'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
us Technology & digital loss spam from my email • emails sent i didn’t send • my email was hacked • account takeover email • email address spoofing • someone is impersonating my email • hacked mailbox • suspicious sent emails • unexpected bounce backs • my contacts got spam • my email sending junk • email forwarding rule added • mailbox rules changed • compromised email login • email security breach • someone logged into my email • i didn’t send these messages • gmail sending spam not me • outlook sending spam not me What to do if…
What to do if…
people report receiving spam from your email address and you did not send it
Short answer
Assume either your email account is compromised or your address is being spoofed. First, regain control of the account (or start provider recovery) and lock it down with a new password plus MFA.
Do not do these things
- Don’t reply to the spam messages or click links/attachments “to see what it is”.
- Don’t trust inbound calls/texts claiming to be “support” asking for MFA codes — never share verification codes.
- Don’t install remote-access apps or screen-share with unsolicited “support” while you’re panicking.
- Don’t delay because you think it’s “probably spoofing” — check your account rules/forwarding and sign-in activity first.
- Don’t keep reusing the same password on other sites after this.
What to do now
- Stop using the account for anything sensitive for the moment. If someone is inside, they can see password resets, replies, invoices, and payment details.
- If you can still sign in, secure the email account right away:
- Change the password to a long, unique one.
- Enable MFA on the email account.
- Use your provider’s security settings to sign out of all other sessions/devices.
- If you can’t sign in (or settings keep reverting), switch to recovery mode:
- Use your provider’s account recovery steps (or their support process) to regain control.
- Once back in, immediately change the password, enable MFA, and sign out other sessions.
- Look for takeover settings inside the mailbox (common and easy to miss):
- Check forwarding addresses you didn’t add.
- Review filters/rules that auto-forward, auto-delete, auto-archive, or mark messages as read.
- Review connected apps / third-party access and remove anything you don’t recognize.
- Check recovery email/phone details and remove anything you didn’t set.
- Confirm whether messages were actually sent from your account:
- Check Sent, Outbox, and Trash/Deleted.
- Review recent sign-in activity (locations/devices/times) if your provider shows it, and note anything unfamiliar. (Some providers show limited detail — don’t treat missing logs as proof nothing happened.)
- Protect other important accounts that use this email for password resets:
- Change passwords (starting with financial accounts) and enable MFA where available.
- If you reused the email password anywhere else, treat those accounts as exposed.
- Warn people without amplifying the scam:
- Use another channel where possible (text/phone/another email) to tell key contacts: “Don’t open recent unexpected links/attachments from me, and don’t act on ‘new payment details’ or invoices from me without verifying by phone.”
- Report if there’s fraud, money loss, or a serious scam trail:
- File a report using the Federal Trade Commission (FTC) online fraud reporting tool.
- If this involved payment requests, gift cards, crypto, wire transfers, or significant losses, file a report with the FBI Internet Crime Complaint Center (IC3).
- If you use a custom domain (your own domain / business email):
- Contact whoever manages your email/domain hosting today and ask them to review mail logs and anti-spoofing controls (SPF, DKIM, DMARC). If it’s spoofing, this is often the key fix.
What can wait
- You don’t need to determine the exact cause (phishing vs. breach vs. device issue) before securing the account.
- You don’t need to notify everyone at once — focus on people most likely to click/pay/respond.
- You don’t need to do a full device overhaul immediately; prioritize account recovery/lock-down and rule/forwarding checks first.
Important reassurance
This is a common pattern and usually comes down to either account takeover or simple spoofing. The steps above are the right first moves either way: they stop ongoing access, reduce further spread, and protect your other accounts.
Scope note
These are first steps for stabilization and harm prevention. If you find ongoing access, you may need provider-led recovery and deeper cleanup later.
Important note
This is general information, not legal, technical, or financial advice. If there’s confirmed financial loss, sensitive work data exposure, or ongoing impersonation, consider getting professional incident-response help.