Sponsored by..

Friday, 9 September 2011

Why am I sending myself spam?

One of the most comment questions I get about spam is: "Why am I sending myself spam?" The most common answer to this is: "It's a forgery, you are are not sending yourself spam at all".

This answer requires some explanation, but the most important thing is that when you see spam both "To" and "From" you at the same time then it DOES NOT mean that someone has hacked into your email account. However, if a friend or contact is getting spam email "From" you  then it is quite possible that someone HAS hacked your email account and you should take appropriate action.

These mail forgeries are incredibly simple to do. Part of the problem is that the protocols that email runs on were written in the early 1980s when there was no such thing as email spam. Basically, when one computer connects to another computer to send mail then usually the receiving computer trusts that the sending computer is telling the truth about the sender.

The conversation between the two computers looks something like this:

MAIL FROM: sender@sender.domain
RCPT TO: recipient@recipient.domain
This is the body text of the email.

What might come as a shock is that the sender's email address specified in "MAIL FROM" can be anything at all, including being the same as recipient. This is technically known as spoofing (i.e. it is a form of forgery), and it explains as well why spam often seems to come from nonsense email addresses. There are some ways of stopping spoofing, such as SPF, but they are not very widely used.

One reason why spammers like to send spam "from" the victim is because it will often get through the victim's spam filters. In general, you should not whitelist your own email address in your spam filter for this reason. Fixing spoofing at a filter level is possible, but every email system and spam filter is different and this is really one for experienced IT support people to resolve for you.

I mentioned earlier about a different scenario - one where the mail appears to be "From" a contact. Although superficially it might appear to be similar, in this case it usually means that an email account has been hacked into, typically the person that the mail is "from". If you receive spam from someone you know then the best thing to do is contact them offline and let them know that there's a problem.

1 comment:

Pavel Nagaev said...

send me spam to

st@exchangefaq.ru or info@exchangefaq.ru