Results 1 to 13 of 13
  1. #1
    Lounger
    Join Date
    Dec 2009
    Location
    Camberley UK
    Posts
    34
    Thanks
    5
    Thanked 0 Times in 0 Posts

    Unauthorised use of my e-mail address?

    A few days ago, I received about 15 email messages informing me that for various reasons, messages I had sent (using Outlook 2010) had not been delivered. I had not sent any of these 'undeliverable' messages. There were no suspicious emails in my sent mail folder. I previewed some of these emails to see the mail route, and saw that my email address appeared in 'envelope-from', 'message-ID' and 'Return-Path' fields. Quite apparently some-one has used my email address in these emails.
    Please note that I have a limited understanding of how email systems work. I wonder if my email address is being used as the 'from' address in emails that have been sent successfully. Is this possible? Is there anything I need to check at my computer to prevent this happening again, or is it all happening remotely from me and there is nothing I can do about it?
    My system is a Dell SXPS 1340 laptop with Outlook 2010 running on a WIndows 7 64 bit operating system. Also running Kaspersky 2010 Internet Security Suite with email checking enabled.

    Thanks, Geoff

  2. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Your email address can be in use by someone not yourself for a number of reasons. It may be possible that someone who had it in their contacts list was infected by a virus, for example. It may also be possible that your email address was harvested from a web page where you may have posted it and then used to send spam. Anyone can add an email account to an email client like Outlook, Thunderbird or similar, and use your email address as the sender. Also, any email sending program can do the same.

    This basically means that most likely there are no security issues with your PC (even if you can run something like the free Malwarebytes antimalware on demand, to complement Kaspersky) and, unfortunately, there isn't much you can do to avoid the repetition of that situation, other than not posting your email address on the web and not using it in places of doubtful reputation.

  3. #3
    Lounger
    Join Date
    Dec 2009
    Location
    Camberley UK
    Posts
    34
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by ruirib View Post
    ........ Anyone can add an email account to an email client like Outlook, Thunderbird or similar, and use your email address as the sender. Also, any email sending program can do the same...............
    Does the 'anyone' not need to have my password as well as my email address to send an email in my name?? I am surprised that my email can be used without my password. That is certainly not very secure.

    I take great care with my email addresses. I choose which one to use depending on what I believe is the risk that I might receive Spam from the recipient of my email.

    I understand that I may receive Spam if someone harvests my email address, but I am surprised that someone can send an email in my name without the account password. The only people who know my passwords are myself and the ISP. No passwords are stored on my computers.

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    With the "right" kind of software, it is trivial to impersonate any email address and manipulate the email headers.

    Joe

  5. #5
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by formula400 View Post
    Does the 'anyone' not need to have my password as well as my email address to send an email in my name?? I am surprised that my email can be used without my password. That is certainly not very secure.

    I take great care with my email addresses. I choose which one to use depending on what I believe is the risk that I might receive Spam from the recipient of my email.

    I understand that I may receive Spam if someone harvests my email address, but I am surprised that someone can send an email in my name without the account password. The only people who know my passwords are myself and the ISP. No passwords are stored on my computers.
    The issue is that most email providers allow you to send email using the server access details for one valid account on the server, but with the sender details totally different from the details for the account they used for authentication. I could do it with any of the email providers I use.

    They don't need your password, because they are not using your account, just using your email address as the senders address. Unfortunately that's allowed by most email server software.

  6. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    SW Florida
    Posts
    11
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I would expect that if you just went and changed your email password, that the problem would go away.

    Select a difficult to guess password containing some characters other than all letters and numbers (like #, %, ^, etc.).

  7. #7
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by pilotart View Post
    I would expect that if you just went and changed your email password, that the problem would go away.

    Select a difficult to guess password containing some characters other than all letters and numbers (like #, %, ^, etc.).
    His email account is not being hacked, so how would a password change help?!

  8. #8
    New Lounger
    Join Date
    Jul 2011
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Faking the sender on an e-mail is essentially the same as sending a piece of postal mail and writing someone else's name and address as the return address on the envelope. There's no mechanism to prevent that from happening with postal mail ... OR with e-mail.

  9. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    Asheville, NC USA
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Even Outlook allows this. If you look under account properties, you can set up any "reply to" email address you want to.

  10. #10
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Surrey, UK
    Posts
    161
    Thanks
    7
    Thanked 39 Times in 35 Posts
    More than likely its a ruse to get you to go somewhere unsavoury - I got a batch of these the other day, and I'm pretty sure my PC hasn't been turned into a bot. The message contained this:
    ===================
    The original message was received at Sun, 10 Jul 2011 01:04:04 +0200 (CEST)
    from 189104026046.user.veloxzone.com.br [189.104.26.46] (may be forged)

    ----- The following addresses had permanent fatal errors -----
    <urrun@ingv.it>
    ----- Transcript of session follows -----
    <urrun@ingv.it>... Deferred: Operation timed out with mx2.mi.ingv.it.
    Message could not be delivered for 5 days
    Message will be deleted from queue
    ========================

    but also contained 2 attachments, one of which was an email with a foreign-looking title, containing a link to a russian site (which I did not explore!). It seems someone has found my email address (not hard), and is trying some trick. I wouldn't worry about it.

  11. #11
    5 Star Lounger Lugh's Avatar
    Join Date
    Jun 2010
    Location
    Indy
    Posts
    619
    Thanks
    166
    Thanked 75 Times in 66 Posts
    Quote Originally Posted by pilotart View Post
    I would expect that if you just went and changed your email password, that the problem would go away.
    Sadly that is not true, what the other posters have said is correct.

    I got a day of such 'undeliverable' messages last week too, and every year I get spam from myself 3-4 times a year. Lasts a few days each time, nothing practical to be done.

  12. #12
    Lounger
    Join Date
    Dec 2009
    Location
    Camberley UK
    Posts
    34
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Thanks to all who replied giving me an insight into how easy it is for someone to use my email address in the Sender/Reply To fields. This is the first time I've posted in The Lounge and have appreciated the help.

    I checked back to see how many of these unauthorised messages arrived in my Inbox - there were in fact 30 of them all on the same day. 26 of them had attachments which, of course, I stayed well clear of. I just hope that this doesn't occur too often.

    As mngerhold said, I'm sure that my PC hasn't been turned into a bot. As stated in my original email, I run Kaspersky Internet Security. When these emails arrived I also ran a Malwarebytes scan - no problems.


    Thanks again, Geoff

  13. #13
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    Slough, Berkshire UK
    Posts
    924
    Thanks
    55
    Thanked 52 Times in 50 Posts
    I also suffered from this problem. My resolution was to add my email address to my blocked emails list and now have not received any since. (This works as long as you don't start sending yourself emails from the same address which I doubt you would do).
    Last edited by curiousclive; 2011-11-16 at 10:06.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •