Friday, May 21, 2010

AOL offers advice on spam that comes from your own email address (sender spoofing)

AOL has an interesting post on sender-id spoofing with email, “Why am I getting spam from myself?”, link here. It's on the "AOL Mail Blog."

AOL recommends checking the sent folder, and changing a password immediately if you see emails you did not send.

On the other hand, well known loopholes in the SMTP protocol allow spoofing of sender addresses, which is often done innocently and deliberately by many websites that invite you to send an email to yourself.

Users could be concerned if they could get into legal trouble over emails that they did not send. If the email address was really spoofed, probably not; but if the password was compromised and used, it sounds conceivable that a person could be held responsible; the burden of proof might fall more on the “sender.”

AOL also recommends removing email from your address book if you get spam from yourself.

If you have other domains, you probably have email addresses with them. It’s a good idea to monitor them even if you don’t usually use them. Offering so many email addresses with a domain by an ISP may not be a good thing. Some ISP’s offer a “delete null” mechanism to keep you from getting bouncebacks from spoofed emails. If you forward bouncebacks to a main email address you would need to make sure that the mail box doesn’t fill out; some ISP’s will close accounts if email forwarding addresses don’t work, even if caused by a spammer.

No comments: