My email address has been hijacked! People are sending emails from my account that I didn’t send!

Often a friend or colleague will email us a message that seems to have been sent from us, but that we didn’t send. Other times, we get a bounce, that seems to indicate that we sent a message to a non-working email address, however, we didn’t send the original message.

Usually, there is no need for concern

This common occurrence happens because the email system in place on the Internet does not verify the from address. So, we can send email messages from any address we choose simply by telling our email program to use a different address in our from field (anyone with Thunderbird/Icedove can add an arbitrary from address by clicking on the “Manage identities” button in your account settings). Try it – it’s fun! You can send a message to your friends from or

Other people on the Internet do not necessarily do this trick for fun. More often, it is done by spammers and virus writers to convince you to open the message. If a message comes from a familiar looking from address, you might be more likely to open it. Virus writes have used the trick to great effect. If you’re friend’s computer is compromised, the virus might check the address book and try to re-send itself to everyone in the address book in an email from your friend.

The bottom line is: there’s nothing we can do to stop someone from sending a message from your email address.

On occasion, we notice that an email account has been hijacked and is being used to send out massive amounts of spam that impact our server and blacklist Critical Path email on an international level. This means other Critical Path email accounts may not be able to send mail to gmail or yahoo, for example. If an email account is hijacked, then Critical Path will change the password on the email account and do our best to alert you. If you ever are not able to login to your email, please contact us ASAP, at or 215-985-4448 x145 option 2.