• Home
• Webmail
• Support
• Contact
• Blog
• My Account

Forged Spam

If Tiger Technologies directed you to this page, it's because you reported an e-mail message to our abuse department as being "spam" sent by one of our customers.

We take these complaints seriously and investigate each one, but in this case, the message wasn't actually sent by one of our users: it was sent by a spammer who forged the e-mail address of that user.

About forged addresses

Almost no spammer uses his own address when he sends a message, because that would allow ISPs to easily block the spam. Instead, spammers forge other people's addresses. They prefer to use "real" addresses from working domain names, because those are less likely to be rejected by spam filters than completely fake addresses.

Almost every piece of spam you ever receive has a forged "From" address.

How can someone forge someone else's e-mail address?

One of the flaws of the Internet mail system is that most ISPs allow any of their customers to send e-mail using any address they want. For example, with many ISPs, you could open your mail program settings and change the "From" address to be "president@whitehouse.gov", and every message you sent from then on would say it was from "president@whitehouse.gov". If you did this and sent spam, the "From" address would say "president@whitehouse.gov", even though you had no access to the U.S. President's mailbox and the President had nothing to do with the message.

In short, you can't trust the "From" address on a piece of spam, because the address that appears there can be anything the spammer wants to use.

This might seem surprising, but if you think about it, this is the same way paper mail works: you can send a paper letter that forges someone else's address in the top-left corner of the envelope, even if you don't have access to that person's house mailbox. If the letter was malicious, the recipient would probably realize that it didn't really come from the person shown as the "From" address on the envelope.

So Internet e-mail is no different than paper letters. It's just more of a problem because it costs spammers almost nothing to send a message. These forgeries are happening all the time; our "support@tigertech.net" address has often been used in the same way.

If your customer didn't send it, how can I tell who did?

There are several free services that will perform a detailed technical analysis of a spam message, telling you where it really came from (ignoring the forged "From" address) and automatically reporting it to the right party if you wish.

The most popular service (and one that we use ourselves) is SpamCop. It is extremely accurate at figuring out the real source of a spam message, and if everyone used it, there would be much less spam on the Internet. We strongly recommend using SpamCop to report the message you received — it will send the complaint to the ISP involved, and you should find that it does not send a report to us.