Spoofing
I, or someone I know, got an email that said it was from me, but I didn’t send it. What is going on?
Has my account been compromised?
It is most likely that there has been no breach of personal information. Owners of domain names are a popular target for spoofing attacks because it is easy to guess common email addresses that exist on many domain names. For example, you might receive an email claiming to be from “contact@example.com” where example.com is the domain name you own.
What should I do if I receive or am notified about a spoofed email?
The best response is to ignore it.
How can I avoid having my email address spoofed in the future?
Don’t publish your email address on your website, newsletters or public forums. Don’t submit your business card or email address to contest or giveaways. Avoid generic email addresses such as contact@example.com, admin@example.com.
There are a few technical protocols:
Spoofed emails are emails where the sending address was forged by the real sender. Unfortunately, this is fairly easy to do. The technical protocols used by email do not have a built in way to verify that the address given as the “from” address are truly sent from this address.