How do spammers send emails to your mailbox, that appear to be coming from your own address?

hi guys,

So a user at our work ended up getting an email, which appeared to be coming from themselves. So Betty@ourdomain.com got an email from Betty@ourdomain.com. We use an Exchange server and are sitting behind Messagelabs.

I'm just curious how that happens? The other day, I did a telnet session from  my machine and sent an email 'from' my colleague to himself and he was curious as to how on earth that happens?

Are these two scenarios similar at all? I merely wanted to understand the concept and technicality behind it all.

Thanks for helping
Yashy
LVL 1
YashyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David SankovskySenior SysAdminCommented:
Hi Yashy,

the first thing I'd check is if your domain is whitelisted in Messagelabs - meaning every mail from your domain that's incoming into your domain will pass through regardless of the content.

The other thing is of course the SPF record for your domain.

If you could post the original headers of the mails, we might be able to assist you better,

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NerdsOfTechTechnology ScientistCommented:
It's fairly simple. The spammers will send out mail as YOU (to YOU too in this case) by "SPOOFING" your address and spewing out the email from their "NAIVE" stmp server (which doesn't require authentication).

Typically this is done overseas and is unstoppable by normal means.

Luckily for you you can FILTER out self-spam by excluding the "spam DOMAINS" you receive email from.

Such a SPF policy is needed to explain which hosts are allowed to send emails.

Without the ability to filter DOMAINS, SELF-SPAM continues to be a problem for many users.

One other tip: In some cases, the spoofer has acquired the password of the user by whatever means possible and is sending spoofed email through the victim's stmp server/account (authenticated); in this case, change the password!

Optionally, you may need to remove your domain from whitelists or even blacklist your domain in SPF (if you know non-authenticated email WON'T be sent). Get additional expert support if you need to execute this extra step.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.