Hey, Are You an Accidental Spammer?
An anxious AskBob reader says: “Several of my email friends are complaining that I’m sending them spam emails. I’ve looked in my Sent folder and nothing odd shows up there. How can this be happening? Is it possible that someone has hacked into my email account, or is there another explanation?” Read on for the most likely answers to this mystery... |
Your Friends Think You’re Spamming Them?
For some reason, writing that headline triggered a memory from my youth. As a teen, I used to devour every monthly issue of Reader's Digest. At the bottom of the cover page, there was a line that said "Have You an Amusing Anecdote?". If you knew what an anecdote was, and you had an amusing one to share, they'd pay you up to $200 if it was selected to be published. Nowadays, people share jokes for free, via endlessly forwarded emails, which sometimes end up in the Spam Folder. Pardon my digression, at least my slip isn't showing.
Are you getting replies to email messages that you never sent? Friends complaining that you're spamming them? Are you receiving "bounce" messages from email servers about messages to non-existent accounts that you don't recognize? Do you find messages in your junk-mail folder sent from yourself? If any of these things happens to you, you may be an unwitting spammer.
First, your email account may NOT have been hacked. Often, spammers "spoof" their victims by inserting a random email address in the "From" field of their outbound spam. Spammers use mass emailing software that can insert any desired email address as the sender, and pretend to be "you" even if they're half a world away. Bounced messages that you don't recall sending are probably such spoofs. These spammers are misappropriating your email address, but they don't have access to your email inbox or contacts. They may have gotten your email address from one of those massive data breaches that happen regularly. Or you might have handed it over, by entering a contest, or playing a game on Facebook.
Okay, let's assume the unwanted email is a forgery, and your inbox is secure. Still, that's no reason to relax. You may find yourself on a blacklist if hundreds or thousands of people receive annoying spam ostensibly from your email address. Google's GMail is one email service provider that authenticates all the mail that is really sent from your address, so that receiving email servers won't block all mail from your address. Spoofing is a form of identity theft, and it should be reported as such to your email service provider. Your email service provider may be able to implement protections for your email address.
If your email address is blacklisted by another email service or internet service provider, you may not be able to send messages to people who use that provider. For example, you might be a Comcast user, and your emails to Mom (who uses Gmail) are being returned with messages like this:
Usually, you can contact the administrators and explain that your address was spoofed. In many cases, they will unblock you. If you can't find an appropriate link in the bounce message or on their website, send an email to "postmaster" at that domain.
Have You Been Hacked?
If your contacts are getting spam from you, then it's possible your email account may have been hacked. The first thing to do is attempt to log in to your email account. Often, spammers will change a hacked account's password, so if you cannot get into your own account that is a good sign that you have been hacked. You will have to go through the "forgot password" re-authentication process for your email provider, to establish your ownership of the account and regain access.
If you regain control of your email account, the first thing you should do is change all of the user-authentication information. Create a new (hopefully stronger) password, and if available, change the answers to your challenge questions. Even better, turn on two-factor authentication for your account. Did you know that when two-factor authentication is turned on, a third party cannot login to your account, even if they have your password?
For help creating a secure password, or to learn about two-factor authentication, see my related articles How Hackable is Your Password? and [DIGITAL LOCKDOWN] Authenticator Apps Protect Your Accounts
If you cannot regain access to your email account, then you will have to abandon it. Create a new email account and start all over again. This is why you should make a backup copy of your contacts (and your emails) on a regular basis. Of course, in either case you will also have to explain to all of your contacts that the spam did not come from you. (And if they did buy that cheap Rolex, it's probably fake.)
It's also possible that your email account was hijacked by an evil spamming robot (malware) on your computer. Whenever you suspect that your email account has been compromised, you should run a full scan using your favorite anti-virus tool. Do you have something to add to this topic? Post your comment or question below...
This article was posted by Bob Rankin on 24 Mar 2022
For Fun: Buy Bob a Snickers. |
![]() |
Prev Article: Geekly Update - 23 March 2022 |
![]() The Top Twenty |
Next Article: It's Coming... World Backup Day 2022 |
![]() |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved Privacy Policy RSS/XML |
Article information: AskBobRankin -- Hey, Are You an Accidental Spammer? (Posted: 24 Mar 2022)
Source: https://askbobrankin.com/hey_are_you_an_accidental_spammer.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Hey, Are You an Accidental Spammer?"
Posted by:
Charley
24 Mar 2022
One additional thing that happens is that the spammer gets a copy of an email message. The spammer then uses one of the email addresses they find in that message (the from address, the to addresses, the cc addresses, etc.) as the "from" address in the spams that they send. And they send the spams to all the other email addresses in that message. So your friends get an email that looks like it came from you and appears to have only been sent to friends of yours. I have seen this happen many times (fortunately not using my email address). As Bob said, it doesn't mean that your email has been compromised but you should login and check.
If I am at all suspicious of an email I receive, I know enough how to look at all the headers and other info to see whether it really was sent from the sender. But that does require some technical knowledge of the email protocols and header formats.
Posted by:
PDSterling
24 Mar 2022
FWIW, I get annoyed with people who constantly hit REPLY ALL, so I get 1 email which I casually blow off, then get 11 more chiming in with their 2d.
Posted by:
Bob K
24 Mar 2022
Is there any law against using an email address that isn't yours?
I have a problem with one individual, that doesn't have any internet service, that when asked for an email address, gives them mine.
That has, over the years, made my email address essentially unusable.
These days, if I do a lookup on my email address, it will come back pointing to this other individual.
Posted by:
Geoff
24 Mar 2022
This happened to me many years ago, but since I have given up on the human race and deleted most people from my address book it hasn't happened again. People can be so horrible at times. and the more people I meet the more I like my dog and cat.
Posted by:
Stephen
24 Mar 2022
I have my own domain and I always look at the incoming mail via the web version first rather than Thunderbird. So I hover over the from info and if it says it's coming from Bob Rankin, is it actually coming from his address? So far, good news, nobody has tried to say they are him. But I used to have one of those free accounts at log me in (until they got rid of the freebies). Every so often an email comes in to my address I used for that account and of course it's not coming from log me in, but somebody else. I mark it as spam right away.
The nice thing about having one's own domain for email is that with the catch-all function, I can create email addresses on the fly with the appropriate value so when I get a msg from them I can see that the from matches my address for them (yes, I have to keep track, but it's not like I'm using xyzabc [at] mydomain for Bob's address.
Here's another problem that pops up sometimes and would be worth an investigation:
) with the subject of (your subject line) matches a profile the Internet community may consider spam. Please revise your message before resending.
554 5.0.0 Service unavailable
Posted by:
Ernest N. Wilcox Jr.
24 Mar 2022
Bob K., Tell the individual you mention in your post to stop using your email address. (S)He can set up his/her own email address with gmail or outlook.com for free, and (s)he can go to a coffee shop for free Internet for the price of a cup of coffee (or just park outside) to check his/her email.
There is a local ISP in my town that offers free broadband Internet access (it has only about 2mbps, but it is free) for low-income households. The above-mentioned individual can go to a local coffee shop and search for "free Internet " to find an ISP that provides free Internet services in your area.
As for the broader issue of having your email hacked/spoofed, don't wait until it happens. Set up 2FA NOW so this is much less likely to happen to you. I have a gmail account, and an outlook.com account. Both have 2FA enabled. After getting everything set up, I can still use the Windows 11 mail app to access both accounts, and NOT have to use my phone to authorize access (after initially setting up the accounts in the app).
I don't know if there is anything that can be done to prevent an email account address from being spoofed (I haven't researched that yet) but setting up 2FA for any email accounts you have that support it will prevent black-haters and malware from taking over those accounts.
My2Cents,
Ernie
Posted by:
Ann Onymous
25 Mar 2022
Many years ago after a trip to New Zealand my husband and I began receiving emails from strangers there complaining about emails they had received from us which we had not sent.
The only way we could explain it was that someone had harvested our email address from a computer we had used at one of the Internet cafes on our trip.
After that we ended Internet cafe usage by deleting our history from any computer we used.
Posted by:
Sunshine Kid
25 Mar 2022
Many of the above happen when you forward emails to everybody using the TO: or CC: blocks instead of the BCC: (Blind Carbon Copy) block. When you use the BCC: the recipient of your email only sees the one address, not everyone else's. And you never know when an unscrupulous or just lazy person forwards YOUR email address to everyone else on their contact list so that somewhere down the line, someone makes use of your email address to pretend to be you and ask for funds or attempts to defraud you and your friends by such tactics, as just happened recently to the President of the Fleet Reserve Association (name withheld).
NOW you know why I always request that my email never be placed in anything sent by the TO: or CC: block.
Posted by:
Omar F.
25 Mar 2022
Sunshine Kid: I totally agree. I have to tell others NOT to use CC: but BCC: for that reason you state.
Posted by:
Steve Kohn
26 Mar 2022
"As a teen, I used to devour every monthly issue of Reader's Digest."
You too? I thought I was the only weird kid like that. When about 10 I went door to door one summer in our neighborhood asking for old copies. This would have been the late 1950s, when the RD was in its prime. Some houses, I struck gold.
EDITOR'S NOTE: I still have a subscription, and read it cover to cover. :-)
Posted by:
Ed
26 Mar 2022
Several years ago my email was shut off from my isp. When I called and asked what was up, initially they were pretty short with me on the phone but then after pushing back rather harshly, they backed off a bit and then realized that I didn't actually send out 5 million emails from my acct. They then realized that there was a problem on their end and proceeded to fix it and restore my access. I just chocked it up to typical computer technology, sometimes it works and sometimes it just doesn't. I actually laughed when they told me why my account was shut off according to their records. But as I just said, sometimes it just doesn't work or work correctly that is. I firmly believe from experience that computer technology only works correctly ""THE FIRST TIME YOU DO SOMETHING"" only about 70% of the time. Think about how many times you tap, swipe or click and you have to do it again. If it is more than once, it is not working correctly.