Somehow, spam is being sent out to some of my email contacts on Yahoo.com looking like it was sent by me. It has happened at least two or three times that I know about - perhaps more that no one told me about.

Is there any way I can prevent this? Yeah, I know I can get a new email address, but that's a pain - notifying everone and all. And there's nothing to keep the new one from being hijacked as well - unless there I can do something to prevent it.

Can anyone help?

Are you sure? Spam routinely fakes the sender's address.

First step would be to change your Yahoo password. If that doesn't stop it, then it's just someone using your address. It could be a mutual friend who has some spyware that is using his or her address book and putting your name on it.

There isn't anything you can do about that.

It doesn't mean your account has been hijacked. There's no enforcement in email headers - anyone can send a message with anything they want in the From field (or anything else, for that matter). Changing your email password is a good practice regardless, and you can scan your computer with Malwarebytes or another antispyware program to check for email harvesters or anything like that to be thorough, but in all likelihood nothing was actually compromised.

Are you sure? Spam routinely fakes the sender's address.

Perhaps my terminology - Spam - is not quite correct. The situation is that people on my email list have received at least one email with a title like "dear friend" and barely passable English grammar in the message. My name or email address is in the "from" column.

First step would be to change your Yahoo password. If that doesn't stop it, then it's just someone using your address. It could be a mutual friend who has some spyware that is using his or her address book and putting your name on it.

No way is it a mutual friend. No friend of mine advertises products or uses grammar that terrible.

The TV reported that this happened to Hotmail and some Gmail accounts just the last couple of days. Apparently someone got hold of a database where the passwords were unencrypted and posted it. Check Google News for the latest. http://features.csmonitor.com/innovation/2009/10/06/under-siege-from-phishers-microsoft-blocks-some-hotmail-accounts/

It doesn't mean your account has been hijacked. There's no enforcement in email headers - anyone can send a message with anything they want in the From field (or anything else, for that matter). Changing your email password is a good practice regardless, and you can scan your computer with Malwarebytes or another antispyware program to check for email harvesters or anything like that to be thorough, but in all likelihood nothing was actually compromised.

If nothing was compromised, that's great, but I'd still like to keep my friends from getting pissed off at me for something I'm not doing.

Could his computer have been infected with a trojan/virus for use as a spam sending zombie computer (http://en.wikipedia.org/wiki/Zombie_computer)? Apparently that's how most spam is sent.

Perhaps my terminology - Spam - is not quite correct. The situation is that people on my email list have received at least one email with a title like "dear friend" and barely passable English grammar in the message. My name or email address is in the "from" column.


It is possible the infected computer is one of your friends. Some spyware and such may scan their address book (or inbox) and then send mail with the names found there from their computer. Since you may have acquaintances in common you will hear about it from people you both know.

Yahoo and GMail and such have aggressive antispyware. I cannot think of a spyware that can send via Yahoo from your PC unless you use a client like Outlook to plug in to it.

Perhaps my terminology - Spam - is not quite correct. The situation is that people on my email list have received at least one email with a title like "dear friend" and barely passable English grammar in the message. My name or email address is in the "from" column.


No way is it a mutual friend. No friend of mine advertises products or uses grammar that terrible.

We understand what you mean. I want to make it clear that no hacking, hijacking, or any other type of security breach is required to send email that appears to be from your - or anyone else's - name and email address.

RealityChuck isn't saying that a friend is knowingly and intentionally sending you spam. Spyware exists that forwards the contents of the victim's address book to spammers. This is done for the purpose of harvesting legitimate email addresses to send spam to and as well as make the spam appear to come from a source known to the recipient.

If nothing was compromised, that's great, but I'd still like to keep my friends from getting pissed off at me for something I'm not doing.

There's nothing you can do but let them know someone is sending spam messages that purport to be from you, and to ignore/delete them. Unfortunately, you can't stop it.

Unfortunately, you can't stop it.

Arrrrgh! I'm fucked!

It happens to everybody. I regularly find spam messages in my junk folder that were allegedly sent by me, to myself. I use Gmail, though, so pretty much 100% of spam is appropriately filtered and I only ever look at it when I feel like it would be amusing.

To further clarify, I can send an e-mail to anyone that says president@whitehouse.gov in the From: field. There is nothing to prevent that in the current Internet mail system.

It's sort of like sending a regular letter, you can write anything you like in the return address area.

The TV reported that this happened to Hotmail and some Gmail accounts just the last couple of days. Apparently someone got hold of a database where the passwords were unencrypted and posted it. Check Google News for the latest. http://features.csmonitor.com/innovation/2009/10/06/under-siege-from-phishers-microsoft-blocks-some-hotmail-accounts/

This could be the problem, also reported here:

http://news.bbc.co.uk/1/hi/technology/8294714.stm

This could be the problem, also reported here:

http://news.bbc.co.uk/1/hi/technology/8294714.stm


jebert, did you check your "sent" messages to see if the emails actually were sent using your account?

If they were, you should change your password, the "forget your password?" questions, and any secondary email address that may be associated with your account that could be used for a password reset.

If they weren't, then yeah, you're fucked.

RealityChuck isn't saying that a friend is knowingly and intentionally sending you spam. Spyware exists that forwards the contents of the victim's address book to spammers. This is done for the purpose of harvesting legitimate email addresses to send spam to and as well as make the spam appear to come from a source known to the recipient.Exactly. However the spammer got the address, it probably had nothing to do with you.

If your friend were infected by a bot, it would take all the names in his address book (which would include yours). It then picks your name for the "From:" field.

The infected machine could be anyone who has both e-mail addresses on their computer. Maybe it's not in the address book. Maybe your friend cc'd a single e-mail to you and the infected person at one point. Maybe you e-mailed someone and your friend e-mailed him at different times.

In any case, the cause was that some spam software grabbed your address off a computer somewhere and put in in the "From" field. There is no way to prevent this.