Someones sending email from my email address without my knowledge?

Is this happening to you?

Are you recieving emails from people furious that you’ve sent them some offers for discount pharmaceuticals or promotions for comoanies you’ve never heard of?
Perhaps you’re getting bouncebacks from various addressess stating that the message to JoeBloggs@adomain.com couldn’t be delivered as the mailbox doesn’t exist?

Why is it happening?

To answer this we first have to look at where the mail is being sent to?

If the email addresses that are receiving the mail or sending the bouncebacks are from your contacts on your machine or device then the chances are you have an infected device!
Give us a ring to see what course of action we recommend.

The chances are the email addresses mean absolutely nothing, and the mail is’t being sent from any of your machines or devices. I know what you’re thinking… How can that happen

Well back in the dawn of email the founders didn’t have the forsight to realise that the system of sending mail would be blatantly abused, meaning that when someone sends email they can easily spoof the  From and Return address of an email. So someone could very easily send email as if it came from BillGates@microsoft.com

What can I do about it?

If you a domestic user with a personal email address then there probably isn’t anything you can do. If on the other hand you have a professional email (You don’t need to be in business to have one – Just get in touch) then you can take steps to prevent people from spoofing your email address.

You can setup an SPF Record for your domain – Your IT department or Domain Registrar may need to do this for you. We will be wrting an in-depth article on SPF records in the future but for now heres a very brief explination as to what an SPF record is and how it works.

  1.  SpammerA tries to send out a message from you@yourdomain.com to Anything@AnyDomain.com
  2. AnyDomain.com receives the mail at one of it’s mail servers
  3. AnyDomains mailserver pulls the IP Address of where the email originated from (Not as Easily Spoofed)
  4. It then checks at yourdomain.com for an SPF Record
  5. If found it queries as to whether the IP Address of SpammerA’s email is authorised to send email on behalf of your domain.com
  6. If the IP Address isn’t listed it will delete the message
If your domain.com doesn’t have an SPF Record then almost all servers will accept email sent from anywhere as potentially viable mail from yourdomainname.com
*Not all mail servers use SPF Record checks so unless this is ever the case the internet will still be ripe with spoof mailshots!