How Can I Tell if an Email Is Spam?
Some spam is obvious (“I lost 30 pounds and made $24356 in five hours by taking this special
pill!”), but other messages are more subtle. A lot of spam relies oh “phishing,” in which a
spammer will try to make their email look like it’s coming from a legitimate source in order to get
your information. They may tell you to click a link that looks like it’s going to paypal.com, but
really goes to their PayPal-disguised site where you willingly type in your information. Luckily,
you can usually avoid those tricks by checking the URL and typing it in yourself instead. Be
careful, too—sometimes those links will cause you to unknowingly spam one of your friends,
too.
How Can I Find Out Why My Email Account Just
Spammed My Friends and Family?
Spam is a wonderfully curious thing. In most cases, its existence makes you wonder who it’s
targeting and what its goal could be. Maybe more than anything, it’s an annoying surprise when
a friend tells you they received spam from your email address. Let’s walk through how you can
track down the origin of a spam email and what you can do with the information.
Track and Block the Location of the Spammer
The first step to take is to find the sender’s IP address (this is sort of like an internet phone
number) by examining the header of the email. The header contains identifiers that will lead you
to where the sender is located. Most email programs hide this information from you by default
because most of the time, you really don’t need to know everything in the header—but it’s easy
to find. The header is the email’s history and lets your track everywhere the email went as if
you’re tracking a UPS package. If the email actually originated from your account, there’s still a
copy in your sent folder. If no copy exists on your end, have one of the people who received your
message forward the email back to you. Here’s how you find the header in most common email
programs:
Gmail: Select the spam message. Click the down arrow next to the reply arrow. Select “Show
Original.”
Apple Mail: Select the spam message. Click View > Message > All Headers.
Outlook: Double-click to select the spam message and open it in a new window. Click File >
Info > Properties. The header is displayed under “Internet Headers.”
Thunderbird: Select the spam message. Click View > Headers > All.
Yahoo!: Select the spam message. Click “Full Headers” below the email.
Hotmail: Select the spam message. Click the down arrow next to to the reply arrow. Select
“View message source.”
Most other mail programs have a similar method as those above. Once you have the full header,
look for the words “Received from” toward the top of the header. From there, you can track the
email’s journey through the internet. The top line is the origin of the email and it works its way all
the way to your IP address at the bottom of the header. The IP address will look something like:
93.178.70.221.
Now we’re going to figure out where that origin IP address is located. Head over to DNSStuff
and enter the IP address from the top of the header into the WHOIS field.
For the above IP address, we find information that this IP is registered to someone named
Vladimir Sherstnev in Russia. The search results also mention this is probably a forged IP
address, which means someone used it specifically to send out a bunch of spam emails to
people. In this case, it means the original location of an email was faked and poor Vladimir was
probably not at fault. If you like, you can report this address to the Internet Crime Complaint
Center. However, another possible origin address type exists: your own IP address.
Not long ago I received a spam email from my dad. It originated at 65.55.34.XXX, which is
owned by Microsoft. This makes sense because his address is a Live email account. In this
case, it means his account was either hacked or spoofed. Hacked means someone got his
password and went on a junk-emailing spree. Spoofed means someone is pretending to be him
(or you). So, what do we do now? We see which of those two happened.
Check Your Account Activity and Research Your Email Access
History
To check if your account has been hacked you need to look into the recent history on your
account. This is going to vary by email provider but here’s how to do it in two of the big ones:
Gmail: At the bottom of your inbox, click Details. This will open a pop-up window with the recent
IP addresses that have accessed your account (your current IP is listed on the bottom).
Yahoo! Click your email address > Edit my account, then “View your recent login activity.”
As far as I can tell, you can’t get this information in Hotmail. If you’re on a private server, most
webmail apps show your access history somewhere in the preferences panel.
If you see an IP Address that isn’t one of yours, (don’t forget you can search Google for “IP” to
get your current address) then your account and password were probably hacked. Change your
password and continue monitoring the logins to your account over the next few days. As
sunilsathees notes in the comments, you should also check your password recovery options to
make sure nothing was changed. If the hacker changes the recovery email to their own they can
still access your account even after you change the password. You can find these in the
Preferences section for most email providers.
You have a few ways to check if your account is being spoofed. First, do the same search as
above to make sure nobody is in your account. Next, check your forwarding options. Make sure
your email isn’t set to forward anywhere you didn’t set it to. It’s also a good idea to run an
antivirus scan on your computer. You can find our picks for Windows and Mac if you don’t have
one. If you’re using Gmail, look at your authorized sites to ensure no apps have access to your
account that aren’t supposed to.
Finally, retrace your steps. Did you click on a phishing link or reply to spam mail? If you did, find
that email again. Look at the complete header and track the information the same way you did
above. This doesn’t solve the problem, but it does give a face (or an IP address at least) to the
culprit. If its particularly irksome or continues to happen, report the address to your email
provider and have them investigate the address.
Protect Yourself and Your Friends from Future Spam
While it’s fun to play detective and picture yourself hunting down a crazed Viagra-loving
spammer, it’s easier to make sure it doesn’t happen in the first place. Brush up on your phishing
scam detection skills and your online fraud detection abilities. If you Gmail account was used for
spoofing or was hacked, you can take steps to make sure email that you actually sent doesn’t
look like it’s phishing.
It’s unfortunate that once you track down the IP address of a spammer you don’t have a lot of
options for taking action against them, but it is nice to see where it comes from.