A word on email spoofing

By | October 19, 2008

Email spoofing is a technique used by spammers to alter the originating email address to appear as though it came from some other address (could be your own). I’ve recently been subjected to one of these episodes, during which my email got flooded with tons of spam from a spoofed email address (belonging to me). The problem of email spoofing is relatively common, and is usually due to either an infected computer or bots seeking out new addresses. Sometimes malicious bots doing some random scanning on the Web may pick up on an email address and even use them to mass target other email addresses in the address book, and that is when you get a big spike in spam that seems to be coming from yourself.

That was what happened to me personally, about a few weeks ago, when one of my sites registered 200% more page views (and which I thought was good), until I checked my email and found the bulk mail flooded by 1500+ spam messages overnight, which apparently was a case of spam being generated by spoofing my site’s email (and directed back to me). Some of it even overflowed into my inbox, despite all the filters. It was getting to be a big problem, to the point I had to delete off the spoofed email that was being targeted, which eventually stopped the flood.

Although many email spam filters are able to detect spam if it is coming from the same email address – it can still be annoying and potentially dangerous. Spammers try to trick you into believing that the email genuinely came from some spoof site and if you click on the links, will either take you to a phishing site or a Trojan laden page.

What do you do if the “From” email address is yours? Apparently, there is NOT much you can do, but it is important to make sure the spam is not originating from your machine due to a virus/malware infection. An infected computer may enable a malicious program to hijack your email address book and resend itself to each address in there. That may make you look like a spammer.

4 things to remember if you’re dealing with a deluge of spam from spoofed emails that seem to be coming from yourself or somewhere else:

  • Change your email password. A tip is to try looking in the sent folder, and see if you find any emails being sent recently, in there. If yes, it is a sign that your email account has been compromised. Changing passwords (on a secure computer) is highly essential. Of course, an email hacker might have deleted all the sent emails, so you may not suspect anything. Change your passwords, anyway.
  • You should scan your PC with an antivirus program if you’re using a local email client like Outlook, and if the spoofed emails are coming from a domain you own, try to get the server housing your domain scanned as well, if that is possible. Many spam programs are not really hard to detect, because they often reside in specific locations on your computer, and are not so small as to be untraceable. Periodic malware scanning is always useful.
  • Delete off the email that is being spoofed, and create a new one if necessary. In my case, it completely eradicated the spam emails, once I had that email address that was being spoofed, deleted. Of course, this is the worst case scenario – but it works.
  • Whatever you do, try not to open the junk emails; just trash them all. Don’t even try to “unsubscribe” from the spam, because it shows the spammers that your email is active and used.

How do you trace the sender of the spoof emails? Even after all these years there is no practical way to trace the senders, although it’s possible, just not practical when you have so many spammers to deal with daily. By the way, Gmail probably have the best filters in the email business, surpassing Yahoo. Gmail only let slip about less than 50 out of 1500+ spam mails (< 3%). As for Hotmail, it is not even close.

Spread the love