Spam from yourself, easy Windows 10 shortcuts
November 23, 2019
Have you ever received an email that looked like it came from you but you didn't send it? Self-spam is happening a lot now and it's usually tied to a blackmail or shaming scheme. Forging, or faking, an email address is called spoofing. And it's easy.
Most email systems don't have any security checks to make sure the person in the email's "From" line is who they say they are. With billions of email addresses and thousands of email servers all over the world, it is impossible to verify that "From" address. All an email scammer/blackmailer needs to spoof you is your email address, which they can buy from any of the many data breaches that make the news. Then they forge your email address onto their spam or blackmail email and off it goes, straight to you. And from you, too.
But why? For two reasons. First, if the email seems to come from you, it will get through any spam filters you or your email provider may be running. After all, who is the person least likely to send you spam, but you?
The second reason comes back to that blackmail or shaming scheme. They send an email TO you, that's also FROM you, and then claim it as proof they've compromised your account and possibly your entire computer. They also may claim to have evidence of you doing something wrong on your computer that they will send to everyone you know and even the police. Of course, they always want money to make the problem go away.
The good news is all they have is your email address, nothing else. And it's not just your email address; they probably bought thousands or hundreds of thousands of email addresses to scam/blackmail.
We do have tools to combat this self-spam problem. The first tool is the Sender Policy Framework (SPF.) SPF works with the Domain Name System (DNS) on the receiving email server to match the sender's SPF record to its DNS record. But this doesn't solve the problem because SPF records are not well maintained. Remember, billions of email addresses and thousands of email servers.
The next tool is the Domain-based Message Authentication, Reporting and Conformance (DMARC) system. DMARC uses SPF and adds checks for alignment between the sending email server and the address in the "From" field. Even though Microsoft, Google and others helped write DMARC, it isn't widely implemented. While DMARC protects Outlook.com and Gmail.com email addresses, only a fraction of the Fortune 500 companies have implemented DMARC on their email servers, probably because they don't want to risk not delivering a critical message.
For now, there's no way to prevent scammers/blackmailers from spoofing your email address. If your email system uses SPF and DMARC, the scammer's/blackmailer's emails will go straight to your Junk or Spam folder.
If a spoofed email does get through, ignore it completely. But first mark it as spam or junk and empty your spam/junk folder. And don't ever click on any attachments or links in the scammer's/blackmailer's email.
Easy Windows 10 shortcuts
Many tasks are better and easier in Windows 10, but creating shortcuts isn't one of them. You can still create shortcuts to applications, files and even websites on your desktop but just not the way we used to.
To create an application shortcut, click the Start button and scroll through the app list for the app you want to shortcut. Now, drag the app's icon from the Start menu onto your desktop and release it to create your desktop shortcut.
Open File Explorer and find the file or folder you want to shortcut. Hold down the Alt key on your keyboard while dragging the file or folder to your desktop. When you see "Create link in desktop," release the mouse button.
Note: If you forget to hold down the Alt key, Windows will move your file or folder to the desktop instead of creating a shortcut.
In Google Chrome or Mozilla Firefox, create a website shortcut by dragging the padlock icon from the address bar to your desktop.
The current version Microsoft Edge doesn't support this, but Microsoft's new version of Edge does and it's coming soon.
Do you have a computer or technology question? Greg Cunningham has been providing Tehachapi with on-site PC and network services since 2007. Email Greg at firstname.lastname@example.org.