Wait! That Email Isn’t ‘From’ Me

Leo explains how easy it is to manipulate the email ‘From’ line.–PC Pitstop.

Wait! That Email Isn’t ‘From’ Me

By Leo Notenboom

Question:OK, I know that spammers can send email spoofing the “From:” address to make it look like it came from me. But how? How do they gain access to my account to do that?

They don’t.

“From” spoofing means faking the “From:” address on an email to make it look like it came from you, and to do it, spammers don’t need access to your account at all.

In fact, I’d say that 99.99% of the time it has nothing at all to do with your account, and your account is quite safe.

They only need your email address.

While your email account and your email address are related, they are not necessarily the same thing.

Accounts versus Addresses

Let me say that again: your email address is one thing, and your email account is another.

Your email account is what you use to log in and gain access to the email you’ve received. In most cases, it’s also what you use to log in in order to be able to send email.
Your email address is the information that allows the email system to route messages to your inbox.

The two are related only to the extent that email routed to you using your email address is placed into the inbox accessed by your email account.

I have a more detailed article discussing the relationship here: What’s the Difference Between an Email Domain, an Email Account, and an Email Address?

To see how spammers get away with what they do, we start with a look at sending email. Article continued here

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles