skip to primary navigationskip to content

Forged email addresses used to send spam

Personal email addresses are often 'faked' so that it looks like they were the originators of spam messages. If this happens to your email address, probably the first you will know of it is when you start receiving 'collateral spam' in response.

How does my email address get faked?

SMTP email is not a secure protocol. If a mail/SMTP server is not configured properly it can be used to send email to anybody from faked addresses to make it look as though the email address was the sender, even though the email address's owner had nothing to do with it. Unfortunately, the Internet is full of these 'spam hosts'.


Collateral spam

(Also known as backscatter, outscatter, misdirected bounces and blowback)

This is a result of an email server having been used by a third party to send spam messages that appears to come from your email address – you'll receive all the replies. As an end user, there is nothing you can do about this. Simply delete the messages.

Common examples include:

  1. Delvery failure notifications: when the spam can't be delivered, the mail server returns a failure notice to the faked return address; there's often very many of them.

  2. Virus warnings: if the spam contained a virus, receiving mail servers may detect it and fire back a warning to the faked return email address.

  3. Personal replies from people not pleased at having received spam from 'you'. In this case, you may want to send a polite apology, pointing out that your email address is a victim of having been faked by spammers.

What can I do to stop spammers faking my email address?

Not very much, unfortunately, other than trying to ensure it doesn't appear on the Internet. Scammers trawl web pages to harvest legitimate email addresses to use for their spamming activities.


How can I report this?

The University of Cambridge is subject to the Acceptable Use Policy of our Internet Service Provider JANET, which forbids unsolicited bulk mailing and forgery of parts of mail messages, however, the University is a frequent victim of spammers. You can report collateral spam (including the full headers) to UIS' Incident Response Team at .