I got a junk mail message from someone with my email address, but looking in my sent folder there is nothing like that.
Is my email account hacked or is this just some trick where they pretend to use the email address of the person they are sending it to?
It was almost certainly the latter - someone pretending to use your email address. I get spam emails from ‘friends’ all the time, and occasionally a few from myself.
spoofing an email address is quite easy to do.
All the same, it wouldn’t hurt to take some precautions - change your email password and run a virus scan on your computer.
You should be able to tell by looking at the “source” of the message. How to do this depends on what mail program you’re using; in Thunderbird it’s View -> Message Source. You should see one or more “Received” lines, which tells which mail servers that the message passed through on its way to you. If you send yourself a message and compare the Received line to the one in the suspect message and they’re different, then almost certainly the return address was simply spoofed and you have nothing to worry about. Sometimes different emails to yourself may pass through different server but usually you can tell that they’re still run by the same company, eg. xyz-02.comcast.net vs. xyz-05.comcast.net.
–Mark
I see this question quite often. The “from” line on an e-mail works just like the return address on a USPS-mailed letter, and has exactly the same level of enforcement: That is to say, the sender puts whatever they want there, and none at all. I’m not sure why people pay it so much more heed when it’s computerized than when it’s on paper.
By the same token, if you get a virus-laden e-mail that’s listed as being from a friend or relative, that doesn’t mean that their machine is infected: More likely, some common relative or friend of the two of you is infected, and the virus just picked two random names from that person’s contact list to be the “from” and “to”.
This is also why there are a lot of web forms that allow you to send email that appears to be from you to someone on the site just by putting your email address in the right place on the form. The mail client on the server just creates an email with the address you gave in the “from” field and sends it electronically to the appropriate mailbox. Anyone looking at the headers will be able to tell it was created on that web-form, not sent from an outside server, but that’s not particularly relevant. You’re just given the opportunity of sending a message to someone and giving them the return address much in the same way you do with snail mail, as Chronos mentioned.
Spoofing email addresses is easy, but they don’t always bother. At least once a day I get an email that purports to be from our sysop saying that my mailbox is over its quota, click here to apply for a larger mailbox. But when I look at the actual return address it usually comes from some place like Afghanistan. Imagine my sysop going to Afghanistan to send such a message. But I know from talking to him that disk storage has gotten so cheap that we have no limits on our email accounts.
Hell, I got one of those 'Help I am stuck in London and got mugged, send money" emails from one of my email accounts to the other [I have a spambait account - someone actually just spoofed my address using my harvested email addy]
Pity, I haven’t been to London for a couple decades, I wouldn’t mind a trip, though I can do without being mugged.