Unauthorised use of my e-mail address?

Topic

New Reply

A few days ago, I received about 15 email messages informing me that for various reasons, messages I had sent (using Outlook 2010) had not been delivered. I had not sent any of these ‘undeliverable’ messages. There were no suspicious emails in my sent mail folder. I previewed some of these emails to see the mail route, and saw that my email address appeared in ‘envelope-from’, ‘message-ID’ and ‘Return-Path’ fields. Quite apparently some-one has used my email address in these emails.
Please note that I have a limited understanding of how email systems work. I wonder if my email address is being used as the ‘from’ address in emails that have been sent successfully. Is this possible? Is there anything I need to check at my computer to prevent this happening again, or is it all happening remotely from me and there is nothing I can do about it?
My system is a Dell SXPS 1340 laptop with Outlook 2010 running on a WIndows 7 64 bit operating system. Also running Kaspersky 2010 Internet Security Suite with email checking enabled.

Thanks, Geoff

Reply | Quote

Replies

Your email address can be in use by someone not yourself for a number of reasons. It may be possible that someone who had it in their contacts list was infected by a virus, for example. It may also be possible that your email address was harvested from a web page where you may have posted it and then used to send spam. Anyone can add an email account to an email client like Outlook, Thunderbird or similar, and use your email address as the sender. Also, any email sending program can do the same.

This basically means that most likely there are no security issues with your PC (even if you can run something like the free Malwarebytes antimalware on demand, to complement Kaspersky) and, unfortunately, there isn’t much you can do to avoid the repetition of that situation, other than not posting your email address on the web and not using it in places of doubtful reputation.

Reply | Quote

…….. Anyone can add an email account to an email client like Outlook, Thunderbird or similar, and use your email address as the sender. Also, any email sending program can do the same……………

Does the ‘anyone’ not need to have my password as well as my email address to send an email in my name?? I am surprised that my email can be used without my password. That is certainly not very secure.

I take great care with my email addresses. I choose which one to use depending on what I believe is the risk that I might receive Spam from the recipient of my email.

I understand that I may receive Spam if someone harvests my email address, but I am surprised that someone can send an email in my name without the account password. The only people who know my passwords are myself and the ISP. No passwords are stored on my computers.

Reply | Quote

Does the ‘anyone’ not need to have my password as well as my email address to send an email in my name?? I am surprised that my email can be used without my password. That is certainly not very secure.

I take great care with my email addresses. I choose which one to use depending on what I believe is the risk that I might receive Spam from the recipient of my email.

I understand that I may receive Spam if someone harvests my email address, but I am surprised that someone can send an email in my name without the account password. The only people who know my passwords are myself and the ISP. No passwords are stored on my computers.

The issue is that most email providers allow you to send email using the server access details for one valid account on the server, but with the sender details totally different from the details for the account they used for authentication. I could do it with any of the email providers I use.

They don’t need your password, because they are not using your account, just using your email address as the senders address. Unfortunately that’s allowed by most email server software.

Reply | Quote

With the “right” kind of software, it is trivial to impersonate any email address and manipulate the email headers.

Joe

--Joe

Reply | Quote

I would expect that if you just went and changed your email password, that the problem would go away.

Select a difficult to guess password containing some characters other than all letters and numbers (like #, %, ^, etc.).

Reply | Quote

I would expect that if you just went and changed your email password, that the problem would go away.

Select a difficult to guess password containing some characters other than all letters and numbers (like #, %, ^, etc.).

His email account is not being hacked, so how would a password change help?!

Reply | Quote

I would expect that if you just went and changed your email password, that the problem would go away.

Sadly that is not true, what the other posters have said is correct.

I got a day of such ‘undeliverable’ messages last week too, and every year I get spam from myself 3-4 times a year. Lasts a few days each time, nothing practical to be done.

Lugh.
~
Alienware Aurora R6; Win10 Home x64 1803; Office 365 x32
i7-7700; GeForce GTX 1060; 16GB DDR4 2400; 1TB SSD, 256GB SSD, 4TB HD

Reply | Quote

Thanks to all who replied giving me an insight into how easy it is for someone to use my email address in the Sender/Reply To fields. This is the first time I’ve posted in The Lounge and have appreciated the help.

I checked back to see how many of these unauthorised messages arrived in my Inbox – there were in fact 30 of them all on the same day. 26 of them had attachments which, of course, I stayed well clear of. I just hope that this doesn’t occur too often.

As mngerhold said, I’m sure that my PC hasn’t been turned into a bot. As stated in my original email, I run Kaspersky Internet Security. When these emails arrived I also ran a Malwarebytes scan – no problems.

Thanks again, Geoff

Reply | Quote

Faking the sender on an e-mail is essentially the same as sending a piece of postal mail and writing someone else’s name and address as the return address on the envelope. There’s no mechanism to prevent that from happening with postal mail … OR with e-mail.

Reply | Quote

Even Outlook allows this. If you look under account properties, you can set up any “reply to” email address you want to.

Reply | Quote

More than likely its a ruse to get you to go somewhere unsavoury – I got a batch of these the other day, and I’m pretty sure my PC hasn’t been turned into a bot. The message contained this:
===================
The original message was received at Sun, 10 Jul 2011 01:04:04 +0200 (CEST)
from 189104026046.user.veloxzone.com.br [189.104.26.46] (may be forged)

—– The following addresses had permanent fatal errors —–

—– Transcript of session follows —–
… Deferred: Operation timed out with mx2.mi.ingv.it.
Message could not be delivered for 5 days
Message will be deleted from queue
========================

but also contained 2 attachments, one of which was an email with a foreign-looking title, containing a link to a russian site (which I did not explore!). It seems someone has found my email address (not hard), and is trying some trick. I wouldn’t worry about it.

Reply | Quote

I also suffered from this problem. My resolution was to add my email address to my blocked emails list and now have not received any since. (This works as long as you don’t start sending yourself emails from the same address which I doubt you would do).

Reply | Quote