I'VE BEEN SPOOFED !

A week or so ago I didn't have a clue what this was, until I was inundated with emails that stated I was the sender.  i.e.  the 'From' box & 'To' box are identical.  My web host says there is little that can be done to stop this spoofing.

Was just wondering if anyone else on here has had the same problem. 

Try changing your password.

Try blocking or spamming your own email address - after all you don't want to send messages to yourself, do you?

 It happens when someone puts your email address in the "from" box, but sends it from another account. That way, spam is delivered to people's inboxes with your email address and you receive all the "bounce backs"  from undeliverable mail. It has happened to me several times in the past as my email address is "out there" in many places. It is possible to set up SPF protection if you have your own domain and such like. This means that mail can only be sent from a known ip address, such as your webhosts webmail server. It can be a pain though as sometimes you want to send email from your PC email software and you can't. Some isp's also offer SPF protection.

Mark

Thanks Marksfish.  It's not as simple a problem as some may think!

 Try leaving it a couple of days to see if things drop off. You tend to find your address will be used for one campaign. You may find your email address is blacklisted at SpamCop or SORBS for a few days, but it resets if no reports are made over 3 days.

Mark

I've never been able to figure out how you can put someone else's e-mail address in the "from" box. Not that I want to, of course - just wonder how they do it?

 I have 5 different email accounts in my email programme Roberto. Easy enough to do when you set up a new account in Outlook. Choose a name, put in an email address and then add your outgoing server settings. Hey Presto!! I think the likes of Virgin/ NTL and a few others will not allow you tosend a non Virgin address through their servers for this reason. 

Mark

Really? And you don't need the password corresponding to that e-mail address? Scary!

 You only need the password to retrieve the email. Sending an email can be sent securely (not encrypted though) using authentication which uses a password to access the outgoing server. In reality, not many of us bother which is why it is easy to spoof an address.

Mark

I don't think this has ever actually affected me - until yesterday. I have been receiving several bounce backs (undelivered mail) that I didn't send. If I was superstitious I'd say it's because I read this thread and posted on it!

Mark - apart from the fact that several people unknown to me will presumably be receiving e-mails that appear to have come from me, does this compromise my own security at all? I still can't quite get my mind around it - why would a spammer want to use my e-mail address, when he can just as easily set up a new gmail or Hotmail account to use for a one-off "campaign"? Do you think my own contacts will be getting spam from "me"?

 You'll be okay Roberto, unless you have allowed access to your email contacts list.  Your address will have probably been harvested from somewhere on the web. This in itself is harmless enough as my email is out there all over the place and has probably been collected I don't know how many times. Your address will then have been addd to a list and sold on. Sometimes, you may get unsolicited email with a unsubscribe link. You may never have been subcribed, but as soon as you click, you are addedto the database of verified active email addresses.

A spammer could sign up for a new Hotmail account (in fact, many scammers sign up to my forum using Hotmail, bloody system), but it is a bit of a ball ache. Why go to the effort of creating an account when you can choose to use one that is already made?

As I say, there is nothing usually anything more sinister than the address being used to make an email look legitimate. It is merely a tool the spammer uses to prevent his mailbox filling up wth unwanted bounces. Also, if you try to report the spam, most people will use the "from" email address to report instead of using something like Spamcop which will show the origin.

If you want o PM me your email address, i'll send you one from yourself if you want, just to show how easy it is.

Don't panic Mr Mainwaring .

Mark

Mark

Thanks Mark  Guess there's nothing to worry about then really. I'll just ignore these bounce backs and hope it's just a temporary nuisance.

 I got over 3000 in a week once!!!

I've been able to see the original email address of my spoofed emails by clicking on 'properties'.  See if that works for you Roberto.  Interestingly, since I've taken off the website address from my profile on here, the spoofing has ceased.  May just be a coincidence, but if Roberto is being spoofed from the same people - then that is worrying (all connected to overseas investments).

There's an awful lot of info attached to the failed delivery notification, including this:

X-Note: Spam Tests Failed: FORGEDMAILER, SHORTURL, WEIGHT10, WEIGHT15
X-Country-Path: UNITED STATES->UNITED STATES
X-Note-Sending-IP: 74.53.39.250
X-Note-Reverse-DNS: fa.27.354a.static.theplanet.com

Seems to be originating from Houston Texas. the only actual e-mail address I can see amongst all the jargon seems to be this: 7nu1rfshea6l1_tzhhl6e49pyfw@mx009.twitter.com.tmail

Mean anything to anyone?

 The IP address belongs to a web hosting company, so it seems someone has paid their minimal amout to send mail through their servers. I would imagine the account will soon be shut down.

Mark

Hope so. Got another half dozen returned today.

Mark, I use Windows Live Mail (used to use Outlook) and if I try to set up another e-mail account (using a known gmail or hotmail address for example) I can't send any messages because I need to enter a password (see screenshot). Explain again in short words (!!) how to get round that. (Just curious, you understand)

 If you put (for example) johndoe@example.com as the email address, leave the password blank, untick the password box and put John Doe in the Display name box. Next check the Manually configure server settings and on the next page you can put your outgoing mail server settings. This means that the email address shown in the recipients email address will be yours, but it is sent through the spammers internet connection.

Mark

OK, this is starting to irritate me now! Have to crack it. It seems no matter what configuration I try, I keep getting asked for a valid password. No problem entering johndoe@gmail.com (for example - I'm actually using a friend's address - his name isn't John Doe). Leave the password unchecked, check manually configure and get to this:

Cannot continue without both incoming and outgoing server info. So what do I do next? My ISP is Telefonica, so do I enter pop3.telefonica.net & smtp.telefonica.net? Done that, and tried all combinations of authentication or not - still need a password to send a mail.