How do spammers send from my email address

[GraemeL]

Hello.

I get occasional spam type emails sent to my email address that looks like its been sent from my address. So I cannot then block the sender.

How do they make it look like I am sending an email to myself?

Only asking this out of curiousily so if its really technical, just say so!

Thanks

Graeme

 

[fisicx]

Email spoofing. Easy to do

Email spoofing - Wikipedia

en.wikipedia.org

 

[johndon68]

Have a read of this:

Email spoofing: how attackers impersonate legitimate senders

This article analyzes different ways of the spoofing email addresses through changing the From header, which provides information about the sender's name and address.

securelist.com

 

[Kerwin]

You probably want to use SPF, DKIM and DMARC on the domains you use for email.

 

[forevergroup]

It's easy to configure a server to send email on behalf of another domain.

Disclaimer: Yes this is a technical subject, but I'll provide the guidance anyway for your potential interest and those of other forum users.

As only you control the domain, there are numerous mechanisms to help enforce the authority of your genuine sending sources vs. malicious/spam sources.

These are usually sufficient to instruct recipient email services to at worst 'Junk Folder' the email or at best reject the email.

For example, we tend to configure customer email security systems to reject or quarantine email that is received from non-SPF-compliant sources, pending our further investigation.

Why? 91%-94% of targeted cyber-attacks start with malicious email. Your case is a good example of the sheer prevalence of this.

Resolution:

- Use an SPF record on your domain with a -all (hard fail) instruction to clarify for the internet what your approved sending sources are with no deviation.

- Use DKIM if available with your email solution, to add a signature to outbound email that is only attributable to you as a sender.

- Use DMARC on your domain to instruct recipients to quarantine, reject, and/or report email that is received that does not comply with either of these mechanisms.

- Use advanced security email gateways or API-integrated security solutions that look for impersonation protection or user/domain spoofing attacks specifically. This is important because sometimes attackers can be clever and use typosquatting e.g. using domains that are similar to yours but not exactly the same - or use email addresses from alternative domains but in the names of your users.

 

[Russ Michaels]

its called spoofing.
It happens because you have not properly aligned your domain and set up authentication. Virtually nobody does this, as they don't know about it, which is why this is such a huge problem.

You need to setup your dkim, spf and dmarc records properly.
Then you need to setup dmarc monitoring and make sure that everything is working properly, and when you are sure all your legit emails are properly authenticated, you set your dmarc policy to REJECT all other emails.

If you are interested in getting all of this done for you, feel free to get in touch.

 

[ctrlbrk]

its called spoofing.
It happens because you have not properly aligned your domain and set up authentication. Virtually nobody does this, as they don't know about it, which is why this is such a huge problem.

I get spoofed emails appearing to come from Microsoft (not talking about the "Name", talking about the email address itself).

Has Microsoft not properly aligned their domains and set up authentication?

 

[Kerwin]

I get spoofed emails appearing to come from Microsoft (not talking about the "Name", talking about the email address itself).

Has Microsoft not properly aligned their domains and set up authentication?

Can you give an example of an email address used (or at least the domain name)?

 

[Russ Michaels]

Can you give an example of an email address used (or at least the domain name)?

I get spoofed emails appearing to come from Microsoft (not talking about the "Name", talking about the email address itself).

Has Microsoft not properly aligned their domains and set up authentication?

well this is also depends on your own email provider and how they process incoming emails.

the recipient's mail server is supposed to check the SPF and DKIM records and then follow the policy defined in the dmarc record. Which is what stops the spoofed emails getting through.
If your provider isn;t doing this, then they suck and are just allowing all spam, spoofed emails and probably more through.

however if you check the email headers, it is more likley that the emails ARE NOT coming from microsoft.com at all, but some other domain with the word microsoft in it.

 

[ctrlbrk]

Can you give an example of an email address used (or at least the domain name)?

[email protected]

 

[ctrlbrk]

well this is also depends on your own email provider and how they process incoming emails.

that's still Microsoft. It's a live.com/Outlook account

 

[Kerwin]

[email protected]

Hmm. That is very strange. Sorry, I can't be of more help.

 

[thinkfast]

Hello.

I get occasional spam type emails sent to my email address that looks like its been sent from my address. So I cannot then block the sender.

How do they make it look like I am sending an email to myself?

Only asking this out of curiousily so if its really technical, just say so!

Thanks

Graeme

I think they are using PHP or something like script. We just have to define in script sender email and receiver email .... If you are using same email in both then mail will got to inbox by same emai address.

I receive also this types of email and generally message will be "Your email account hack. To restore send us bitcoin.".