Active discussions

Meet the Other Phone. Flexible and made to last.

Meet the Other Phone.
Flexible and made to last.

Buy now

Please or to access all these features

Talk
Geeky stuff
Original poster

Spam emails - how do they know so much about me?

12 replies

MaggieW · 15/01/2010 09:32

I've noticed the emails which go into spam have titles which show that they obviously have info about us which they're using to entice us to open their emails. Things such as DS's names, the country I was born in (and which I email a lot too) and various other bits and pieces. I know there's little I can do but how do they do this without having access to my laptop?

OP posts:
BadgersPaws · 15/01/2010 10:15

This can happen in a number of ways.....

The worst case is that you've got some spyware on your machine that's watching what you're up to. Download the following to check if anything that bad is going on:
www.lavasoft.com/single/trialpay.php

Another bad possibility is that your email has been hacked, so it might be worth changing it's password.

Thankfully both of those are not the most likely issue, but do check them.

What is possibly the most likely thing to have happened is that some company has shared your details with advertisers. This is either because they're a bad company or because you didn't click the little box telling them not to use your details for advertising, or didn't unclick the little box which gave them permission. Watch carefully what happens when you give your details out.

As a general rule of thumb also never put your email address anywhere on the internet where people can read it, a spammer will find it.

Also try to never open spam emails and if you can set your email program to never download images unless you tell it to do so. Downloading images can tell the spammer that the email address is real and that someone has read the message. Similarly never reply to a spam email asking to be taken off of the list, it too alerts the spammer that the address is real.

So there's many things it could be.

Check your machine is clean and be very careful with your details online. Unfortunately now that your details are out there there's not a whole lot you can do other than to get a new email address and ignore the old spammed one.

gorionine · 15/01/2010 10:17

Badgerpaws, you seem to know a lot, could you tell me how I get spam with my own email address as the sender?

gorionine · 15/01/2010 10:18

Sorry , baddly worded and confusing. I get spam which has my own email address as the sender, how does that happen?

CruelAndUnusualParenting · 15/01/2010 11:56

In the real world anyone could put a letter in a mailbox with your name and address as the return address on the envelope and the header on the letter claiming to come from you. Email is no different in that respect.

BadgersPaws · 15/01/2010 12:09

With email through the internet there's no security on the address that an email claims that it's from.

You have to have something in there, but that something could be anything.

So if you're a spammer and you've already got the address to send it to you might as well use it again as the address that the email is from.

liamsdaddy · 15/01/2010 13:20

If you want to know where an emails purportedly from you really came from, it's worth trying to read the email headers.

Not all email clients support this, and there is various ways of getting the information depending on the email client.

As an example, a spam email sent by myself to myself (note: my real email address is replaced by in this)

The actual sender (111.68.49.115) was somewhere in the Philippines, probably a web cafe.

Delivered-To:
Received: by 10.204.115.147 with SMTP id i19cs184630bkq;
Thu, 14 Jan 2010 19:32:05 -0800 (PST)
Received: by 10.213.0.151 with SMTP id 23mr305384ebb.43.1263526323432;
Thu, 14 Jan 2010 19:32:03 -0800 (PST)
Return-Path:
Received: from ?111.68.49.115? ([111.68.49.115])
by mx.google.com with ESMTP id 1si17306580ewy.53.2010.01.14.19.31.59;
Thu, 14 Jan 2010 19:32:03 -0800 (PST)
Received-SPF: softfail (google.com: best guess record for domain of transitioning does not designate 111.68.49.115 as permitted sender) client-ip=111.68.49.115;
Authentication-Results: mx.google.com; spf=softfail (google.com: best guess record for domain of transitioning does not designate 111.68.49.115 as permitted sender) smtp.mail=
Date: Thu, 14 Jan 2010 19:32:03 -0800 (PST)
Message-Id:
From: VIAGRA (c) Best Supplier
To:
Subject: Visitor xxxx's personal 80% OFF

liamsdaddy · 15/01/2010 13:49

Forgot to also post, if you want to backtrace the IP address you can use a whois service whois.domaintools.com

Oh, and you can generally configure your email client to state a different "Sent From:" from the actual one you are using.

Depending on the ISP you are using, they may or may not bounce your email. Some ISP's don't allow falsifying of Sender.

gorionine · 15/01/2010 16:42

I am a bit of a technophobe and the only advice I understood is "If you want to know where an emails purportedly from you really came from, it's worth trying to read the email headers." I guess I will try that then, thank you liamsdaddy.

WebDude · 15/01/2010 19:28

gorionine - don't worry about the headers - it really isn't likely to help you too much - the biggest problem is more likely to be information which might have been left publically available, for example displayed on something like Facebook -

and even though names aren't displayed, it's surprising how much info one might spot from someone's MN profile - eg ages of children - or what someone posts - eg "I have a 12yo cat called Sophia" (I hastily add that "Sophia" is not part of any password of several dozens I use)

WebDude · 15/01/2010 19:39

Another aspect (re mail accounts being hacked) was reported on the BBC (actually, a reporter fell into the trap, too), where someone was sent a message on the lines of "Ha, Ha, saw a funny video of you - check "

The web address was for something looking like a video clips website, but then needed to register. Unfortunately he (like many people) used the same password and e-mail address as he used for his personal e-mail account, and that meant that the info allowed someone unknown to login as him, and examine e-mail he had.

From that it would be possible to know which bank(s) he used, and plenty more. Obviously one hopes that extra security questions are not easily answered when trying to break into other accounts, but a common password is a big part of the problem. I have upwards of 150 accounts on different services and pretty much every one has a different password (I use part of the date and part of something else) and different e-mail addresses.

I know it is difficult, but sometimes it is worth having a second (and even a third) free mail account so you can have the most important services (like mail from your bank) separate from mail address you enter on web sites you try out "on a whim". That way you know that you have reserve methods of contact (but make sure they have different passwords, with a mix of letters, including some CAPITALS, numbers, and the odd hyphen or full stop, if allowed)

CruelAndUnusualParenting · 15/01/2010 21:05

Also useful for keeping different passwords for different sites is a "password safe" type application, such as KeePassX. This keeps your passwords in a password protected database, so you only need to remember the password for the database. It also includes a password generator that will generate a different password for each site.

CruelAndUnusualParenting · 15/01/2010 21:05

Also useful for keeping different passwords for different sites is a "password safe" type application, such as KeePassX. This keeps your passwords in a password protected database, so you only need to remember the password for the database. It also includes a password generator that will generate a different password for each site.

New posts on this thread. Refresh page
Swipe left for the next trending thread