Recieved a spam email from myself

Joseo wrote:

thank you for your reply. So, is there a way to “clean” it? How did they get access to my Contact Card and Photo and “username”? And what does that mean?

I will appreciate your thoughts. Thank you!

I’m interpreting that to indicate that you might not yet fully realize how completely and utterly unreliable mail sender information is.

You know this case is a spoof, but it certainly worked wonders for your fear and your concern.

But this mess gets much uglier. Imagine you’re a finance person and a spoofed-sender email message from Your Big Boss arrives demanding your employers’ business—money that you hypothetically control—be transferred to [account], and you’ll hopefully now get some idea how some other scams here can work.

After the Yahoo security breaches years ago, I started received occasional mail messages from a friend. We’d exchanged a lot of mail over the years. That particular sender spoof was very easy to recognize though, as my friend had sadly died.

Again, you did not send this mail message, nothing here got hacked, and there’s nothing—beyond deleting this spoofed message—to clean up.

There are ways to somewhat reduce the exposure to these shenanigans, such as macOS Mail rules that detect and flag these cases, or by setting up signing and encryption for mail messages—but signing and encrypting is just not all that commonly used:

Here is how to: Use S/MIME to send and receive encrypted messages in the Mail app in iOS - Apple Support

Here are a very few examples of the common scams: Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support

Joseo wrote:

thank you for your reply. So, is there a way to “clean” it? How did they get access to my Contact Card and Photo and “username”? And what does that mean?

I will appreciate your thoughts. Thank you!

There is no cleaning that needs to be done, just delete it. Your email address was just spoofed and is easily done by scammers to make it look like you. You Contacts just recognized this address as yours. Nothing to worry about and is a common scam.

You could add the received to what is available in the filter rules and match on an And rule for that and the From.

That works for cases other than those spoofed from your same mail server.

if you don’t use the self-BCC feature, anything with your address in both from and to can trigger a filter rule, too.

When viewing the Raw Source, those hops are listed from the closest to you on top and the farther down you go in the list is closer to the originator. They are not the actual address of the computer used and is the router that passes the email along. The first one shows the Comcast router that passed the email to you and is the IP address is of the router, not your IP address.

As far as setting rules to block these emails, in my experience it is never very effective when blocking by a sender unless you are constantly getting emails showing this address. It may be useful to block by content with keywords that you would never expect in a legitimate email. For example the latest scam emails going around contains the word "pervert", which you would most likely not be getting from someone you know. Of course this rule would only block this one email scam and you may never get that one again.

In most cases it is just more efficient to delete and move on, instead of always trying to chase the ever-changing scam emails in an attempt to block them.

Mac Jim ID wrote:

For example the latest scam emails going around contains the word "pervert", which you would most likely not be getting from someone you know. Of course this rule would only block this one email scam and you may never get that one again.

I have a block of ~six separate rules for that one. (And SpamSieve for most of the rest.)

JIm,

If I look at the headers of the ‘spoof’ email/s, by going to “View/Raw Source”, and there copy the address/es labeled as “Received: from (snapshot follows for safety/security):

The emails have 4 of these with differing addresses, is using Rules a way to block them, and what would I block?: the dovdir’s, the dovback’s or the IP, or something else? What do you think?

Spammer spamming spam, and a functioning spam filter.

Delete the spam, and move on.

Email sending addresses are trivial to spoof, and the user’s own address can sometimes get past more spam filters.

Variations of these scam spams are common. Here’s an example from 2018 which includes hacked passwords*:

https://krebsonsecurity.com/2018/07/sextortion-scam-uses-recipients-hacked-passwords/

*this is also why password re-use is deadly, and why two-factor authentication (even by SMS) is helpful.

thank you for your reply. So, is there a way to “clean” it? How did they get access to my Contact Card and Photo and “username”? And what does that mean?

I will appreciate your thoughts. Thank you!

Thank you so much for your reply: appreciated!

Thank you so mcu, Jim: so appreciated!

Thank you!