The Curious Case of the Accidental Spammer
An anxious AskBob reader says: “Several of my email friends are complaining that I’m sending them spam emails. I’ve looked in my Sent folder and nothing odd shows up there. How can this be happening? Am I spamming in my sleep? Is it possible that someone has hacked into my email account, or is there another explanation?” Read on for the most likely answers to this mystery... |
Your Friends Think You’re Spamming Them?
For some reason, writing that headline triggered a memory from my youth. As a teen, I used to devour every monthly issue of Reader's Digest. At the bottom of the cover page, there was a line that said "Have You an Amusing Anecdote?". If you knew what an anecdote was, and you had an amusing one to share, they'd pay you up to $200 if it was selected to be published. Nowadays, people share jokes for free, via endlessly forwarded emails, which sometimes end up in the Spam Folder. Pardon my digression, at least my slip isn't showing.
Are you getting replies to email messages that you never sent? Friends complaining that you're spamming them? Are you receiving "bounce" messages from email servers about messages to non-existent accounts that you don't recognize? Do you find messages in your junk-mail folder sent from yourself? If any of these things happens to you, you may be an unwitting spammer.
First, your email account may NOT have been hacked. Often, spammers "spoof" their victims by inserting a random email address in the "From" field of their outbound spam. Spammers use mass emailing software that can insert any desired email address as the sender, and pretend to be "you" even if they're half a world away. Bounced messages that you don't recall sending are probably such spoofs. These spammers are misappropriating your email address, but they don't have access to your email inbox or contacts. They may have gotten your email address from one of those massive data breaches that happen regularly. Or you might have handed it over, by entering a contest, posting it on a message board, or playing a game on Facebook. (Visit Have I Been Pwned? to see if your email address was compromised in a data breach.)
Okay, let's assume the unwanted email is a forgery, and your inbox is secure. Still, that's no reason to relax. You may find yourself on a blacklist if hundreds or thousands of people receive annoying spam ostensibly from your email address. Google's GMail is one email service provider that authenticates all the mail that is really sent from your address, so that receiving email servers won't block all mail from your address. Spoofing is a form of identity theft, and it should be reported as such to your email service provider. Your email service provider may be able to implement protections for your email address.
If your email address is blacklisted by another email service or internet service provider, you may not be able to send messages to people who use that provider. For example, you might be a Comcast user, and your emails to Mom (who uses Gmail) are being returned with messages like this:
Usually, you can contact the administrators and explain that your address was spoofed. In many cases, they will unblock you. If you can't find an appropriate link in the bounce message or on their website, send an email to "postmaster" at that domain.
Have You Been Hacked?
If your contacts are getting spam from you, then it's possible your email account may have been hacked. The first thing to do is attempt to log in to your email account. Spammers may change a hacked account's password, so if you cannot get into your own account that is a good sign that you have been hacked. You will have to go through the "forgot password" re-authentication process for your email provider, to establish your ownership of the account and regain access.
If you regain control of your email account, the first thing you should do is change all of the user-authentication information. Create a new (hopefully stronger) password, and if available, change the answers to your challenge questions. Even better, turn on two-factor authentication for your account. Did you know that when two-factor authentication is turned on, a third party cannot login to your account, even if they have your password?
For help creating a secure password, or to learn about two-factor authentication, see my related articles How Hackable is Your Password? and [DIGITAL LOCKDOWN] Authenticator Apps Protect Your Accounts.
If you cannot regain access to your email account, then you will have to abandon it. Create a new email account and start all over again. This is why you should make a backup copy of your contacts (and your emails) on a regular basis. Of course, in either case you will also have to explain to all of your contacts that the spam did not come from you. (And if they did buy that cheap Rolex, it's probably fake.)
If you suspect foul play, I recommend that you check your account settings to see if there are any rules or filters in place that could automatically forward or reply to emails. In addition, check for a way to review recent login attempts and account activity. If you use Gmail, look for the "Last account activity" message on the bottom right of your inbox, and click the Details link there. For Microsoft accounts, use the Recent activity page.
It's also possible that your email account was hijacked by an evil spamming robot (malware) on your computer. Whenever you suspect that your email account has been compromised, you should run a full scan using your favorite anti-virus tool. Do you have something to add to this topic? Post your comment or question below...
This article was posted by Bob Rankin on 5 Feb 2024
| For Fun: Buy Bob a Snickers. |
 |
Prev Article: Geekly Update - 01 February 2024 |
The Top Twenty |
Next Article: Geekly Update - 07 February 2024 |
 |
Post your Comments, Questions or Suggestions
|
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- The Curious Case of the Accidental Spammer (Posted: 5 Feb 2024)
Source: https://askbobrankin.com/the_curious_case_of_the_accidental_spammer.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "The Curious Case of the Accidental Spammer"
Posted by:
Gabor Menkes
05 Feb 2024
My e-mail account has not been hijacked (as far as I can tell), but my e-mail address is known to so many spammers, that I occasionally get a spam e-mail that was alledgedly sent by myself ...
Posted by:
Bob K
05 Feb 2024
Having a SPF record set up for your domain name (if you can!) will help on things like Gabor mentions.
Not all email servers bother to check for SPF records, but some do. There was a group in Germany sending spam out, as if from me. After setting a SPF up -- that stopped.
Posted by:
Ed P
05 Feb 2024
I send emails of interest to some 20 friends. These include jokes and also articles that don't agree with the establishment (ie Google) ideas. When I send these emails, the ones to gmail recipients sometimes do not arrive and are marked as spam. Those to non-gmail accounts get through.
I have also confirmed that I have compared searches using "duckduckgo" to "google" showing me that Google manipulates everything it doesn't agree with its agenda.
Posted by:
BaliRob
06 Feb 2024
This can happen quite easily - same happened to me when Yahoo was hacked to the tune of 500,000 accounts.
Posted by:
Dave
06 Feb 2024
I have the same problems with Telstra BigPond in Australia, emails I send that they don't like, I get a undeliverable: Digital ID alert, your message did not reach some or all of your intended recipients, and in all cases it is all of the selected recipients.