wiki:faq/email/address-hijacked

Version 1 (modified by Jamie McClelland, 13 years ago) (diff)

--

Help! My Email Address has been hijacked

Often a friend or colleague will email us a message that seems to have been sent from us, but that we didn't send. Other times, we get a bounce, that seems to indicate that we sent a message to a non-working email address, however, we didn't send the original message.

This common occurrence happens because the email system in place on the Internet does not verify the from address. So, we can send email messages from any address we choose simply by telling our email program to use a different address in our from field (anyone with Thunderbird/Icedove can add an arbitrary from address by clicking on the "Manage identities" button in your account settings). Try it - it's fun! You can send a message to your friends from george.bush@… or che@….

Other people on the Internet do not necessarily do this trick for fun. More often, it is done by spammers and virus writers to convince you to open the message. If a message comes from a familiar looking from address, you might be more likely to open it. Virus writes have used the trick to great effect. If you're friend's computer is compromised, the virus might check the address book and try to re-send itself to everyone in the address book in an email from your friend.

The bottom line is: there's nothing we can do to stop someone from sending a message from your email address.

Along with the bottom line comes another one: you should never believe a message came from someone just because their email address is in the from line!

A more effective method for ensuring that the email you are receiving comes from the person you think they are, is to use Gnu Privacy Guard.

There's a decent introduction to the concept here:

http://aplawrence.com/Basics/gpg.html

The examples all used the command line - but that's not necessary! If you are using the Thunderbird/Icedove email program, you can get started with GnuPG with this tutorial.