I recently switched my mail/domain from Google to name cheap. I’ve been keeping a critical eye on my junk mail as the spam filtering doesn’t seem as good.
I saw neat scam email from my own email adress. It was the usual “I am a hacker give me money” nonsense but the trick with them using my own email adress is pretty neat. I assume they’ve injected some sort of common replace string?
Just curious if anyone knows the trick here.
Update: followed the advice most of you have provided and spam mail has gone way down as a result. Leaving post here for the next poor sod who runs into these problems. Maybe Google will lead folks here instead of reddit.
Thank you kind strangers.
It is trivial to write a piece of software, or use existing email software, to forge the contents of the from: field in an email header. In fact, you can forge the entire email header if you feel like, and there’s really nothing stopping anyone from doing it. The header information which includes the alleged sender of the email is just plain text. You can fire off any email containing any header – forged or not – at any mail server and the data will at least get there. What the mail server does with it afterwards is up to however it’s configured.
There are various techniques that email providers and mail relays use to attempt to verify the integrity of email messages, including DKIM, reverse DNS or PTR record, and the Sender Policy Framework, and if any of these don’t check out the mail server may reject incoming messages or automatically divert them to spam folders. This isn’t foolproof, though, and some mail servers are more lenient than others. Many private mail servers are also misconfigured, or minimally configured, and allow pretty much any damn fool thing to get through.