Why Am I Getting Spam from Myself?

Your Answer

Sign up or log in Sign up using Google Sign up using Facebook Sign up using Email and Password

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

Video

Why you’re getting it

When you see your own address spoofed in the From: field of spam, it’s generally happening for one of two reasons:

  • They’re trying to spam you, and know it’s unlikely you’ll block email from yourself. In fact, as you’ve seen, it’s not even always possible — but I’d consider it a bad idea, even if you could. It would prevent legitimate email from reaching you.
  • They’re trying to spam someone else, and what you’re seeing is a bounce message indicating that the original spam was rejected by its intended recipient. Since the email looks like it came from you, you get the bounce message.

Now, as to why the “someone@somedomain.com <myemail@outlook.com>”, where the two email addresses don’t match, or the more common “Name <myemail@outlook.com>”, where the name is obviously unrelated to the email address, I can only speculate. My guess is it’s either intentionally confusing, to boost the chance recipients will open the email, or a side effect of the tools spammers use, which may not be able to put together a proper name/email address pair.

Use DoNotPay to Stop Junk Mail From Your Own Email Address

Whether you want  to stop receiving unwanted email

Whether you want to stop receiving unwanted emails from your email address or to stop spam emails altogether, DoNotPay can help. 

DoNotPay is the first virtual lawyer in the world, and its new feature—the Spam Collector—will block anyone from sending you spam emails, even if those emails appear to be coming from your email address. 

Here is how to get your revenge on spam emails with our app:

  1. Open DoNotPay in your web browser
  2. Click on the Spam Collector option
  3. Enter your email address to connect it with DoNotPay
  4. Forward the next email you receive to spam@donotpay.com 

Once you complete all the steps, you won’t get any more emails from that sender anymore. DoNotPay will also notify you if there is a class action against the sender. Look for the flag in the Spam Collector tab on your DoNotPay dashboard, and if there is an active class action, you can add yourself to it.

What Email Services Do to Combat the Problem

This email appeared to come from our personal addr
This email appeared to come from our personal address, but a look at the headers reveals this is a simple email change trick.

The fact that anyone can fake a return email address so easily is not a new problem. And email providers don’t want to annoy you with spam, so tools were developed to combat the issue.

The first was the Sender Policy Framework (SPF), and it works with some basic principles. Every email domain comes with a set of Domain Name System (DNS) records, which are used to direct traffic to the correct hosting server or computer. An SPF record works with the DNS record. When you send an email, the receiving service compares your provided domain address (@gmail.com) with your origin IP and the SPF record to make sure they match. If you send an email from a Gmail address, that email should also show that it originated from a Gmail-controlled device.

Unfortunately, SPF alone doesn’t solve the problem. Someone needs to maintain SPF records properly at each domain, which doesn’t always happen. It’s also easy for scammers to work around this problem. When you receive an email, you might only see a name instead of an email address. Spammers fill in one email address for the actual name and another for the sending address that matches an SPF record. So, you won’t see it as spam and neither will SPF.

Companies must also decide what to do with SPF results. Most often, they settle for letting emails through rather than risking the system not delivering a critical message. SPF doesn’t have a set of rules regarding what to do with the information; it just provides the results of a check.

Advertisement

To address these issues, Microsoft, Google, and others introduced the Domain-based Message Authentication, Reporting, and Conformance (DMARC) validation system. It works with SPF to create rules for what to do with emails flagged as potential spam. DMARC first checks the SPF scan. If that fails, it stops the message from going through, unless it’s configured otherwise by an administrator. Even if an SPF passes, DMARC checks that the email address shown in the “From:” field matches the domain the email came from (this is called alignment).

Unfortunately, even with backing from Microsoft, Facebook, and Google, DMARC still isn’t widely used. If you have an Outlook.com or Gmail.com address, you’re likely benefitting from DMARC. However, by late 2017, only 39 of the Fortune 500 companies had implemented the validation service.

Tags

Leave a Reply

Your email address will not be published.