Open in app

Sign in

Write

Sign in

Mastodon

How Spammers Send Email that Looks Like it Came from You

Leo Notenboom
Tech Ramblings
Published in
5 min readJan 8, 2018

“From” spoofing is how spammers send email that looks like it comes from you that you had nothing at all to do with. I’ll look at how its done.

OK, I know that spammers can send email spoofing the “From:” address to make it look like it came from me. But how? How do they gain access to my account to do that?

They don’t.

“From” spoofing means faking the “From:” address on an email to make it look like it came from you, and to do it, spammers don’t need access to your account at all.

In fact, I’d say that 99.99% of the time it has nothing at all to do with your account, and your account is quite safe.

They only need your email address.

While your email account and your email address are related, they are not necessarily the same thing.

Accounts versus Addresses

Let me say that again: your email address is one thing, and your email account is another.

  • Your email account is what you use to log in and gain access to the email you’ve received. In most cases, it’s also what you use to log in in order to be able to send email.
  • Your email address is the information that allows the email system to route messages to your inbox.

The two are related only to the extent that email routed to you using your email address is placed into the inbox accessed by your email account.

I have a more detailed article discussing the relationship here: What’s the Difference Between an Email Domain, an Email Account, and an Email Address?

To see how spammers get away with what they do, we start with a look at sending email.

Addresses, accounts and sending email

Let’s take a quick look at how you create an account in an email program like Microsoft Office’s Outlook.

When you add a new mail account, you provide three key pieces of information.

  • “Your Name:” Called the “display name”, this is used as the name that will be displayed on the “From:” line in emails you send. Normally you would want this to be your own name, but in reality, it can be whatever you like.
  • “Email address:” This is used as the email address that will be displayed on the “From:” line in emails you send. Normally, you would want this to be your email address, but in reality, it can be whatever you like.
  • “User Name:” Along with the password, this identifies you to the mail service, grants you access to your mail box for incoming mail, and authorizes you to send email.

“From” Spoofing

To send email appearing to be from someone else, all you need to do is create an email account in your favorite email program, and use your own email account information while specifying someone else’s email address.

And that — or its equivalent — is exactly what spammers do.

Where’d they get my email address?

So you might be asking yourself if they didn’t compromise your account, where did they get your email address?

Everywhere spammers get email addresses. Public postings, emails forwarded by friends without removing your email address, less-than-reputible companies, some kinds of bulletin board postings and more.

Basically spammers get your email address from wherever they can. They just don’t need your account to do it.

Caveats

Before you try spoofing email from Santa Claus yourself, there are a few catches:

  • Your email program might not support it. For example, most web email services don’t have a way to specify a different email address to send from, or if they do, they first require you to confirm you can access email sent to that address. However, sometimes you can connect to those same services using a desktop email program, like Microsoft Office Outlook as I’ve shown above, and configure it to do so.
  • Your email service might not support it. Some ISPs check the “From:” address on outgoing email to make sure it hasn’t been spoofed. Unfortunately, with the proliferation of custom domains, this approach is falling out of favor. For example, I might want to use the email account I have with my ISP to send email “From:” my askleo.com email address. The ISP has no way to know whether that’s a legitimate thing, or whether I’m a spammer spoofing that “From:” line.
  • It’s probably not anonymous. Yes, you can set the “From:” field to whatever you like, but you should be aware that other email headers (which you don’t normally see) may still identify the account you used to log in when you sent the email. Even if it’s not in the actual email headers, your ISP may well have logs that indicate which account sent the email.
  • It might be illegal. Depending on who you try to impersonate, your intent and the laws in your jurisdiction, it’s very possible that misrepresenting yourself in email could run afoul of the law.

Spammers don’t care, and bypass all that. They use so-called “botnets” or “zombies”, which act more like full-fledged mail servers than mail clients (Microsoft Office Outlook, Thunderbird, and so on). They completely bypass the need to log in by attempting to deliver email directly to the recipient’s email server. It’s pretty close to being anonymous, as the spam is exceedingly difficult to trace back to its origin.

The “From” spoofing take-away

There’s nothing special about the “From:” address. It’s just another field which, like the “To:” field, can be set to any value you like. By convention — and sometimes automatically — we set it to our own email address when we send mail, so that we get any responses. But there’s nothing that says it has to be that way.

And often there’s nothing that forces it to be that way.

Similarly, since it’s just a setting on outgoing email, seeing a particular “From:” address doesn’t imply any relationship to the actual account that would receive email that is sent to that address. Spammers don’t need access to the account to make it appear in a “From:” line — all they need to do is effectively to type it in the “From:” line. Nothing more.

That spam didn’t really come “From:” that address at all.

This article originally appeared on Ask Leo! where you’ll always find updates as well as the most vibrant discussion. For the latest, subscribe now to The Ask Leo! Newsletter and get a copy of The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition. This ebook will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.

Email
Spam

--

--

Leo Notenboom
Tech Ramblings

Written by Leo Notenboom

933 Followers
Editor for

Former software engineer at Microsoft for 18 years, now sharing my passions, answering questions & helping folks with technology. askleo.com (since 2003)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams