The following article appeared on Webopedia way back in 2003. For more information on how to deal with spam, check out our related post with spam reduction tips.

The first time it happened, you were probably confused and even a bit curious, especially if you were not aware of this phenomenon of self-sent spam. A message appears in your e-mail inbox with your own e-mail address as the sender of the message, but you are pretty sure that you did not send yourself an offer for a rock-bottom mortgage rate or secrets to making millions on eBay. So then, what’s happening?

It’s not because a spammer has hijacked your e-mail account and is spamming the world using your identity but because the spammer is disguising the true sender of the e-mail with a different address, a process called e-mail spoofing, to target you specifically. In e-mail spoofing, the sender manually constructs the e-mail header and chooses which information (your e-mail address as the sender, for example) to include.

Why do the spammers do this? To get you to read the e-mail and/or click on the hyperlinks contained in the e-mail, of course. Sometimes the spammers want you to buy the products they are peddling; sometimes they want you to click on the link contained in the e-mail, which signals them that their e-mail message received a live account with a curious human at the other end, and they can then sell your e-mail address to other spammers as a potential audience for more spam from a different source. Sometimes it is for both these reasons and also to bypass filters set up through the e-mail client. Most people don’t even think about having to filter out e-mails sent to themselves from themselves.

Self-sending spam relies on human nature. A 2002 study by Hamilton, Ontario’s McMaster University revealed that e-mails containing shared names of the recipient had an emotional appeal that caused the recipient to read the e-mail in greater numbers than e-mail that came from sources that did not share a name with the recipient. Also, human curiosity compels the recipient to want to know how he has sent himself a spam e-mail, resulting in the recipient of self-sent spam to read the e-mail to investigate. For those who want to go after the spammers, this link explains how to read the header information for the more popular e-mail clients.

Last updated: December 10, 2003

Original article by Webopedia can be found at http://www.webopedia.com/DidYouKnow/Internet/2003/SelfSentSpam.asp.

Note from our Blue Pixel Design server techies: 

Spoofing is typically not a problem because mail servers that do spam scanning can tell that the sender’s IP does not match the domain’s actual IP so they will not get blacklisted, however you may receive bounced error messages and other spam.  You can find the actual sender’s IP in the full message headers of the email so you can determine who is spoofing you and report them.

Our SMTP mail servers (SMTP is the protocol for sending mail) do have security features enabled on them and require senders to log in to check their mail first before they will be allowed to send, verifying that they have permission to use our SMTP mail servers.  The problem is that these spoofed emails are not passing through our servers at all. The spammers are faking the domain names and using their own mail servers to send them.  As such, there’s nothing we can do to stop this. Your customers will just have to bare with it, possibly increase their mail scanner filter settings, or try reporting the sender’s IP to their ISP to stop this (usually they use hacked servers to send anyway so this is often not worth the time).

No related posts.