I recently switched my mail/domain from Google to name cheap. I’ve been keeping a critical eye on my junk mail as the spam filtering doesn’t seem as good.
I saw neat scam email from my own email adress. It was the usual “I am a hacker give me money” nonsense but the trick with them using my own email adress is pretty neat. I assume they’ve injected some sort of common replace string?
Just curious if anyone knows the trick here.
Update: followed the advice most of you have provided and spam mail has gone way down as a result. Leaving post here for the next poor sod who runs into these problems. Maybe Google will lead folks here instead of reddit.
Thank you kind strangers.
You must log in or register to comment.
It is trivial to write a piece of software, or use existing email software, to forge the contents of the from: field in an email header. In fact, you can forge the entire email header if you feel like, and there’s really nothing stopping anyone from doing it. The header information which includes the alleged sender of the email is just plain text. You can fire off any email containing any header – forged or not – at any mail server and the data will at least get there. What the mail server does with it afterwards is up to however it’s configured.
There are various techniques that email providers and mail relays use to attempt to verify the integrity of email messages, including DKIM, reverse DNS or PTR record, and the Sender Policy Framework, and if any of these don’t check out the mail server may reject incoming messages or automatically divert them to spam folders. This isn’t foolproof, though, and some mail servers are more lenient than others. Many private mail servers are also misconfigured, or minimally configured, and allow pretty much any damn fool thing to get through.
Look up the instructions for your mail provider to set up SPF, DKIM, and DMARC records in your DNS so email services know which emails sent from your domain are actually legit. Without those records telling email servers what’s valid and how to handle what’s not, it’s basically the Spiderman pointing at Spiderman meme.
Thank you, I had to bug the support line a bit to figure it out, but they agreed I needed to use this guide and helped me out. My inbox is now a little safer thanks to your advice.
Is it possible they actually accessed your account? Alternatively, do you have a lowercase “L” in your name that they could have replaced with a capital “I”?
No Ls also nothing in my sent box and it was marked as spam so rhe mail service knew somthing was up with it.
Dunno who’s downvoting this, but that’s honestly a valid possibility. The other answers explain a really important concept (it’s really easy to fake from addresses) but these ideas aren’t wrong.
It’s not a possibility at all unless the “hacker” is extremely stupid.
If you have access to an account, you generally don’t want to make the owner of the account suspect that it is compromised.
Or the “hacker” is an automated script (…which is probably pretty stupid, to your point), as the vast majority of attacks are.
If it’s more like a spearphishing-to-impersonate attack-- i.e. A specific individual is being targeted-- then yeah, it’d be important to avoid detection. They wouldn’t do that unless they are extremely bad at their task.
But most attacks are fairly coarse attempts at exploiting a rather glaring security hole against a large number of targets, and their goal might not be what you’d think… Like for example “iterate through this list of 100,000 sites, see if they’re using
[], and see if they still have the default admin password.” The attacker doesn’t care about being foiled by any one victim, because (for example) their goal is to collect accounts that are:a) Unmonitored by their owners, and;
b) Able to send and receive emails
Is that scenario more likely than FROM address forgery? No. Is that scenario “not a possibility at all?” Also no.
There are many ways they could be getting your email, but first, why your email? Well, it’s because it the easiest way for them to fake legitimate messages. Now, where are they getting them from? Most likely your socials or other accounts. One instance I’ve experienced was on offerup (don’t use it, too many scammers).
I would suggest setting up DMARC, SPF, DKIM. I have it setup so mail servers would reject/drop e-mails if they do not originate from specific mail servers. If a spammer tried to send an e-mail like you describe then it would be rejected by my mail server or mail server provider.
information: https://www.cloudflare.com/learning/email-security/dmarc-dkim-spf/
