The first time it happened, you were probably confused and even a bit curious, especially if you were not aware of this phenomenon of self-sent spam.
The first time it happened, you were probably confused and even a bit curious, especially if you were not aware of this phenomenon of self-sent spam. A message appears in your e-mail inbox with your own e-mail address as the sender of the message, but you are pretty sure that you did not send yourself an offer for a rock-bottom mortgage rate or secrets to making millions on eBay. So then, what s happening?
It s not because a spammer has hijacked your e-mail account and is spamming the world using your identity but because the spammer is disguising the true sender of the e-mail with a different address, a process called e-mail spoofing, to target you specifically. In e-mail spoofing, the sender manually constructs the e-mail header and chooses which information (your e-mail address as the sender, for example) to include.
Why do the spammers do this? To get you to read the e-mail and/or click on the hyperlinks contained in the e-mail, of course. Sometimes the spammers want you to buy the products they are peddling; sometimes they want you to click on the link contained in the e-mail, which signals them that their e-mail message received a live account with a curious human at the other end, and they can then sell your e-mail address to other spammers as a potential audience for more spam from a different source. Sometimes it is for both these reasons and also to bypass filters set up through the e-mail client. Most people don t even think about having to filter out e-mails sent to themselves from themselves.
Self-sending spam relies on human nature. A 2002 study by Hamilton, Ontario s McMaster University revealed that e-mail s containing shared names of the recipient had an emotional appeal that caused the recipient to read the e-mail in greater numbers than e-mail that came from sources that did not share a name with the recipient. Also, human curiosity compels the recipient to want to know how he has sent himself a spam e-mail, resulting in the recipient of self-sent spam to read the e-mail to investigate.
For those who want to go after the spammers, this link explains how to read the header information for the more popular e-mail clients.
This article was originally published on December 10, 2003