I just received a pretty alarming extortion email that appeared to come from my own email address. After some digging, I learned that this is a common scam where someone spoofs your email. The weird part is that it doesn't show up in my Sent folder, which got me wondering if there's any way to be alerted if someone decides to use my email to send messages to others. Can anyone help with this?
3 Answers
The email wasn’t actually sent from your account. It's a lot like someone using your address as the return address on a letter. You can't stop people from spoofing, but it doesn't mean they accessed your account or anything like that.
There isn't a direct way to find out if someone is spoofing your email. Spoofing allows someone to fake your address without actually using your account. To help prevent this, you can set up SPF, DKIM, and DMARC records which can flag or block spoofed emails but it requires some technical work on your email server.
You might receive something called "backscatter"—that's an error message saying that an email couldn't be delivered, even if you didn't send it. But if an email is delivered in your name, there’s generally no way to know. Just be aware that some email clients, like Outlook, don’t make this easy to track.
If you do get an error message, you’ll usually find it in your inbox, not the Sent folder. It might appear as a notification or just show up in your regular email list.