Seems like my email address got hijacked. What can I do?

I just checked my email a while ago, and found that I had a bunch of replies from people that I had not emailed. They all got emails from my address that I didn’t send.


I ran Spybot, and it found nothing… running AVG virus scan now.

Any suggestions would be appreciated!

FWIW, my email address is, if that helps.

What might cause this that I am missing?

Thanks in advance!

It just means that some spammer has used your email address as his return address in order to avoid anti-spam software. Happens to me all the time. They use an address for one mailing and you get a bunch of “undeliverable” messages and then it stops. There is nothing to worry about, although there is nothing you can do about it either.

The internet was set up for trustworthy people and then taken over by goons. I am generally opposed to capital punishment, but I am willing to make and exception for spammers.

Yeah, your email is probably safe. The reply-to address on an email is just like the return address on real mail. The sender can write whatever he likes there and make it look like it’s coming from your email.

Thanks guys! As I said, Spybot found nothing, and AVG is still running… I will run a couple of other scans too, as this freaked me out… never had this happen before.

It may have, but nothing has come back to you. Spammers spoof yahoo and hotmail addresses all the time.

There are multiple ways for them to find out your email address, but a very common one is to infect someone else’s computer that has you in their address book. That makes it much harder to locate the source of the emails. Otherwise people would just do what you’re doing and kill the thing as soon as it becomes evident. So I doubt you’ll find anything.

Another method is to harvest email addresses from web sites.

I don’t know why they even bother to use real email addresses–why not just make them up? Actually, if your OP provides your real email address, they may have just stumbled on yours by accident.

Look in your sentbox or outbox. Are there emails there that you didn’t send? if not, don’t worry about it.

Checked my sent folder; nothing there. Guess I’m clear then?

This won’t really tell you anything. A virus can have its own self-contained small-footprint email client. There’s no reason it has to use yours, and in fact, it’s probably more complicated to hijack yours than to just connect directly to an SMTP server. Sending an email out to an SMTP server is a ridiculously simple operation. You can type in a telnet window in a couple of lines.

Because recipients are more likely to open a message and an attachment from an email address they recognize.


Lots of servers, like AT&T’s (part of the cellular network) will take e-mail with any and all sender addresses and make no attempt to authenticate them at all. You could literally tell them that your sender address was and they wouldn’t know you from Or care.