If you receive bounce messages for mail that appears to originate
from your account, you find messages in Spam from 'me,' or you receive a
reply to a message you never sent, you may be the victim of a
'spoofing' attack. Spoofing means faking the return address on outgoing
mail to hide the true origin of the message.
When you send a letter through the post, you generally write a return address on the envelope so the recipient can identify the sender, and so the post office can return the mail to the sender in the event of a problem. But nothing prevents you from writing a different return address than your own; in fact, someone else could send a letter and put your return address on the envelope. Email works the same way. When a server sends an email message, it specifies the sender, but this sender field can be forged. If there is a problem with delivery and someone forged your address on the message, then the message will be returned to you, even if you weren't the actual sender.
If you've received a reply to a message that wasn't sent from your address, there are two possibilities:
- The message was spoofed, forging your address as the sender.
- The original sender used your address as a reply-to address so that responses would be sent to you.