You receive a spam message and it looks as though the author is you, even though you never sent the message. Why does this happen?

Answer

First, please do not worry that someone has access to your account. That is very unlikely unless you have given your password to someone or re-used your password on another site. You should never give your password out, even if you receive an email that appears to come from the university asking for your password. Any such email is a fake and should be deleted. To be completely sure however it is recommended you change your password.

Assuming you have not told anyone your email password then the spammer is using a new trick that has become more popular for spammers in recent times. First it needs to be said that it is extremely easy for a spammer to put any address they like into the 'From' field. The new trick is to put the recipient's name into the from field. This has a good chance of getting past spam filters because 1) the address definitely exists and 2) we can't really blacklist our own address.

Unfortunately there is no way to stop this. It is not related in any way to your computer system or any computer system of the University of Warwick. Rather it is due to the fact that when email was invented in the 1960s is was designed to be very robust (its aim being to allow government officials and scientists to communicate during and after a nuclear war) but security was not a priority.

To be clear the spammer probably sent out many thousands of these messages on that day alone. Each recipient of the message will have seen the message as coming 'from' their own address.

There are companies such as Yahoo, Google and Microsoft that are working on more secure versions of email. To date however they have not been able to agree on a system, nor to create a new system that is compatible with current email systems.