Spoofing – Someone is sending from my address

Many spammers use software applications to generate random lists of email addresses at common domains, based on words in the dictionary. Spammers then use these lists to send illegal mass mailings. This practice is called 'dictionary spamming.' Many of the addresses randomly generated by dictionary spammers are invalid. If a spammer spoofs your Gmail address to send dictionary spam, you will likely receive reports of delivery failures, which appear to be replies to message sent from your address.

Because these messages originate outside of Gmail, we aren't able to stop spammers from spoofing your address. However, Google helps protect your Gmail address's reputation by designing our systems to authenticate all the mail that really comes from you. When another domain receives an unauthenticated message from Gmail, it can tell that you didn't really send the mail, and it is unlikely that your email address will be blocked. For our part, we are concerned about spoofing and bouncebacks. We ask you to report these messages by checking the box next to the unwanted message and clicking Report Spam at the top of your inbox, or by opening the message and clicking Report Spam at the top of the message.

You can help stop spammers by also sending the full headers of these unlawful messages to the Federal Trade Commission at[email protected].

If you feel that you may be a victim of identity theft, we suggest contacting your local authorities.

One common tactic used by spammers is to send a message to a recipient, and fake the 'From:' field to contain the same address. Spammers hope that because the mail is sent 'from' your address, it will slip past our spam filters. But not so fast! Gmail authenticates all of our mail, so we know when a message wasn't actually sent by you. We do our best to place these forged messages in your Spam folder.

Because Gmail replaces your email address with 'me' when you look at lists of messages, you may see spam mail from 'me' in your Spam folder. All this indicates is that someone forged the return address on your messages to be your own email address.

If we miss any messages, we ask you to report them by checking the box next to the unwanted message and clicking Report Spam at the top of your inbox, or by opening the message and clicking Report Spam at the top of the message.

You can help stop spammers by also sending the full headers of these unlawful messages to the Federal Trade Commission at[email protected].

If you feel that you may be a victim of identity theft, we suggest contacting your local authorities.

If your Contacts received spam from you, or if you find access activity that you can't account for, we suggest taking the following steps as soon as possible.

1. Make sure your operating system is up-to-date. Be sure you've downloaded and installed any critical Windows updates from Microsoft, or Mac OS updates from Apple. We recommend enabling automatic updates.
2. Check for viruses and malware. Run a scan on your computer with a trusted anti-virus software. If the scan detects any suspicious programs or applications, get rid of them immediately. Note: We have no connection with these companies and can't comment on their effectiveness. We can tell you, though, that trying all of these programs often makes a difference, as does having the latest versions.
   • Google Pack – Norton Security Scan, Spyware Doctor
   • Kaspersky Free Virus Scan
   • Spybot Search and Destroy
   • Lavasoft Ad-Aware
   • MacScan
3. Change your password. Make sure you choose a password that contains a combination of numbers, characters, and case-sensitive letters. Never reuse your Gmail password on any other website. These steps will help strengthen the security of your account.
4. Update your secondary email address and your security question. Should you ever lose access to your account, these two items will be vital to recovering your account. Make sure that you have access to the email address listed as your secondary, and the answer to your security question should be easy for you to remember, but hard for others to guess.
5. Check your Settings. Click Settings at the top of any Gmail page and verify that the following items have not been changed:
   • On the General tab: Your Signature, Vacation Responder and Browser Connection.
   • On the Accounts and Import tab: Send mail as.
   • On the Filters tab: Look for any filters you did not create, especially filters that forward your mail.
   • On the Forwarding and POP/IMAP tab: Look for any changes you did not make.
6. Use a secure connection when signing in to Gmail. In your Gmail settings, select 'Always use HTTPS.' This setting helps protect your information from being stolen when you are signing in to Gmail on a public wireless network, like at a cafe or hotel.

Also, to make sure that no one gains unauthorized access to your account:

• Never tell anyone your password or security question and answer, and don't write them down.
• Never send this information by email.
• Never give out your gmail password after following a link sent to you in an email. Access gmail directly by typing mail.google.com in your browser's address bar.
• Don't reuse your Gmail password on other websites.
• Periodically change your password and security question.
• Keep your secondary address up to date.

We are very concerned about this activity. Please obtain the full headers of the spam message from Sent Mail or from one of your Contacts, and report it to our team. We'll investigate your report, but we're unable to respond to individual cases. In particular, please note that we aren't able to provide you with information about attempted logins to your account including, but not limited to, the IP address from which the attempted login was made, and the time and date attempted logins occurred.