1. Nope. Anyone can send email with any address in the from address.
2. Nope. If they don’t stop pretty much the only option is to close the email account.
3. Unfortunately there isn’t any way to stop them from sending email from your email address.
4. Nope, there isn’t anything that they can do either.
*****added by Labnuke99****
Unfortunately there is not a lot that can be done about this other than ignore and delete the messages.
We have been seeing reports of these messages for years. There have also been cases of outside organizations asking about messages appearing to be sourced from our organization that are actually spoofed or forged FROM addresses. Here’s some more information about why this happens.
Email spoofing/forging may occur in different forms, but all have a similar result:
* a user receives email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).
Examples of spoofed email that could affect the security of your site include:
* email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this
* email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information
It is easy to spoof email because SMTP (Simple Mail Transfer Protocol) lacks authentication. Anyone can connect to the mail server at a site and (in accordance with that standard protocol) issue commands that will send email that appears to be from the address of the individual’s choice; this can be a valid email address or a fictitious address that is correctly formatted. So, someone could create a message appearing to come from an address but they never actually sent that message, nor does he know the recipient.
Analogy of a letter you get through the Postal Mail: A paper ENVELOPE TO: address can NOT be spoofed. This address is used to deliver to the correct recipient. However, the envelope’s FROM return address can be forged. Similarly, the FROM address in an email message CAN be spoofed.
Do not open attachments that you were not expecting, even if the sender appears to be someone you know or from what appears to be an official source.
You can also “munge” the e-mail addresses on your website to make them less likely to be harvested and used by spammers via spiders. Here’s some examples:
See this <a href=”http://www.mailmsg.com/SPAM_munging.htm”>site</a> for some suggestions.
See this article also <b><a href=”http://www.eweek.com/c/a/Security/Backscatter-Spam-is-Back/?kc=EWKNLSTE040808STR5″>Backscatter Spam Is Back</a></b>