Quote:
Originally Posted by optimalwebsite
But how is it possible to send the email from the user's own email address?
Warm Regards,
Joel
|
They might be sending the email from the users email software correct? There is no guarantee at this point that they are hijacking your email address although it is possible.
If your website allows people to send email it could be a breach on the website. If your computer is infected with malware your friends computer could be sending out email on his behalf.
Sometimes people don't set the mail server software up securely either. They will accept email from anybody without attempting to verify who that person really is. In which case it would be wise to make sure you are authenticating ( requiring the email server asks for a login and a password ) before the email is sent out. Outlook and Mac Mail will have a settings checkmark which will allow you to turn it on or off... if you can turn it off then other people can pretend to be you and send email to your server because you haven't protected it with a password.
The other option is to use SPF records in your dns record. It takes idenitity verification one step further and attempts to validate where the email orginated from. If it did not orginate from your domain and the email is said to have come from your domain when it was sent out via another method the mail will get rejected.
Spammers don't like having thier emails rejected and this can help them look elsewhere. Additionally the servers which do use SPF will prevent those spam emails from getting through.
These are all things your host should be able to help you out with. I am not an expert on it... I only know that if I wanted to forge an email so it looked like your email adress sent it I could. I would just type your email adress into the "from" field when I sent the email to the mail server for delivery.