Mail address hijacking – spammer problem

49520 pts.
Email security
My website is hosted by and of course I have several email accounts via this site. I have recently been receving so many "daemon mailer" messages about rejected emails that I have not sent to recipients that I do not know that I had to temporarily suspend one of my email accounts. Furthermore, I receive emails from myself (!) that I have not sent about various spammer topics. I have sent numerous requests to my domain host for advice on how to stop this, if possible, but they have not been bothered to provide even a minimal response (nice tech support service, uh?). Is there anyone that can advise me about this topic? So my questions are:
  1. Can I prevent spammers from abusing my email addresses and if so, how do I do this?
  2. If not, do I have any preventative actions I can take, other than closing my email accounts and creating new ones?
  3. If I have to create new email accounts, how can I stop them from hi-jacking my new email addresses?
  4. Is there any preventative action my webhost provider can take to help me that they have not bothered to tell me?
Thanks. David

Answer Wiki

Thanks. We'll let you know when a new response is added.
  1. Nope. Anyone can send email with any address in the from address.
  2. Nope. If they don’t stop pretty much the only option is to close the email account.
  3. Unfortunately there isn’t any way to stop them from sending email from your email address.
  4. Nope, there isn’t anything that they can do either.

*****added by Labnuke99****
Unfortunately there is not a lot that can be done about this other than ignore and delete the messages.
We have been seeing reports of these messages for years. There have also been cases of outside organizations asking about messages appearing to be sourced from our organization that are actually spoofed or forged FROM addresses. Here’s some more information about why this happens.

Email spoofing/forging may occur in different forms, but all have a similar result:
* a user receives email that appears to have originated from one source when it actually was sent from another source. Email spoofing is often an attempt to trick the user into making a damaging statement or releasing sensitive information (such as passwords).

Examples of spoofed email that could affect the security of your site include:
* email claiming to be from a system administrator requesting users to change their passwords to a specified string and threatening to suspend their account if they do not do this

* email claiming to be from a person in authority requesting users to send them a copy of a password file or other sensitive information

It is easy to spoof email because SMTP (Simple Mail Transfer Protocol) lacks authentication. Anyone can connect to the mail server at a site and (in accordance with that standard protocol) issue commands that will send email that appears to be from the address of the individual’s choice; this can be a valid email address or a fictitious address that is correctly formatted. So, someone could create a message appearing to come from an address but they never actually sent that message, nor does he know the recipient.

Analogy of a letter you get through the Postal Mail: A paper ENVELOPE TO: address can NOT be spoofed. This address is used to deliver to the correct recipient. However, the envelope’s FROM return address can be forged. Similarly, the FROM address in an email message CAN be spoofed.

Do not open attachments that you were not expecting, even if the sender appears to be someone you know or from what appears to be an official source.
You can also “munge” the e-mail addresses on your website to make them less likely to be harvested and used by spammers via spiders. Here’s some examples:
* tom(at)
* tom(at)anywhere(dot)com
* tom@anywhere.invalid

See this article also Backscatter Spam Is Back.

Discuss This Question:  

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: