Understanding Email Spam: Delivered Addresses vs. Displayed Addresses

Have you ever received a suspicious spam email on your Gmail account, such as those related to insurance or car services? Upon looking at the 'CC' and 'BCC' fields, you noticed that the addresses seem to be similar to your own, but with '' instead of ''. How is it possible that such messages reach you?

What's Happening with Spam Emails?

This phenomenon is quite common, and it's important to understand the underlying mechanics of how emails are delivered. Email messages contain three main types of information:

The part you see, often referred to as the headers. The part that tells your email client what to show you, also part of the headers. The part that tells the mail servers how to deliver the messages.

In a 'well-behaved' email message, all these parts are consistent with each other. However, when it comes to delivering the message, the Simple Mail Transfer Protocol (SMTP) only cares about the delivery information—the addresses that specify the sender and receivers. This is akin to how an envelope on a physical letter contains the addresses to send and receive the letter, whereas the content of the envelope is what you see when it arrives.

How Scammers Trick You

Scammers can craft emails that show different addresses in the visible content, but use your address in the invisible delivery information. Just like you might write a letter to a friend but accidentally seal it in the wrong envelope, scammers can send emails with specific addresses in the visible fields but your address in the delivery information. This trick is widely used in phishing and spam emails.

Show Source in Your Email App

To see the actual addresses used for delivery, most email apps have an option to 'Show Source' or 'Show Original.' This feature displays the 'message headers,' which list the actual addresses involved in the delivery along with timestamps and security information from all the servers that handled the email along the way. Most modern servers also try to examine the message and add a 'spam score' based on their evaluation of its legitimacy.

Protecting Yourself from Spam

If you suspect that you are a recipient of such fraudulent emails, it's crucial to take immediate action. Here are some steps you should consider:

Change your password. If any service related to your email connects with sensitive material (like your bank account), change it right away. Run a program scan to look for malware.

Common Signs of Fraudulent Emails

The emails you receive are often bcc’ed to you, so you don't see the bcc addressee. The main and cc addresses might look similar to yours but with '' instead of '' Some email addresses may have an 'at' symbol in an obscure location, and the domain ending may be 'com.mio,' which stands for 'maritime indian ocean.' Unfortunately, there are currently no countries within this territory, making it a red flag for spammers.

The senders of these emails typically claim to be from reputable companies like Kohls, Ace Hardware, Walmart, Liberty Mutual, etc. They often offer rebates, prizes, discounts, or raffle winnings. However, all of these offers are fake. Subsequently, you should never open or respond to such emails.

What About Reporting the Spam?

If you have been unable to find help in stopping these types of emails, it might be necessary to report them to the appropriate authorities. For instance, you can report the emails to your email provider, such as Google, or contact your local cybersecurity agency. While you may have tried to report such incidents for over a year without success, it's important to continue trying and to inform friends and family about these scams.

By understanding how spam emails work and taking proactive measures to protect yourself, you can significantly reduce your risk of falling victim to these scams.