My Email Address Got Spoofed!
To start with, I have to say sorry to those of you who received emails that supposedly came from me and containing nothing but links to certain sites. We must have communicated via email in the past for this to happen. Your email address must be in my list of Contacts from which the hacker/spammer selectively chooses the addressees to whom the spam mails are sent. Not all those listed as my contacts received the spams so I wonder how the spammer chooses to whom to send them. This is called Email Spoofing and below are what I learned about this subject when I made a research on it.
Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Spammers often use spoofing in an attempt to get recipients to open, and possibly even respond to the content of their email. One technical site I visited during my research said,
It is easy to spoof email because SMTP (Simple Mail Transfer Protocol) lacks authentication. If a site has configured the mail server to allow connections to the SMTP port, anyone can connect to the SMTP port of a site and (in accordance with that protocol) issue commands that will send email that appears to be from the address of the individual’s choice; this can be a valid email address or a fictitious address that is correctly formatted.
As a non-techie, I would not dare to explain how email spoofing happens. You may want to visit the links I have above to know more about the issue. Email spoofing is actually as old as the Internet itself and already extensively studied and remedied by the experts. Apparently, the hackers know better because the phenomenon still exists.
In the case of my spoofed email address, the message has no (“Unknown”) subject and the body of the email contains only URLs of some sites. As such, I suspect that the spamming activity is a handiwork of some bad entities offering site visitors to clients (bloggers in many instances) for a fee. In any case, I know it is quite disturbing for anyone to receive this kind of spam especially if it is supposedly from an email sender that you know.
What to do with these spam messages? Just ignore them if you are a receiver. The URLs contained in the spam mail are mostly safe but I suggest that you do not click the links, just delete the message. It is also suggested that you inform your sender-friend about the spam message that you receive from his spoofed email account.
If you are the owner of the spoofed email address, your friends must have told you about the spams they received, you need to change the password of the forged account and hope that it solves the problem. There are instances that this won’t solve the problem, deleting the account would definitely stop the unwanted activity but I have yet to see how to delete Yahoo or Gmail email account. You may correct me if I am wrong.
If email spoofing happens especially with accounts that you’ve been using for years, it will be a real nightmare. Deleting account isn’t a solution, and using another password won’t affect it either. Hence handling such will become a nuisance.
Yes, my account that got spoofed is my email address for the past 10 years with our own domain as the extension. It will be painful and outright impractical to give it up. We also know that changing the password is not the ultimate solution. I am just hoping that the spammer would stop using my spoofed email account.
That happened to me also. I did change the password. In addition, I had to secure my computer. Someone that received the spam message from “me” said that it may be a breach in security like a virus, malware or the like. Do you think so?
It’s definitely a breach of security but, in my case, viruses are not the cause. My research showed it’s hacking on the email server side. As we said above, changing your password is not a guarantee that the problem will be gone.