Am I Really Getting Spam from Myself?

A co-worker posed this question to me the other day:

"So there's a bunch of spam in my mail spam folder that says it's from me.  Is this just a trick or may I have something that is sending out emails through my account?  How could I check?"

This isn't an uncommon concern.  Basically, when spammers send email, they can change the origination address that email servers read, the same way you can put whatever return address on an envelope you want for postal mail.  It makes the email look like it's coming from you, when really it's probably not.

One way to tell would be to check your "Sent Items" folder and see if any of them show up there.  If there are none, check your Trash.  If there are none there either, there's probably a reason they showed up in your spam folder — they originate from addresses/IPs flagged as spam outlets to begin with.

For instance, try sending yourself a legitimate email, mirroring the subject line of one of the spam ones, and I bet it goes through since your email provider (in our case, Google, who has especially good spam filters in my experience) knows you actually sent it, and you most likely have not been flagged as a spam source.

If you want to be really sure, you can always change your email account password, though I reckon you'll still see messages from yourself after that because of the ability for senders to fake the origination address, as mentioned earlier.

If all that checks out, I wouldn't worry about it.  I get messages from "myself" all the time that I'm positive I didn't send, and no one's mucking around in my account.

  • Great question and answer. Seems so simple but you just never know what hackers are up to.