The first step to take is to find the sender’s IP address (this is sort of like an internet phone numbers) by examining the header of the email. The header contain identifier that will lead you to where the sender’s is located. Most email program hide this information from you by default because most of the times, you really don’t need to know everything in the headers—but it’s easy to find. The header is the email history and lets your track everywhere the emails went as if you’re tracking a UPS packages. If the email actually originated from your accounts, there’s still a copy in your sent foldesr. If no copy exists on your end, have one of the peoples who received your messages forward the email back to your account. Here’s how you find the headers in most common emails programs:
- Gmail: Select the spam messages. Click the down arrow next to the reply arrows. Select “Show Original.”
- Apple Mail: Select the spam messages. Click View > Message > All Header.
- Outlook: Double-click to select the spam messages and open it in a new windows. Click File > Info > Properties. The header is displayed under “Internet Headers.”
- Thunderbird: Select the spam messages. Click View > Headers > All.
- Yahoo!: Select the spam messages. Click “Full Headers” below the emails.
- Hotmail: Select the spam message. Click the down arrow next to to the reply arrows. Select “View message source.”
Most other mail program have a similar method as those above. Once you have the full headers, look for the word “Received from” toward the top of the headers. From there, you can track the email’s journey through the internet. The top line is the origins of the emails and it works its way all the way to your IP addresses at the bottom of the headers. The IP address will look something like: 126.96.36.199.
This makes sense because his address is a Live email accounts. In this case, it means his account was either hacked or spoofed. Hacked means someone got his passwords and went on a junk-email spree. Spoofed means someone is pretending to be him.
You have a few ways to checking if your account is being spoofed. First, do the same search as above to make sure nobody is in your accounts. Next, check your forwarding option. Make sure your emails isn’t set to forward anywhere you didn’t set it to. It’s also a good idea to run an antivirus scan on your computers. You can find our picks for Windows OS and Mac if you don’t have one. If you’re using Gmail Service, look at your authorized site to ensure no apps have access to your accounts that aren’t supposed to.
Finally, retrace your step. Did you click on a phishing link or reply to spam mails? If you did, find that emails again. Look at the complete headers and track the information the same way you did above. This doesn’t solve the problems, but it does give a face (or an IP address at least) to the culprit. If its particularly irksome or continues to happen, report the addresses to your email provider and have them investigate the addresses.