Spyware, Viruses, & Security forum

General discussion

Why am I receiving junk mail from my own email address?

Forgive me for sounding dumb for asking this question (actually a couple questions) with possibly an obvious answer. Should I assume my Yahoo email has been hacked when I find junk ad emails in my "Bulk" mail folder showing my email address as being the sender? How is that possible?

I don't see these emails weekly, but sometimes I'll have couple in one week and then it could be once every month or two. When I check my "Sent" folder I don't see anything showing that my email address actually sent this junk mail. Sometimes it's junk advertising, but occasionally I have seen the subject saying something like "Please find your receipt attached"... or something along those lines. Of course I do not open these -- I just delete them.

I have had this email for probably 16 or more years. I have occasionally changed my password (maybe three or four times) since I've had it and I don't know if it actually made any difference because it wasn't that frequently that I actually checked until more recently.

Have I been hacked, or is there some visual trick from spammers where they can use your email address as the name but actually send from a different address, and how concerned should I be? Thanks in advance for your help!

--Submitted by: Sandy N.

Post was last edited on October 28, 2016 5:00 PM PDT

Discussion is locked
You are posting a reply to: Why am I receiving junk mail from my own email address?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Why am I receiving junk mail from my own email address?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
It's a common ruse used by spammers

In reply to: Why am I receiving junk mail from my own email address?

They place your email address in the from field because lots of email program are not that smart filtering spam. Web based mail is a bit more effective at stopping spam, but even it can't catch them all. A solution that I've used for years is Mailwasher, which is a stand alone program that all it does is attempt to stop you from seeing spam in your inbox.
You can set up filters in most every mail program/webmail that is out there, But they are usually limited in what they allow the end user to filter by.
To get into some Deep detail. There is a lot of information in your emails that is not displayed generally. You can view the raw email or "Source" and see a lot of this information in the header or Top of the email. This is even above the from and to entries.

Here are some of those header items.
Return-Path This line will have where it was supposedly sent from. Using the example email address of jsmith@gmail.com as the receiver of this email The line might actually jsmith@yahoo.com or something completely different.
X-Original-To will probably be your email address in this case jsmith@gmail.com
followed by
Delivered-To Which WILL be the receiver's address (ie jsmith@gmail.com)
The Big tattle tail line is
Recived:
This line shows the route the email took to get to you. It's added to along the way from sender to receiver and can't really be spoofed easily.
it might say something like this.

Received: from host223-150-38-89.static.arubacloud.fr (unknown [89.38.150.223])
by mx7.gmail.com (Postfix) with SMTP id 706BD3FBE5
for <jsmith@gmail.com>; Fri, 28 Oct 2016 16:28:12 -0700 (PDT)

If you can view this line it will tell you where it came from. In this example France. (the .fr on the end tells me that. Or you can look up the ip address in the brackets)
There are additional lines to the header like X-Mailer: which in this spam email I'm pulling this from as an example says "X-Mailer: Microsoft Outlook Express 6.00.2600.0000"
that's the supposed program that generated the email. This line CAN be spoofed and in this case they did it badly because Outlook Express is out of date but they never bothered to adjust their spammer program to spoof something that's a bit more up to date.

Again Mailwasher Pro combined with the custom filters created by Wizcraft are a great starting point.
If you run mailwasher first it will examine your emails and even let you safely preview an email before it ends up on your computer., Mailwasher has a learning system installed and as you start marking your emails as good or bad, it will learn what to expect. Mailwasher is free for a single email address.

Yes I'm blowing the program's horn on this, but it does the job great. I use it on an email address I have had for over 18 years and will commonly see in excess of 200 emails a day, I sometimes get that many over night! But I don't see them when I go to look at the mail I want to read because they have been removed.

Collapse -
What do you think of this?

In reply to: It's a common ruse used by spammers

I've had a similar problem with Yahoo, but with a few twists. Hope you can help me.

Twice already I got around 15 messages all at once, most end up in the Spam folder, a couple make it to the Inbox. They are all apparently "mail delivery failed" messages.

They all claim that the message that I sent to XYZ failed for different reasons - account doesn't exist, unrouteable address (whatever that is!), etc. A couple of notes:
- I never sent the said messages, nor are they on my Sent folder.
- All of the addresses that I supposedly sent to are people that I haven't emailed in several years (some are real blasts from the past!).

What it seems to be is that those are real Mailer Deamon messages (although the sending email addresses are pretty weird, like Mailer-Daemon@www.postfreehosting.com or MAILER-DAEMON@gateway22.websitewelcome.com), that a spammer sent emails to those addresses using my address in the "to" field and that the address doesn't exist anymore so I received the failure message.

If this theory is correct, I wonder:
- If a spammer puts my address in the 'from' field, does the returned message come back to me or to the spammer?
- If these are real rejections, why do they go the Spam folder?
- Most importantly - how in the heck did these guys get a hold of the list of addresses I used to email 15 years ago?

I'd appreciate your reply.

Thanks!

Collapse -
Joe Job

In reply to: What do you think of this?

As you have surmised, your email address is being used as the return address in spam sent out to random accounts. And, yes, the bounce messages go to the address in the email envelope, not to the actual sending machine.

It could be that someone is trying to sully your reputation, which would be a Joe Job. A couple of times I've had hundreds of bounced messages over the course of a few weeks, along with some very angry emails blasting me for sending out the spam. It subsided fairly quickly.

But, most likely, it is just the spam program choosing your email address at random from those it has found on the hard drive of the machine it has installed itself on.

Those bounce messages go to your spam folder because most bounce messages include the entire content of the email that bounced. Therefore, the spammy content in that message will trigger the spam filter on your email server.

As to how they got your address and those of your friends from long ago, you can see my response just below here, about return addresses not being verified. Basically, everyone's email address gets transmitted around the Internet through various group emails and forwards. It's essentially impossible to keep your address from ending up on machines all over the world.

Collapse -
To Answer the Last Question

In reply to: What do you think of this?

Often, you have to give your email address to some company for some useful purpose. However, all they need is ONE unscrupulous employee to grab the list of email addresses and sell them on the dark web to some spammer who will pay for a decent (verified gets more $$) list. The from: address means nothing. Anyone can put the from: to equal the to: field. There is probably canned spam software out there that will do this. How many emails do you get with the from address equal to something like {%male_random_name@...}. That is, some file got lost or some other error.
Even looking at "options" for the email and looking at the headers doesn't always get you back to the original sender. I had a few that did and used to annoy the real sender but that is rare.

Collapse -
Because return addresses are not verified

In reply to: Why am I receiving junk mail from my own email address?

Spammers can put any return address they want in the From: field. In fact, anyone using an email program like Outlook or Thunderbird can do the same thing. They can put your address in there. They can put president@whitehouse.gov. Anything they want.

This has a few ramifications. One is, you cannot trust the From: address of any email. (This is not strictly correct. But, close enough for the purposes of this discussion. See below.) What *that* means is that you have to be skeptical even of email from friends and family. You also have to be skeptical of emails from people you know who you consider to be computer experts.

For example, I have told friends of mine that if they get an email from me that says, "Check this out!" then it's probably not from me. I will always add something to the email that proves that I'm the one who sent the email. Usually, referring to something we spoke about recently.

How would a spammer get your friend's name? Usually from joke emails. What happens is, someone gets a joke email and forwards it to, say, 20 friends. So, now there's an email on 20 computers that has your email address along with 19 others. You didn't send the email. A friend of yours did. Then, maybe four or five people forward that joke on to 20 more people. Now, your email and those of your friends are on about 100 computers. Repeat that a few times, and pretty soon your email is on thousands of computers of people you've never heard of.

Eventually, that email will get forwarded to a machine that is running a spam program. The spam program will take two email addresses near each other in the list and put one in the From: field and the other in the To: field. The idea being, if the addresses are close to each other in the forward list, then maybe those two will know each other. And, maybe one of them will trust the other enough to follow a link or open an attachment.

In your situation, it was a programmer being lazy. Instead of using a different email in the From: he just used the same address in both. I don't know why anyone thinks that will work. But, for you, that makes it easy. If you see an email from yourself that you didn't send (I often send myself reminders, since I check email on a desktop at home) then you can just delete it, as you have been. It does not necessarily mean that your account has been compromised.

Now, there is something called "Sender Policy Framework" aka SPF aka email caller ID. It was supposed to limit the email servers that were allowed to send an email that contained a given domain in the From: field. Unfortunately, the way they implemented it means that almost nobody uses it. There ended up being too many situations where people were using a 3rd party server to send their email. There was no way to cheaply (in network and organizational terms) verify that an incoming email from a server different than the domain was legitimate.

For example, I have my own domain, but I have set my email programs to send outgoing email through my ISP's servers. The reason being, it is far less likely that my (very large) ISP's servers will get blackholed. Whereas, my web host's servers might, if some spammer takes over a domain on the same server as me. There is no mechanism in SPF for me to say, "I know that (large ISP) does not have SPF enabled on their server, but I want my outgoing mail from there to be seen as legitimate, anyway. But, anything that's not from either my ISP's or my web host's servers should be considered spam."

So. There are some people who *only* send from their own email server. They can turn on SPF for their email server, and some receiving email servers will check for that. But, that turns out to be a very small percentage of domains. So, the vast majority of From: addresses are completely unverified. So, we users have to remain vigilant.

Drake Christensen

Collapse -
Here is a simple self warning system.

In reply to: Why am I receiving junk mail from my own email address?

Include in your address book a fake name and email address. If you ever receive an error message and the email is returned, you'll know your account has been hacked.

Collapse -
It Works**

In reply to: Here is a simple self warning system.

I have used this in my email accounts for years. It works. My old Hotmail was hacked years ago and I realized when started getting spam from this Fake name was returned to me** IT WORKS**

Collapse -
Please explain

In reply to: Here is a simple self warning system.

I don't exactly (or inexactly, for that matter) understand this. Jim

Collapse -
A trap for the hackers...

In reply to: Please explain

Jim -- When the spammer/hacker grabs your address list, they expect all of the addresses to be real people who you have already sent e-mail to. So, to help get the unsuspecting recipients to open the spam, your address will be used as the From. The fake address should always bounce back to you at the same time everyone else is getting the spam. Without that, you'll have to wait until your contacts start e-mailing you about the spam they got. With the fake address, you can be proactive and immediately mail your contacts telling them about the earlier spam. You'll also know your account was hacked and you can take action to regain control of your account. I did something similar -- I put accounts from my personal ISP e-mail in my Yahoo contact list. One day, I got e-mail from my Yahoo in my ISP accounts that I never sent. I knew immediately that my Yahoo contacts were hacked. Hope this helps!

Collapse -
Grift Had a Great Answer

In reply to: Why am I receiving junk mail from my own email address?

But here is more detail just in case:

Many spam filters will work off of your contact list so, if some return address is on your list, it will (maybe) have a better chance of getting through your spam filter. Also, if you decide to reply to the spam, YOU will get the email. You won't be filling the spammer's inbox with stuff.
Here is another thing that started in the 1990's: malware! Let's say a friend of your has certain types of malware that capture information from emails such as To: or CC: addresses and then sends the information to a spammer. The spammer then sends mail out using all of the information they got from your friend's computer and the FROM: address for that email is selected from the list. So, if you get emails from people that you don't know complaining that you are sending them spam, nicely ask for a copy of the email and tell them it was generated from someone who has malware and not you.

But Grift is right. The main reason is to fool spam filters. What do I use? I have a "remailer" (http://www.pobox.com) and they first receive my mail, eliminate spam depending on how strong my settings are, and then send the good mail to me. I have it set low to avoid false positives but they also send me a report on mail that was blocked so I can check for false positives and release mail, if necessary. I also have Norton Security which has a spam filter.

There is no "trick". In Internet TCP/IP anyone can send an email and put anything they want as the From: address. There is nothing to guarantee that the address is even real.

Collapse -
Your email asn't been hacked ...

In reply to: Why am I receiving junk mail from my own email address?

... at least what you tell us is no evidence of that. Here's how it works - some of what I'll say will repeat some of what others have already said:

The main reason this can happen is that anyone can send emails via any number of SMTP servers (SMTP is the protocol for sending emails) that are publicly accessible. And you can put any email address in as a sender - even ones that don't exist. This latter option won't work with some corporate receiving email servers any more, because they now - in self defence - check whether there is at least a DNS entry for the domain you are using and reject mail from unknown domains. What remains is that any valid email address - however they came by it - can be used by spammers and pranksters and fraudsters as a return address.
You would normally not notice that unless you receive spam from an address you know. And when you ask the alleged sender s/he won't have a record of that mail, because chances are it wasn't even sent via their mail provider. And, yes, you could also receive fraudulent mail that appears to come from yourself.
These apparent "hits" usually can be explained by the way email addresses are harvested - a mutual friend sends out a mail to a number of his/her acquiantences and the whole distribution list gets harvested together. The baddies then hop ethat you are more trusting of emails that appear to come from a known and trusted sender. That they pick your own address is probably due to an oversight or an excessive amount of greed.
Another thing you may find from time to time that also gives you a glimps of how this works is a "delivey failed" message from a completely unknown party. It happened to me at my work email address (and the company I work for has close to half a million email addresses in its domains and the admins there are absolutely meticulous about keeping all that squeaky clean.) Still, one day I started getting mails from various "postmaster@xyz.com" type addresses about the address "xxyyzz@xyz.com" being unknown and the mail sent by me at hh:mm on mm/dd/yyyy being undeliverable. The attached mail is a classic spam or phishing mail or one of the "open attachment urgently" variety (how telltale can you get?) - something I have never before seen in my life. But as I said already, that mail never saw my mail server before. It was sent from somewhere else but had my return address on it. Needless to say that xxyyzz@xyz.com may have existed once upon a time, or it was a typo in that harvested distribution list.

Let us just console ourselves with the thought that the mail protocols that make fraud like this so easy were created at a time where everybody on the internet could still put absolute trust in everybody else on the internet, and in the case of some of us that we were around then to enjoy that.

Collapse -
You could have been pawned.

In reply to: Your email asn't been hacked ...

You could have been pawned, check your email address with with haveibeenpawned.com this will tell you if you email is one of the ones taken in known breaches. I have been getting spam from an old google mail address that I used years ago with Adobe. They got hacked and it would seem that my address one of those taken, the spam still gets to me even though the address has not been used for around 8 years.

Collapse -
@kingsley-lewis The term is "pwned" _NOT_ "pawned".......

In reply to: You could have been pawned.

The URL that you, @kingsley-lewis, supplied is extremely dangerous!!!!!!!!!!

The one you should have supplied is to a website called: "';--have i been pwned?" withOUT the "a".

After trying the URL that you supplied and was taken to a malicious site, I found the actual website by doing a search for "Have I been pawned".

The actual website is "haveibeenpwned.com"

Collapse -
Spam from "your own" Y! e-mail address

In reply to: Why am I receiving junk mail from my own email address?

Sandy, you do know that Yahoo Mail was compromised and a lot of passwords were stolen, right?

The first thing you can do is change your password immediately if you haven't done so in the past 3 to 6 months as Yahoo has been notifying everyone to do.

The second thing you can do is use a computer to log into your account and mouse over "your address" on any particular spam message to see what shows up in the little box that appears. You don't have to open the email to do that.

If it's your address that shows up in that little box, then your email has in deed been compromised and is being used to spew spam. In addition all of your contacts have likely been harvested, as well, and are likely being used to spoof spam from. Changing your password on a regular basis will be a big help in putting a stop to your own account,itself, being used nefariously.

If anything other than your own address shows up in that little box, then your address has been harvested by your own account being compromised and/or someone else's email account being compromised and their contact list harvested. In this case your address is being "spoofed". Learn about that here: https://en.wikipedia.org/wiki/Email_spoofing And then use the information there to do searches and learn some more. There is no such thing as knowing everything at any one time because spammers and other nefarious parties think of new things to do to carry on their nefariousness on a constant basis. It's a constant cat and mouse game between us good guys and the bad guys looking to skroo[sic] us over.

The third thing you can do is go ahead and open the email as long as it is in the Spam folder and view the Full Header of the email. Learn how to do this at https://nz.help.yahoo.com/kb/view-header-sln22026.html and how to find and use the information you see there to figure some things out as to what your next move would be. Changing a password, again? Or chalking it up to simple spoofing which dictates just deleting the email.

All that said, now that your email address is out in the wild there's no stopping it from being used to spoof email from. Therefore, you can expect to see spam coming from "yourself" for quite a while and then on a sporadic basis as lists of harvested email addresses are sold and passed around in spammers circles.

Collapse -
it's the spam filters to blame

In reply to: Why am I receiving junk mail from my own email address?

As spammers get cleverer so the spam filters used get more aggressive and complicated in order to control them. This results in many more valid e-mails trapped by them.
In addition, one of my e-mails, generated in Windows Live Mail (WLM), now must pass through 4 filters - my AVG virus/spam checker on my PC, my ISP (BT) filters, the recipient ISP filters, and the recipients own PC filter, thus increasing the chance of it being labelled SPAM. The e-mail can therefore safely arrive in the inbox, can arrive in the inbox with a SPAM tag on the subject line, can arrive in the spam/junkbox, or not arrive at all. I am experiencing all 4 conditions, varying with the ISP and onboard software in use.
BT don't want to know, having found out I'm using Windows Live Mail. Gmail recently blocked all my e-mails processed by WLM saying its security was not acceptable to them (I had to sign a waiver). AVG say its not their fault.

E-mails, especially through offline software like WLM, are now very unreliable. I need to keep a secure archive of my e-mails through changes in ISPs - online web-mail wont give me that. I realise ISPs will increase their revenue if I go to webmail, but my risk of the baddies getting to me also increases the longer I'm on-line.

Why wont the ISPs go for the spammers rather than kill my e-mail system with filters?

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GRAMMYS 2019

Here's Everything to Know About the 2019 Grammys

Find out how to watch the Grammy Awards if you don't have cable and more.