I doubt very much that anyone has "hacked" you. They have, IMHO, gleaned your address and those of other regular correspondents and are using them in messages. Inspection of the message "source" using ctrl-u usually reveals that the message came from a third-party's computer.

Changing your email password and your wi-fi key won't do any harm, but I doubt that either of these was an actual point of entry. If you have ever received a "round robin" kind of message with all the addressees shown in the clear, then you must assume that all of the addresses mentioned in it are now "in the wild" and are being passed from spammer to spammer.

Hello Zenos,

Thanks for your reply, especially the ctrl-u tip which shows who sent it, though I don't know how to follow it up.

Can you explain how someone is able to send out stuff using my email address as the supposed sender - and how to prevent him from continuing to do it as often as he wants? I seem to be in a vicious circle from which there is no escape.

Regards,

Geoff

Would changing my service provider disarm the spammer? And if so, how could I avoid being spammed in future?

Geoff

Thunderbird doesn't encourage you make up or insert borrowed addresses, but not all mail clients are so scrupulous. (You can make it use a false From: address by way of identities…but my smtp server is still evident in the source listing when I tested it.) And spammers don't use regular email clients; they have their own tool kits, webservers, "owned" computers and so on. Unfortunately, it is trivial to write an email client to send using false credentials. Email

You can no more stop spammers from using your email address than you could stop someone sending a letter through the post that claimed to be from you. :-(

Some people take the view that all email addresses ultimately become despoiled after a period of use, so they'd abandon an address and start up with another. However it can be very disruptive to change a long-standing email address, and if you've paid for one on your own domain, you are not going to want to throw it away.

Wait it out; it's likely that your address is currently in circulation, but will be retired in due course.

Returning to the point about viewing the message headers in the source: when you send through your ISP, there usually is a predictable hand-off of the message from one server to the next. First there is your computer, then one or more servers at your ISP and mail service, then one or more servers at the recipient's mail service. Messages with a "spoofed" sender address will not match the pattern: the initial servers usually will be completely different than yours often not even in the same country. If you can tell that your mailing list members are getting messages from a spoofed sender, then you can assume that they are not coming from your system or your mail account.

Thunderbird supports signing your email messages with an S/MIME certificate. This is a way for the recipient to know the message is really from you, since you keep this certificate confidential. If you can't stop your list members from getting fakes, at least you can add this indication of authenticity. Although S/MIME certificates for business charge an annual fee, they often are free for personal use.

More info: Installing an SMIME certificate - MozillaZine Knowledge Base

Sad to learn that the cards are evidently stacked in favor of spammers and against the average innocent user, and that there is no simple and guaranteed effective counter to spamming. I am beginning to think it would be less stressful to abandon email altogether and go back to the worry-free days of snail mail. Geoff

Pretty funny. A thread about spammers and one shows up with their bogus software. Like a bee to honey.