Posts
Thanks for the replies. It hasn't bothered me until recently but now I'm finding that my email address is appearing on blacklists (most recently Barracuda) and getting bounced by anti-spam software - it's not the emails to myself that bother me so much as the fact that they're going to others as spam.

BladePilot - you mean one of these ?

Might have .
DB6 is online now  
Old 11th Aug 2009, 10:08
  #13 (permalink)  
 
Join Date: Dec 2005
Location: Wellington,NZ
Age: 65
Posts: 1,668
Likes: 0
Received 1 Like on 1 Post
Has anyone considered the possibility - remote as it might seem due to the likelihood of the proffered answers being correct - that the emails are originating from DB6's computer, created by a spambot?
A look through the firewall log (if an appropriate software firewall is operating) should reveal much.
Tarq57 is offline  
Old 11th Aug 2009, 11:02
  #14 (permalink)  

Official PPRuNe Chaplain
 
Join Date: Apr 2001
Location: Witnesham, Suffolk
Age: 79
Posts: 3,498
Likes: 0
Received 0 Likes on 0 Posts
Anything seems to be possible in the world of spammers.

Most of the spam I get has my address in the "from" box too, and comes from China. I think the idea is that when you Spamcop them (I do, usually) they know who did so and therefore know that address is "live".

I have never given out either of my "real" ISP e-mail addresses, and they've never had any spam. I use several domains, for different purposes (Church, personal, flying, alumni association, and so on) and send with them all as the "from" through the same SMTP server. That SMTP server has secure logon, so I can use it from anywhere - not just when connected to that ISP.

Until recently, I used two Spamcop addresses - one for "direct" stuff to my own domains, that i would report, and a second (no reporting) for stuff that comes via routing servers where reporting would hit the "genuine" domain rather than the spammer. I've dropped the second (saving a whole US$30 a year) and now use Gmail as the filter. That works extremely well - no false positives in the 3 months I've been doing it, and only a couple of spams have got through it.

There was a time when spammers would pick an address at random as the "from" in their junk - and the poor unsuspecting owner would get thousands of "bounce" messages as a result. I don't know if that still happens, but I've not been drowned in bounces for a year or two.
Keef is offline  
Old 11th Aug 2009, 13:46
  #15 (permalink)  
 
Join Date: Nov 2000
Location: Cambridge, England, EU
Posts: 3,443
Likes: 0
Received 0 Likes on 0 Posts
Has anyone considered the possibility - remote as it might seem due to the likelihood of the proffered answers being correct - that the emails are originating from DB6's computer, created by a spambot?
Possible, yes, remote, yes.
There was a time when spammers would pick an address at random as the "from" in their junk - and the poor unsuspecting owner would get thousands of "bounce" messages as a result. I don't know if that still happens, but I've not been drowned in bounces for a year or two.
Two possible reasons for the reduction in bounce messages for spam with faked From addresses:

- more people are configuring their mail servers not to send bounce messages in respect of obvious spam as, clearly, the bounce messages are of no use to anyone and just add to the problem

- more people are putting more sophisticated spam filtering on their incoming email, so the spam filtering might be throwing the bounce messages out as spam.
Gertrude the Wombat is offline  
Old 12th Aug 2009, 09:23
  #16 (permalink)  
 
Join Date: Jan 2008
Location: Bracknell, Berks, UK
Age: 51
Posts: 1,133
Likes: 0
Received 0 Likes on 0 Posts
As an IT guy who runs a managed anti-spam service for quite a few clients, my advice would be to:

- ignore the bouncebacks to your legitimate address from people and automated responses complaining about things you're apparently sending to them (but in fact most probably aren't)

- confirm you're not in fact the sender of the spam by doing a full scan of your PC with an updated antivirus/antimalware package to ensure it's not you that's been compromised

- read bounces from automated systems carefully when you have received one from an email you yourself tried to send. Most of them will give you instructions (possibly slight hidden amongst the bounce info) about which RBL (Real-time Blackhole List) your address belongs to. Your task then is to visit the relevant website for that RBL and register to remove your address from that RBL.



Cheers,
Mike (posting from sunny Belarus this week)
Mike-Bracknell is offline  
Old 13th Aug 2009, 12:52
  #17 (permalink)  
 
Join Date: Oct 2006
Location: Sussex
Posts: 57
Likes: 0
Received 0 Likes on 0 Posts
I've found that spammers latch on to email addresses with actual names in them as they are easy to find. As soon as I set up one on a charity domain that I help run with my name as part of the address then the spam came flooding in as did the emails from myself. All the other addresses I have which are not normal names don't get the same treatment and several of these I use all the time for everything.
It would seem that a non name email address is a lot less likely to get spammed and used than any others at least with my experience.
Mr Grumps is offline  
Old 11th Sep 2009, 09:08
  #18 (permalink)  
 
Join Date: Sep 2001
Location: 38N
Posts: 356
Likes: 0
Received 0 Likes on 0 Posts
Tip: Do not P.O. a professional Spammer

Quite a while back in the history of SPAM, maybe 1994 or 1995, I discovered the truth of the above tip.

One day I noticed my business email address was being mis-used in a commercial promotion that caused some modest number of rejections or undeliverable messages to be bounced back to the company.

The mail software gave very complete routing reports. From those I was able to trace the spam source to an address in a small town in Canada, with a few persons names, etc. associated in the ownership records for the spammers business.

Wanting to nip this in the bud, I called the town's local government offices and had chats with several people involved in Economic Development, Chamber of Commerce, etc. Also called the local police station & discussed possible legal issues with THE detective in charge. Chatted up a few local politicians, putting emphasis on the law & order aspects of spamming and how a few provocative calls to the press could give their town a global reputation. Got to know the spammer's situation moderately well, but we never talked in person. The whole town was only a couple miles square, and half the people responsible for the town's public image had the name and modus operandus of the spammer by the time the afternoon was over. Not much question but that he was nailed.

Next day, there were no more bounced mails with my company address forged on them. None for months after. I gloated.

Then, one day, my company mail overflowed... There were thousands, maybe tens of thousands of spam messages coming in from all over the world, in dozens of different formats. Happened every day after that.

Went on for years in sporadic cycles. Nothing much I could do about it. Was like having an entire colony of ants at one's picnic. Had to move the business activity to a different address space to save the time and hassle.

Moral... pick your fights even more carefully in the computer age...
arcniz is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright © 2022 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.