How to Look for Proof of a Spoof


If your friends are getting email messages you didn’t send, someone may be forging your address on spammy activities.

Q. I received one (and only one) warning from a friend that she had gotten a “this might be of interest” email from me and said I was hacked. Nobody else I have asked got it. Is there a way to verify I have been hacked before I go through the trouble of changing my primary email address?

A. If only one friend received such a message and you can still log into your email account, it’s more likely a spammer is “spoofing” (forging) your address and has not fully hacked in to take control of the account. Spoofing is a popular way to evade junk-mail filters and get you to open the message — and possibly click on a fraudulent or malware-loaded link. The forged address also lets the perpetrator avoid bounce-back messages to a traceable account.

Unfortunately, there’s not a lot you can do about a remote spammer’s sticking your address in an email “From” field. Your information may have even been collected from the contact list of the person who reported the suspicious message, if that person’s computer is infected with malware. Spammers can also grab working email addresses from public posts you’ve made online, as well as from mailing lists or web pages.

The email header information of a suspicious message can reveal a forged return address and other details.CreditThe New York Times

Warn your acquaintances that someone is spoofing your address. If you get a curious message from a friend yourself, you can check the email header information to see if the account was truly hacked. In your mail programs options, settings or view menu, look for a “show original” or “view message header” command to see the message’s path across the internet. If the Authenticated Sender line in the header information shows that it did come from the address in question, the mail account has been compromised because the message was sent with the user’s name and password as verification.

To maintain your own mail security, change your account’s password on a regular basis and run malware and antivirus scans frequently to catch anything that may have sneaked onto your system. You may also want to avoid making posts in online forums with your primary email address and use a secondary, “throwaway” email account when signing up for mailing lists and other places where your information might be shared with others.

Personal Tech invites questions about computer-based technology to This column will answer questions of general interest, but letters cannot be answered individually.

J.D. Biersdorfer has been answering technology questions — in print, on the web, in audio and in video — since 1998. She also writes the Sunday Book Review’s “Applied Reading” column on ebooks and literary apps, among other things. @jdbiersdorfer