Friday, January 22, 11:47
Home how To Why are you receiving spam from your email address?

Why are you receiving spam from your email address?

Have you ever opened a spam mail, which seemed to be the sender's own email? You are not the only one.

Creating email addresses is called spoofing (forgery), is usually aimed at spam or blackmail and, unfortunately, there are few things you can do about it.

How spammers fake your email


Spoofing is the act of spoofing an e-mail address so that it appears to be from someone else, and not from the person who sent it. Often, this technique is used to trick you into thinking that the e-mail came from someone you know or from the business you are working in, or from your bank or other financial service.

Unfortunately, email spoofing is incredibly easy. Email systems often do not have security checks to ensure that the email address you enter in the "From:" field really belongs to you. It's more or less like a letter you give in the mail. You can write anything you want in the "Sender" point, if you do not care that the post office will not be able to return the letter to you. The mail has no way of knowing if you really live at the sender's address where you indicate in the envelope.

Email spoofing works similarly. Some online services, such as Outlook.com, pay attention to the "From:" address when sending an email and may prevent you from sending something with a fake address. However, some tools allow you to complete anything you want. It's as easy as setting up your own email server (SMTP). What spammers need is your email address, which they are likely to buy on the dark web, due to some data breach.

Why do scammers forge your address?


Your scammers send emails that appear to come from your address, basically for one of two reasons below. THE first reason is the hope that they will bypass spam protection. They estimate that you probably get used to sending emails to yourself, maybe to remind you of an important event, and you would not want that message to be classified as spam.

So, scammers hope that using your address, your junk mail filters will not stop their message and let it pass. There are tools to detect an email message sent by a domain other than the one that claims to be, but the email provider must implement them and, unfortunately, many do not.

Ο second reason for which scammers are falsifying your email address is to gain a sense of authenticity. It is not uncommon for a forged email to claim that your account is compromised. The fact that "you sent this e-mail" serves as proof of hacker access. They may also include a code or phone number taken from a compromised database as further evidence.

The scammer usually claims to have "spicy" information about you or pictures taken by your camera while browsing adult websites. It then threatens to hand over the data to your nearest contacts, unless you pay a ransom. Sounds believable at first. And with a sender you seem to have access to your email account.

What e-mail services do to troubleshoot the problem


The fact that someone can forge an email address so easily is not a new problem. Because email providers do not want to bother you with spam, they have developed tools to combat the problem.

The first was the Sender Policy Framework ή SPF (Sender Policy Box) and works with some basic principles. Each e-mail domain is accompanied by a set of Domain Name System (DNS) system entries that are used for direct traffic to the correct server or host server. An SPF record works with the DNS record.

You may be confused, so let's just say it more simplistically. When you send an email, the download service compares your email domain (eg @ gmail.com) with the source IP and the SPF record to make sure it matches. If you send an email from a Gmail address, this email should also indicate that it is from a Gmail-controlled device.

Unfortunately, only the SPF does not solve the problem. One must keep the SPF records properly in each domain, which is not always the case. It is also easy for fraudsters to deal with this problem. When you receive an e-mail, you may only see a name instead of an e-mail address. Spammers also fill in an email address for the real name and another for the shipping address corresponding to an SPF record. So it will not go to spam.

Companies also have to decide what to do with SPF results. Most of the time, they prefer to let all emails go instead of risking not passing a critical message. The SPF does not have a relevant set of rules with what to do with the information.

To address these issues, Microsoft, Google and other major companies introduced Domain-based Message Authentication, Reporting, and Conformance or abbreviated DMARC (Message validation, reporting and domain-based). It works with the SPF to create rules on what to do with emails that are marked as potential spam.

The DMARC first checks the SPF scan. If the control fails, it does not let the message pass unless it is configured differently by an administrator. Even if an SPF passes, the DMARC checks that the email address displayed in the "From:" field corresponds to the domain from which the email is coming.

Unfortunately, even with support from Microsoft, Facebook and Google, DMARC is still not widely used. If you have an Outlook.com or Gmail.com address, you are likely to benefit from DMARC. However, until the end of 2017, only 39 from Fortune 500 had implemented this validation service.

What you can do with spam emails that come from you


Unfortunately, there is no way to prevent spammers from violating your address. Hopefully, your email system also applies SPF and DMARC, and you will not see these targeted emails in your inbox. They should go straight to Spam (Spam).

If your email account gives you control over the spam options, you can tighten the rules. Just be aware that you may also lose some genuine messages, so be sure to check the spam folder frequently.

If you get a fake message from yourself, ignore it. Do not click on attachments or links and of course do not pay the required ransom. Just mark it as spam or phishing or delete it. If you are afraid that your accounts have been compromised, close them for security.

If you use the same password with other services, change them and give each service a new unique password. If you do not trust your memory with so many passwords, simply write them to a txt file stored on your computer or use a password manager.

And finally, depending on which email service you are using, learn how to see all the original email with all its details (headers, etc.) so you can see if it is spam or not.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

SecNews
SecNewshttps://www.secnews.gr
In a world without fences and walls, who needs Gates and Windows

LIVE NEWS

Sophos: "Iranian company behind MrbMiner crypto-mining botnet"!

Cybersecurity company Sophos says it has uncovered links between MrbMiner crypto-mining botnet operators and a small Iranian development company ...

A minor sued Twitter for not removing child pornography material

According to court documents, Twitter received a lawsuit as it allegedly refused to remove child pornography content from its site ....

Microsoft Edge will notify you if your password is compromised

A new built-in password generator and a possibility to monitor the credentials that have leaked to Windows and macOS systems, is released by ...

Teespring: Hacker leaked data of millions of its users!

A hacker leaked data on millions of registered Teespring users on January 17 - an online portal that allows users to create and ...

QNAP: New Dovecat crypto-miner infects NAS devices

QNAP has warned its customers about a new malware (crypto-miner) called Dovecat, which targets NAS (network-attached storage) devices ...

MyFreeCams: Two million files were stolen from the adult site

A database of the popular adult site MyFreeCams, has been leaked to a hacking forum, resulting in the data of its users to ...

FBI: Parler is called in to investigate the Capitol attack

Participants in the January 6 attack on the US Capitol are accused of their actions, as they seem to have published in Parler and ...

Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...
00:02:35

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...