FutureQuest, Inc. FutureQuest, Inc. FutureQuest, Inc.
Knowledgebase: Email
Someone else using my email address?
Posted on 10 January 2004 01:51 AM
Question:

When I checked my e-mail box (user@mydomain.tld) there were some e-mails from unknown@mydomain.tld and marketing@mydomain.tld (one was a delivery failure notice). None of these have anything to do with me. Does this mean that someone has access to my email account? Do I need to do something with my security....and what can I do to stop them?

Answer:

Unfortunately, it is trivial for someone with the proper software and/or knowledge to forge the From header in an email message. Most spammers would have software that would make this very easy for them to accomplish. Additionally, virus software authors would also be able to do this easily. It is becoming quite common for spammers to send out email with the From header set to match the recipient's email address. In addition, many innocent bystanders find their domain victimized and used by spammers as the "sender" of a spam email, resulting in all the bounce messages being directed to this innocent third party.

This does not mean that the spammer has access to your account, your mail server, or any of your other data or services.

You will need to examine the full email headers in order to find out where the email was sent from. The Received headers are usually the best indicator of the origin of the email.

For resources on accessing and analyzing email headers, the following tutorials will help, and also provide links to further resources:
Email_Spam_Prevention_and_Mgmt
Why does this spam look like I sent it?
How do I determine the source of an email?
How do I report spam?

Unless inspection of the email headers reveals that the emails were actually sent from your account, you most likely will not need to implement any additional security measures.

You may also find the following discussions in the Community Forums to be of interest:
http://www.FutureQuest.net/forums/showthread.php?s=&threadid=12416
http://www.FutureQuest.net/forums/showthread.php?s=&threadid=12302
http://www.FutureQuest.net/forums/showthread.php?s=&threadid=12130

To attempt to put a stop to the unauthorized use of your domain in these emails, you can try researching the origin of the email and reporting it to the appropriate service providers. Unfortunately, the success rate for this type of investigation and reporting is rather low. Many victims in similar situations simply filter, delete, and otherwise ignore these emails.

Hopefully this provides some reassurance.