Nobody likes having an inbox full of crap, and most services nowadays are good at filtering out obvious messages you shouldn’t have to deal with, like those trying to extort you for money by teasing an even larger payout or those promising to increase the size of your chest and/or package.
But what if the person responsible for sending out the spam you’re getting is… you? Lifehacker reader Karen writes:
I receive an overabundance of spam/junk email. Most, I block. However, the tricksters have found a way to send it, using my own email address as the return address. Since I can’t block my own email address, how can I find the true address they are being sent from, in order to block them? I use Outlook for my “business” email.
How to… block… yourself?
What’s happening here is that spammers are spoofing your email address in an attempt to bypass any kind of spam protection you have. Unfortunately, depending on how your business’ spam protections are set up, this is actually a decently effective trick.
You didn’t provide a ton of details about what you do, but I think the first, best step is to go bug your IT team — if you have one — and get them to set up server-side rules that check to see if an email is being sent from outside your organisation but using your organisation’s domain as part of the sender’s (fake) email address.
That process isn’t really one I can speak to, as I’ve never done it, but your IT team should be able to set this up. Additionally, whoever is in charge of your business’ infrastructure will want to make sure they have set up SPF, DKIM and/or DMARC, which are all ways you can help establish that emails being sent from your domain are authentic (and emails you receive that are seemingly from your domain, but really aren’t, are correctly marked as spam).
If you own your own domain and your business is a company of one, it’s worth exploring what documentation your web host has on these three protocols. Your host might be able to spell out how to set them up in an easy-to-understand fashion, which could give you a great tool in your fight against, well, your self-spam.
Without Outlook itself, make sure you’re using the program’s spam-fighting capabilities to their fullest. In my version of Outlook, I can access the junk mail filter by clicking on the Home tab and the tiny Junk shortcut (to the right of “New Email” and “New Items”).
In the drop-down menu that appears, click on Junk Email Options and make sure it’s on, first of all, and set to a level you’re comfortable using. Definitely go “low” at least; consider “high,” but you’ll want to check your Junk Email folder from time to time in case anything legitimate gets caught up in the filter. You can also set it up so that only email addresses or domains on a whitelist can make it into your inbox, but that probably won’t solve your “sent from myself” issue, as it sounds like you don’t necessarily want to block your own email address.
While I’m thinking about it, check your sent folder to make sure that you aren’t sending out this spam to, well, yourself. I doubt this is the case but, if so, that’s a whole new problem: one that involves changing your passwords, disabling access to third-party apps that you’ve tied to your email account, et cetera. (In short, you’ve been hacked somehow, and spammers are actually blasting email from your address.)
You can try installing a third-party app like Mailwasher to help you deal with your spam issues. I haven’t used this one myself, but the free version is worth investigating to see if it can actually help you cut down on spoofed emails.
If you’re still having issues, you can also try creating a new email alias at your company. Filter any messages that come from your “old” email address into the trash, and only use this new email when you’re meaning to send messages to yourself. It’s a crude workaround, but a simple one.
Finally, if you’re a team of one and you’re just using your webhost’s email capabilities to receive messages for your business, you might want to consider contacting them to make sure you’ve enabled any and all spam protection for your domain. You can also consider setting up a service like Google’s G Suite for your domain.
It will cost you $US5 ($7) monthly, but Google’s built-in spam-fighting capabilities are pretty formidable, and you’ll still be able to use Outlook to view your emails if you want.