How do I keep from receiving spam that is using my email address?

[un-z]

Somehow spammers are using my email address as both the sender and receiver
on their spam--advertisements, please click on link, etc. I cannot figure
out how to stop them from doing this. Because I have had to list my email
address as "junk mail," my junk mail folder is full of these each day. Also
I have to relocate any email that I forward to myself individually. Can
anyone tell me how they do this and how to block it? Thanks.

 

[Vince Averello]

Not much you can do since you'd end up blocking something legitimate
eventually.

 

[Joe Grover]

There isn't anything you can do. The way SMTP works there is no default way
to ensure that every sender is who they say they are.

You can contact your email provider and ask them if they have SPF set up in
their DNS (which is a record on the DNS server saying "Hey, if you get mail
saying it's from us, but it's not from these hosts, then it really isn't
from us"), however there is nothing forcing other networks to perform SPF
lookups, so if your provider does have them, and the spammer sends mail to a
network that doesn't do SPF checks (which a great many do not) then they'll
still accept the email.

One of the larger things that needs to be done is mail administrators should
be configuring their servers not to accept messages and then decide they
can't deliver them. You're getting spam bounces because of a lazy (or
inexperienced) mail administrator.

 

[VanguardLH]

Somehow spammers are using my email address as both the sender and receiver
on their spam--advertisements, please click on link, etc. I cannot figure
out how to stop them from doing this. Because I have had to list my email
address as "junk mail," my junk mail folder is full of these each day. Also
I have to relocate any email that I forward to myself individually. Can
anyone tell me how they do this and how to block it? Thanks.

Do you often send e-mails to yourself? If not, create a "me in From"
rule that looks for your e-mail address in the From header. If there,
delete that e-mail or mark it as read and move it to the Junk folder
(where you can enable auto-archive to permanently delete items over N
days old).

By moving it to the Junk folder, you have the option of capturing false
positives if you inspect that folder at an interval less than what auto-
archiving uses for the expiration interval. By marking it as read, you
aren't bothered with seeing your Junk folder in bolded font. By using
auto-archive to permanently delete items older than N days, you have
that long to check for false positives but that folder remains
relatively clean because nothing over N days old will remain in that
folder.

If you do occasionally send yourself test e-mails or want to sometimes
copy yourself on an e-mail, create a "Global passcode" rule that looks
for a special string (aka passcode) in the Subject header. When the
passcode is found, the rule leaves it in the Inbox (the rule has no
action other than using the stop clause). This rule must be prior in
the rules list than the above "me in From" filter-out rule. When you
send these test e-mails, append the passcode to the Subject. Since this
rule is triggered first, its stop-clause prevents getting to the
following "me in From" rule, so your test mail stays in your Inbox. In
fact, if you have some very critical e-mails, you could give out this
passcode to other senders to guarantee their e-mails bypass all your
anti-spam rules and their message remains in your Inbox. You could go
even further and give out your e-mail address which includes the
passcode in your e-mail address (as part of the comment field, like
"Dave Smothers ##UNZ74 <youremailaddrs>") so others will have it saved
when they save your e-mail address. But you would need a "Recipient
passcode" rule that looks for the passcode string in the recipient's
e-mail address (i.e., in the To/Cc headers). If they just use your
e-mail address (i.e., without the comment field) then the passcode will
be missing; however, you should already have a "Known good sender" rule
that checks if the sender is in your contacts folder (Outlook only
permits one contact-type folder can be specified so you need N of these
"known good sender" rules, one for each of your N contact-type folders
that you want to whitelist the sender). This "known good sender" rule
is only needed in OL2002, or earlier, since I recall a Safe Senders
option in OL2003+ that has an option to include those listed in your
contacts. If the passcode ever gets abused, you can easily change it in
your rule(s). The passcode is any string not likely to show up in the
Subject (or To/Cc headers). Use something like "##inits-byear##"
(example only) where inits are your name's initials (which could even be
in reverse order) and byear is the last 2 digits of your birthyear. I
keep mine relatively short (I use the doubled leading special characters
as a delimiter, no trailing delimiters, and my passcode is just 3 or 5
characters long [as I have 2 of them for different purposes]). How
often have you ever seen a received e-mail that had, for example, a
"##UNZ74" string in the Subject header?

- You filter-out e-mails from known bad senders (a blacklist rule). You
may have a sender in your contacts to record them there but perhaps
you never want to get e-mails from them, so this rule goes before your
"known good senders" rule.
- You filter-in any e-mails from known good senders (those you added to
your contact-type folders).
- You first filter-in any e-mail that is passcoded.
- You filter-out any that show you as the sender.

Each of these rules employ the stop clause since you don't want any
further rules to exercise against the same e-mail which could cause
unwanted side effects.