Getting Email from Yourself? You've Probably Been "Spoofed"
Posted Nov 12th 2008 10:14AM by Webmail Team
Recently, we have gotten several concerned calls from AOL users who are receiving emails from themselves that they didn't send. Most of the time, the content is inappropriate and users are troubled that their email address is connected to this content, and even more concerned that this is a sure sign their AOL account has been hacked and is being used by someone else.
Although it is possible that the account has been compromised, it's more likely that these users are being "spoofed." In other words, the email is most likely coming from a source outside of AOL that is "spoofing" the From address. Automated bots are often used by spammers to fill in the From: address with the To: address, making it look like the person has sent mail to themselves.
Why aren't the AOL spam filters catching these spoofs?
AOL actually catches most spoof emails before they reach the intended recipients. In fact, we block more than 2 billion pieces of spam each day before it even reaches our users. We continually modify our spam filters in response to new spam trends and threats, based on user feedback via the "Report Spam" feature.
What should I do with the spoof emails I am receiving? Should I send them to AOL?
When you receive any piece of mail that you consider to be spam, you should immediately hit the "Report Spam" button. This helps to ensure that future mail from this source will go to your spam folder in the future. Rest assured that by hitting the "Report Spam" button you are not blocking or reporting yourself; but, helping us identify the source of the spoof email.
What if I still suspect unauthorized use of my account?
If you suspect unauthorized use of your account, immediately check your Sent folder for any emails that were sent without your consent. If you see any unexpected messages, immediately change your password. This will lockout the unauthorized user and re-secure your account.
How do you tell the difference between a spoof and a compromised account?
Differentiating between the two can be difficult, but your best bet is to be vigilant about protecting your account, your computer and your privacy. Follow these tips:
**Use a secure password and change it frequently. AOL recommends that you immediately change your password if you suspect any unauthorized usage of your screen name. Only authorized users can change passwords. If you have stored the password on your computer, remember to update that, too.
**Make sure you are running up-to-date virus and spyware protection software.
For more information on spoofing, we also recommend that you take a look at this article: http://www.windowsecurity.com/articles/Email-Spoofing.html.
Add your comments
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br> tags.
AOL Mail Team on Twitter
AOL Mail Team on Facebook
Most Recent Comments
About the Blog
This blog is published and maintained by the Mail team at AOL.
Please share your comments with us. You can bookmark this blog at: http://mailblog.aol.com or use AOL Keyword: Mail Blog
P.S.: Constructive criticisms are encouraged, but any comments with profanity, non-advancing communications, defamatory, objectionable, offensive, venting content will be removed. Please keep the topics product-related. Thanks for keeping this area "family-safe."
Reader Comments (Page 1 of 1)
1. i always do that because i have no one else to
Posted at 2:57PM on Nov 25th 2008 by ecbear10
2. My email address was use to send an offensive email to me
FROM : baydede@aol.com
TO: baydede@aol.com
1/10/2009
Can the send be using my account to send offensive emails to others?
Posted at 5:44PM on Jan 11th 2009 by Deidre Bay
3. I can't believe someone stole"spoofed" my screen name. How can this happen? I strongly feel bad about this. I thought this was impossible but lately I have been getting them. They have different names attached to them too. Should I change my screen name? I've had it for more than ten years.
Posted at 5:09PM on May 22nd 2009 by Audrey
4. I am getting e-mails from myself, but in the Sent folder.
Now, before you laugh, please take a look at my description of your feature which leads to three issues.
"Hi, I am using IMAP to receive, and SMTP to send e-mail.
You obviously have a feature which presents some problems to me.
Whenever I send some e-mail from Apple Mail (Mac) or Outlook Express (PC), they are automatically copied to Sent folder, and NO ENCODING is set.
I believe this is useful for web-mail, but wrong for people with e-mail clients like me.
Simply because all IMAP e-mail clients can take care of that automatically and they also place copy of sent messages there (via IMAP, after success of SMTP submit).
So, a second problem (1st one is no encoding=ASCII=screwed foreign letters) is DUPLICATES.
And, third problem - those duplicates are UNREAD, which unnecessarily draws attention and wastes my time.
Would you please advise on how to turn that feature off (do not see a preference) or fix it by enabling such behaviour only for webmail access (not SMTP)?"
Thank you!
Sergey,
OSS Architect
Posted at 10:25AM on Jul 4th 2009 by cubeover