Why am I receiving spam mail from my own domain?


Spam Mailing is a form of mischief where one abuses your email address and is only one of many techniques spammers use to throw their bugs into our mailboxes. Since the start of sends, anybody can send email to anybody all throughout the globe, in no time, at zero clear expense.

Obviously what appeared to be the best strength of the Internet mail framework has now turned into the best shortcoming for everybody. Because the system is biased in favor of delivery, it is prone to abuse in the form of spam mails, viruses, and phishing scams. The very components that made email fruitful now undermine its suitability.

If one receives such SPAM emails that look like they are coming from one’s own email account, or from other people with email accounts on the same domain, they are not really coming from those people’s accounts.

spam mail
Why am I receiving spam mail from my own domain? 3

How does one receives such spam emails?

As a standard practice, spammers spoof the “From” email address and populate it with other email addresses that they have stolen. So other people are getting spam mails that looks like it is from you. Now what they do is match up emails from the same domain names, so it looks like one person from your team is sending an email to another.

The reasons for such behavior are either to:

  • Spam a specific individual and know that it’s unlikely you’ll block the email by yourself. In fact, as you’ve seen, it’s not even always possible but it’ll be a waste of effort as even if one could. It would only prevent legitimate emails from reaching the individual aka fewer chances of spam mails.
  • You’ve received a bounce message as the target to spam is someone else, indicating that the original spam was rejected by its intended recipient. Since the spam email looks like it came from you, you get the bounce message.

Read more about mail from and from header here.

How can one prevent it?

As mentioned, the problem of scammers and phishing isn’t new to the market but has also led to developing promising solutions:

DNS based solutions:

Through this the user allows the sender to list IP addresses authorized to send mails. Giving you control over what remains on your desktop as it blocks all ways to prank an individual with mails still being delivered, as Network administrators weren’t smart enough to add all servers. So as a workaround big providers ran algorithms on top to make sure genuine mails that are failing SPF are not delivered to spam.

Continue reading technical details about “Sender Policy Framework (SPF) for Authorizing Use of Domains in EMail

DKIM based solution:

Domain Keys Identified Mail Signatures allows all mail servers to sign messages & certain header fields using defined hashing algorithms & verification using public/private keys. The public key is published as a DNS record, but the private key is kept private.
The reason to develop a private key was to prevent any grave disruption as an attacker could perform MITM and alter the content of mail while it is being delivered.

One must keep in mind

The solutions mentioned above are for prevention and provide absolute transparency when doing so but it is possible. Sometimes you’ll get spam from yourself if your account has been hacked. You can log in to your account, so if your account has been hacked, the hackers didn’t change the password. That’s unusual. But, when you can’t log in you feel your account is hacked but your account can be hacked in the former case as well.

In any case, it’s something to know about and maybe checks. For instance, it barely would take minutes for you to check your Sent Mail Folder if you find some messages that you didn’t send. Regardless of whether you don’t track down any suspicious activity or any visible hard proof of a hack, there’s no mischief in changing your password, just to play it safe!!

  • Products
  • Services
  • Request Demo

Get Secured Today!

Click that button and let’s chat! We promise to turn the murky, often scary world of cybersecurity into a walk in the digital park for your organization. Together, let’s make cybersecurity a piece of cake!