Why am I receiving spam mail from my own domain?

Spam Mailing is a form of mischief where one abuses your email address and is only one of many techniques spammers use to throw their bugs into our mailboxes. Since the beginning of mails, anyone can send email to anyone around the globe, within seconds, at zero apparent cost.

Apparently what seemed to be the greatest strength of the Internet mail system has now become the greatest weakness everyone. Because the system is biased in favor of delivery, it is prone to abuse in the form of spam mails, viruses, and phishing scams. The very features that made email successful now threaten its viability.
If one receives such SPAM emails that look like they are coming from one’s own email account, or from other people with email accounts on the same domain, they are not really coming from those people’s accounts.

spam mail

How does one receives such spam emails?

As a standard practice, spammers spoof the “From” email address and populate it with other email addresses that they have stolen. So other people are getting spam mails that looks like it is from you. Now what they do is match up emails from the same domain names, so it looks like one person from your team is sending an email to another.

The reasons for such behavior are either to:

  • Spam a specific individual and know that it’s unlikely you’ll block the email by yourself. In fact, as you’ve seen, it’s not even always possible but it’ll be a waste of effort as even if one could. It would only prevent legitimate emails from reaching the individual aka fewer chances of spam mails.
  • You’ve received a bounce message as the target to spam is someone else, indicating that the original spam was rejected by its intended recipient. Since the spam email looks like it came from you, you get the bounce message.

Read more about mail from and from header here.

How can one prevent it?

As mentioned, the problem of scammers and phishing isn’t new to the market but has also led to developing promising solutions:

DNS based solutions:

Through this the user allows the sender to list IP addresses authorized to send mails. Giving you control over what remains on your desktop as it blocks all ways to prank an individual with mails still being delivered, as Network administrators weren’t smart enough to add all servers. So as a workaround big providers ran algorithms on top to make sure genuine mails that are failing SPF are not delivered to spam.

Continue reading technical details about “Sender Policy Framework (SPF) for Authorizing Use of Domains in EMail

DKIM based solution:

Domain Keys Identified Mail Signatures allows all mail servers to sign messages & certain header fields using defined hashing algorithms & verification using public/private keys. The public key is published as a DNS record, but the private key is kept private.
The reason to develop a private key was to prevent any grave disruption as an attacker could perform MITM and alter the content of mail while it is being delivered.

One must keep in mind

The solutions mentioned above are for prevention and provide absolute transparency when doing so but it is possible. Sometimes you’ll get spam from yourself if your account has been hacked. You can log in to your account, so if your account has been hacked, the hackers didn’t change the password. That’s unusual. Normally, a hacked account means you can’t log in.

Nonetheless, it’s something to be aware of and perhaps checks. For example, check the Sent Mail folder to see if there are messages you didn’t send. Even if you don’t find any hard evidence of a hack, there’s no harm in changing your password, just to be on the safe side!!

More related content for you

Scroll to top