I've recently gotten an email from a spammer sent using my own email address. Yes, the "from" line is my address. How do they do it? They hacked my password? Or is there some other way to spoof?
I've recently gotten an email from a spammer sent using my own email address. Yes, the "from" line is my address. How do they do it? They hacked my password? Or is there some other way to spoof?
Send the email through a non affiliated website? I dunno I've gotten mail from myself, granted I sent them. CL links and links from here are the most common, I don't have email access at work. so I just fire of a pm to myself. cl does the same thing. dunno how else it can be done.
I get them all the time, it seems a lot of them are supposedly coming from my old email address. I don't really get what they're trying to do...since I never email myself about Cialis, it makes them pretty easy to spot. 
stuart in mn wrote: since I never email myself about Cialis, it makes them pretty easy to spot. Cause when I'm using Cialis I'm too busy to email anybody
FIXED
I tried to set up a filter to automatically delete them in my Gmail account, but then all my sent mail goes into the the junk mail instead of the sent items folder.
The day I buy a fake Rolex knockoff or some pills to increase my manhood from myself via an unsolicited email is the day I need to never use a computer again.
Sending an email with any email address is pretty simple as the protocol used by email doesn't provide for verified senders unless you're using some extensions that most people don't. If you know what you're doing it's very easy to send an email from billg@microsoft.com - spammers are using that trick to circumvent certain types of filters because some people setting up the filters assume that email coming from them/their domain is "good" automatically.
They're also a bit of a pain to filter if you've got mobile users that might send legitmately send emails from other servers...
Here's something I've often wondered. What good does it do to send an ad from an address other than your own? If people can't respond to the ad then what's the use?
Shown sender address means absolutely nothing and is very very easily spoofed (Ie typed in the "Send From" field)
but, you will notice if you hit reply, it goes to the "True" sender
Well, here's the body of the email. Nothing suspicious here, huh? 
Apparently, there is a market of shiny happy people that have nothing better to do than "chat" with some anonymous berkeley that has randomly emailed them with their own email address. Otherwise, I guess they wouldn't do it.
Good Day...
I was wondering if you might like to chat with me? I found your profile online and would like to get to know you better. Please email me back India@email-mailbox.com
Grtechguy wrote: Shown sender address means absolutely nothing and is very very easily spoofed (Ie typed in the "Send From" field) but, you will notice if you hit reply, it goes to the "True" sender
Actually, when I hit "reply", or "reply to all", my address is the only one that shows up.
google anonymous emailers....you'll get the idea
Yeah, I figured as much. It is amazing what lengths these shiny happy people will go to just for the POSSIBILITY of a bite. It must pay off big every once in a while.
The funny thing is, that makes their email all the easier to filter out...
Grtechguy wrote: Shown sender address means absolutely nothing and is very very easily spoofed (Ie typed in the "Send From" field) but, you will notice if you hit reply, it goes to the "True" sender
When I hit Bounce it always comes back to be saying that's not a valid email addy which is why I asked the question. It seems not to go back to them.
Just so's ya know, they can tell when you have opened the e-mail. They don't need you to reply to verify your address is valid. 
EastCoastMojo wrote: Just so's ya know, they can tell when you have opened the e-mail. They don't need you to reply to verify your address is valid.
This is only true if the email contains a linked image file; they get information when your system accesses their server to load the image (most likely just a single pixel). If the email is 100% text, or you're set up to not display images (default in Outlook, gmail, and others), this isn't a concern.
As was said, spoofing return addresses for email is incredibly easy. It's exactly the same as "spoofing" the return address on a peice of snail mail, you just write someone else's return address in the appropriate field.
Regarding the "why", it's because certain spam filters have to whitelist your own domain or your own address to preserve mail flow. By appearing to be sent from a whitelisted address, it bypasses any filtering and goes straight to your inbox.
For the record, I do anti-spam professionally.
Fortunately the Mail program with the Mac doesn't require me to open spam to bounce. And once it's marked as Junk I can open it without it accessing the sender's sight.
My old email address was the same from the mid 90's to a couple years ago. I had a rule to just delete anything from me, as I would have remembered if I was email myself something. When I was getting 300 spams a day, I gave up and got my own domain. I set up a series of addresses, one for forums, Esprits, Europas, Locosts, etc. at my domain. When one gets released to the wild, I blow that one away and start a new one. I think the Locost list picked up a spammer that harvested the addresses.
Ya know, all the spammers could be caught, tried, executed, etc. very easily if the feds wanted to. But they don't care. Why?
Here's how you catch them: Take that blue pill email, click on the link, send them ten bucks. Track that ten bucks to the pocket it goes into. Arrest that person. Play back the logs on everything that person's IP sent/received and the outgoing on their bank accounts, sweat that person (and I use the term "person" loosely) and find out who they sent money to for the spam. Track that money, pick up the spammer or get the alphabet boys to cap him. Done. Do that to 3-4 spammers and there won't be anymore spam. They could also just put them in prison for a very long time while they think about what to do with them, for the squeemish who don't think spammers deserve death. I mean, it isn't like the feds don't have everything in place to do exactly what I described. There is just a reason they let it continue.
Dr. Hess wrote: ...Here's how you catch them: ....
Could probably work in the US, but I suspect most of these guys are offshore. If they aren't, they soon would be after a few catches.
BTW the use of multiple addresses is a good idea, I do a similar thing.
You'll need to log in to post.
