A few signs indicate compromised or spoofed email accounts, such as undeliverable bounce-back emails, emails you didn't send, and people complaining about spam sending from your address. You first want to determine whether your account has been compromised by a virus, malware, spammer, or if you are just being spoofed.
Signs of a compromised email account
A few signs indicate whether an email account has been compromised, including email headers. This is what to look for in email headers to determine if your account has been compromised.
Received: from [220.127.116.11] (18.104.22.168.servername.com [22.214.171.124])
(Authenticated sender: firstname.lastname@example.org)
by something.servername.com (Postfix) with ESMTPA;
Fri, 4 Jul 2014 19:28:23 +0000 (UTC)
This example contains fake information, but the key to note here is "Authenticated sender." This means the email was sent after authenticating the sender using the username and password. Therefore, it was actually sent through the outgoing mail servers using the email's login credentials. If your email account has been compromised, you should run a complete system virus scan on your computer and reset your email password using the webmail portal or your Enom portal. Changing your email password will cut off any connection a third party may have to your email account.
Email spoofing is when the sender of an email, typically spam, forges (spoofs) the email header "From" address, so the email being sent appears to have been sent from a legitimate email address that is not the spammer's address.
They do this for a couple of reasons:
- Tricking spam filters into allowing the email through using a reputable email address. This would be one way your friends and family would see spam emails from you in their inbox rather than their spam folder.
- To prevent the bounce-back emails from being received in the spammer's inbox. Spammers may send their spam out to thousands of email addresses, and inevitably, many of those emails will bounce.
Email spoofing is more common with email accounts that are not actively used. If the account is used daily, there's a higher chance it might have been compromised by malware or a virus.
Prevention and account security
While there is no fool-proof way to prevent either type of abuse to your email address, you could adopt some best practices regarding your email security, such as.
|Frequent password updates.||A solid way to prevent attackers from obtaining your passwords and to cut off access in cases of compromisation.|
|Full weekly virus scans.||Identifies issues and security risks on your computer.|
|Don't share your email address online.||Sharing your email on social media results in malicious automations harvesting your address. Instead try Example(at)gmail(dot)com.|
|Use throwaway email accounts.||For mailing lists and contests, use a throwaway email account like Gmail or Hotmail, something you don't mind deleting if it gets abused.|
|Primary email for priority mail.||
Only use your primary email to communicate with people you know or trust.
Spammers may acquire your email address in a few places, and adhering to the best practices will lower the risk of your email being targeted. There are programs and software designed to do nothing but scavenge the internet for email addresses:
- On a website contact page
- Domain WHOIS records
- Mailing lists. Some of them are legitimate, but others may sell your information.
- Anything you post online with your email address in it.
- One of your contact's computers may become compromised, and your information may be taken from their contact list.
If the spoofing is recurring and causing a lot of inconveniences, the best thing to do would be to delete the account and start over with a new email account. Since this isn't always possible, you could create a temporary filter in webmail to keep the bounce-back emails out of your inbox until the spammer moves on. They usually only last for a week or two, sometimes less.
Back to top