With the way that SMTP works, anyone anywhere can specify any email address as their from address as long as they have a mail server that will allow them to do so. From address may be completely false or even non-existent.
Note: There is no way to prevent other people from using your email address when they are using a different mail server.
In general, there are two situations that can make you aware that your email address was spoofed:
- You receive bounce back emails or replies to messages you didn't send:
There is no way to prevent the bounce back messages from coming to you. If a message gets returned to the sender, it goes to the actual holder of the from address, regardless of who sent it. Similarly, when someone replies to a message, it always goes to the reply-to address.
- You receive messages with your email address in the from field (or in both to and from fields):
Make sure that your domain and/or email address is not whitelisted either in Outlook/OWA.
- Remove your domain from Advanced Email Security Safe Senders List.
Note: some spammers can specify you address as both from and to addresses, so you will receive the message in any case (even if it bounces).
Read the Wikipedia® article on Backscatter (e-mail) for more information about backscattering.
Read the Knowledge Base article on What is an SPF record? What do I need to do about it? for more information.
If you have upgraded to
- Adding your email to your mailbox filter
You can add email addresses to the Blocked Sender list for your personal mailbox. Using this feature, you can add your own email address to your block sender list. Please note that mailbox level white/black lists take precedence over server level lists.
An example would be if firstname.lastname@example.org is getting
spoof'd. He is getting mail in his inbox that appears to come from email@example.com. If he adds 'firstname.lastname@example.org' to his block list, the messages will be blocked (even if @domain.name is on Server Wide Safe Sender list).
Note: If you send mail from your Intermedia mailbox to yourself, the mail is not relayed via our mail filtering servers. It is delivered internally. This results in the message NOT being blocked by the SPAM Filter.
- Adding existing emails to Safe Sender list and blocking the domain
You are able to manage the account wide filtering. One technique you can use to block spam or spoofed emails is to block your own domain and then add all existing email addresses to the Safe Sender list. This will block any email that appears to come from your domain that is not a member of the Safe Senders list.
Note: This will not be able to block emails that appear to come from members of the Safe Senders List.