I just got junk email … from me!
It is surprisingly common for users to receive Spam email messages that appear to come from their own address (i.e. “firstname.lastname@example.org” gets a Spam email addressed so it appears to be from “email@example.com”). We discussed this issue tangentially in a previous posting: Bounce Back & BackScatter Spam – “Who Stole My Email Address”? However, many users wonder how this is even possible, while others are concerned if their Spam filters are not catching these messages.
How can Spammers use your email address to send Spam?
The way that email works at a fundamental level, there is very little validation performed on the apparent identity of the “Sender” of an email. Just as you could mail a letter at the post office and write any return address on it, a Spammer can compose and send an email address with any “From” email address and name. This is in fact extremely easy to do, and Spammers use this facility with almost every message that they send.
Read the rest of this post »