How does my email address get faked?
SMTP email is not a secure protocol. If a mail/SMTP server is not configured properly it can be used to send email to anybody from faked addresses to make it look as though the email address was the sender, even though the email address's owner had nothing to do with it. Unfortunately, the Internet is full of these 'spam hosts'.
(Also known as backscatter, outscatter, misdirected bounces and blowback)
This is a result of an email server having been used by a third party to send spam messages that appears to come from your email address – you'll receive all the replies. As an end user, there is nothing you can do about this. Simply delete the messages.
Common examples include:
- Delvery failure notifications: when the spam can't be delivered, the mail server returns a failure notice to the faked return address; there's often very many of them.
- Virus warnings: if the spam contained a virus, receiving mail servers may detect it and fire back a warning to the faked return email address.
- Personal replies from people not pleased at having received spam from 'you'. In this case, you may want to send a polite apology, pointing out that your email address is a victim of having been faked by spammers.
What can I do to stop spammers faking my email address?
Not very much, unfortunately, other than trying to ensure it doesn't appear on the Internet. Scammers trawl web pages to harvest legitimate email addresses to use for their spamming activities.