收到电子邮件说我中了rat_为什么我从自己的电子邮件地址收到垃圾邮件？

收到电子邮件说我中了rat

MicroOne/Shutterstock MicroOne /快门

Have you ever opened an email only to find it’s spam or blackmail that seemed to come from your own email address? You’re not alone. Faking email addresses is called spoofing and, unfortunately, there’s little you can do about it.

您是否曾经打开过一封电子邮件，只是发现垃圾邮件或勒索似乎来自您自己的电子邮件地址？ 你不是一个人。 伪造电子邮件地址称为欺骗，但是不幸的是，您对此无能为力。

垃圾邮件发送者如何欺骗您的电子邮件地址 (How Spammers Spoof Your Email Address)

Spoofing is the act of forging an email address, so it appears to be from someone other than the person who sent it. Often, spoofing is used to trick you into thinking an email came from someone you know, or a business you work with, like a bank or other financial service.

欺骗是伪造电子邮件地址的行为，因此它似乎来自发件人之外的其他人。 欺骗通常会欺骗您，使您认为电子邮件来自您认识的人或与您合作的企业，例如银行或其他金融服务。

Unfortunately, email spoofing is incredibly easy. Email systems often don’t have a security check in place to ensure the email address you type in the “From” field truly belongs to you. It’s a lot like an envelope you put in the mail. You can write anything you want in the return address spot if you don’t care that the post office won’t be able to return the letter to you. The post office also has no way of knowing whether you really live at the return address you wrote on the envelope.

不幸的是，电子邮件欺骗非常简单。 电子邮件系统通常没有进行安全检查，以确保您在“发件人”字段中键入的电子邮件地址确实属于您。 这很像您放入邮件中的信封。 如果您不希望邮局无法将信件退还给您，则可以在回信地址中写任何您想要的东西。 邮局也无法知道您是否真的住在信封上写的回信地址。

Email forging works similarly. Some online services, like Outlook.com, do pay attention to the From address when you send an email and might prevent you from sending one with a forged address. However, some tools let you fill in anything you want. It’s as easy as creating your own email (SMTP) server. All a scammer needs is your address, which they can likely buy from one of many data breaches.

电子邮件伪造的工作原理与此类似。 一些在线服务，例如Outlook.com，在发送电子邮件时确实会注意“发件人”地址，并且可能会阻止您发送带有伪造地址的电子邮件。 但是，有些工具可让您填写所需的任何内容。 就像创建自己的电子邮件(SMTP)服务器一样简单。 诈骗者需要的只是您的地址，他们很可能可以从许多数据泄露事件之一中购买该地址。

骗子为什么要欺骗您的地址？ (Why Do Scammers Spoof Your Address?)

Scammers send you emails that appear to come from your address for one of two reasons, generally. The first is in the hopes they will bypass your spam protection. If you send yourself an email, you’re likely trying to remember something important and wouldn’t want that message labeled as Spam. So, scammers hope that by using your address, your spam filters won’t notice, and their message will go through. Tools do exist to identify an email sent from a domain other than the one it claims to be from, but your email provider must implement them—and, unfortunately, many don’t.

骗子通常会通过以下两种原因之一向您发送似乎来自您地址的电子邮件。 首先是希望他们绕过您的垃圾邮件保护。 如果您向自己发送电子邮件，则可能会想起一些重要的事情，而不希望该邮件标记为垃圾邮件。 因此，诈骗者希望通过使用您的地址，不会发现您的垃圾邮件过滤器，并且他们的消息能够通过。 确实存在用于识别从某个域发送的电子邮件的工具，而不是它声称来自的域，但是您的电子邮件提供商必须实施它们，但不幸的是，许多电子邮件收件人没有。

The second reason scammers spoof your email address is to gain a sense of legitimacy. It’s not uncommon for a spoofed email to claim your account is compromised. That “you sent yourself this email” serves as proof of the “hacker’s” access. They might also include a password or phone number pulled from a breached database as further proof.

诈骗者欺骗您的电子邮件地址的第二个原因是要获得合法性。 欺骗性电子邮件声称您的帐户被盗的情况并不少见。 “您自己给这封电子邮件发送了自己”是对“黑客”访问权限的证明。 它们可能还包括从泄露的数据库中提取的密码或电话号码，以作为进一步的证明。

The scammer usually then claims to have compromising information about you or pictures taken from your webcam. He then threatens to release the data to your closest contacts unless you pay a ransom. It sounds believable at first; after all, they seem to have access to your email account. But that’s the point—the scam artist is faking evidence.

诈骗者通常会声称拥有与您有关的危害性信息或从您的网络摄像头拍摄的照片。 然后他威胁要把数据发布给您最亲密的联系人，除非您支付赎金。 起初听起来很可信； 毕竟，他们似乎可以访问您的电子邮件帐户。 但这就是重点-骗子在伪造证据。

电子邮件服务如何应对问题 (What Email Services Do to Combat the Problem)

This email appeared to come from our personal address, but a look at the headers reveals this is a simple email change trick.

该电子邮件似乎来自我们的个人地址，但通过查看标题可以发现这是一个简单的电子邮件更改技巧。

The fact that anyone can fake a return email address so easily is not a new problem. And email providers don’t want to annoy you with spam, so tools were developed to combat the issue.

任何人都可以如此轻松地伪造退回电子邮件地址这一事实，并不是一个新问题。 电子邮件提供商不想让您的垃圾邮件烦恼，因此开发了一些工具来解决该问题。

The first was the Sender Policy Framework (SPF), and it works with some basic principles. Every email domain comes with a set of Domain Name System (DNS) records, which are used to direct traffic to the correct hosting server or computer. An SPF record works with the DNS record. When you send an email, the receiving service compares your provided domain address (@gmail.com) with your origin IP and the SPF record to make sure they match. If you send an email from a Gmail address, that email should also show that it originated from a Gmail-controlled device.

第一个是发件人策略框架(SPF)，它使用一些基本原则。 每个电子邮件域都带有一组域名系统(DNS)记录，用于将流量定向到正确的托管服务器或计算机。 SPF记录与DNS记录一起使用。 当您发送电子邮件时，接收服务会将您提供的域名(@ gmail.com)与您的原始IP和SPF记录进行比较，以确保它们匹配。 如果您从Gmail地址发送电子邮件，则该电子邮件还应显示该电子邮件源于Gmail控制的设备。

Unfortunately, SPF alone doesn’t solve the problem. Someone needs to maintain SPF records properly at each domain, which doesn’t always happen. It’s also easy for scammers to work around this problem. When you receive an email, you might only see a name instead of an email address. Spammers fill in one email address for the actual name and another for the sending address that matches an SPF record. So, you won’t see it as spam and neither will SPF.

不幸的是，仅SPF不能解决问题。 有人需要在每个域正确维护SPF记录，这种情况并非总是如此。 诈骗者也很容易解决此问题。 收到电子邮件时，您可能只会看到一个名字而不是电子邮件地址。 垃圾邮件发送者会在一个电子邮件地址中填写真实姓名，在另一个电子邮件地址中填写与SPF记录匹配的发送地址。 因此，您不会将其视为垃圾邮件，也不会将其视为SPF。

Companies must also decide what to do with SPF results. Most often, they settle for letting emails through rather than risking the system not delivering a critical message. SPF doesn’t have a set of rules regarding what to do with the information; it just provides the results of a check.

公司还必须决定如何处理SPF结果。 大多数情况下，他们愿意让电子邮件通过，而不是冒着系统未传递关键消息的风险。 SPF没有关于如何处理信息的一套规则。 它只是提供检查结果。

To address these issues, Microsoft, Google, and others introduced the Domain-based Message Authentication, Reporting, and Conformance (DMARC) validation system. It works with SPF to create rules for what to do with emails flagged as potential spam. DMARC first checks the SPF scan. If that fails, it stops the message from going through, unless it’s configured otherwise by an administrator. Even if an SPF passes, DMARC checks that the email address shown in the “From:” field matches the domain the email came from (this is called alignment).

为了解决这些问题，Microsoft，Google和其他公司引入了基于域的消息身份验证，报告和一致性(DMARC)验证系统。 它与SPF一起使用，以创建处理标记为潜在垃圾邮件的电子邮件的规则。 DMARC首先检查SPF扫描。 如果失败，除非管理员另行配置，否则它将阻止消息通过。 即使通过了SPF，DMARC也会检查“发件人：”字段中显示的电子邮件地址是否与电子邮件所来自的域相匹配(这称为对齐)。

Unfortunately, even with backing from Microsoft, Facebook, and Google, DMARC still isn’t widely used. If you have an Outlook.com or Gmail.com address, you’re likely benefitting from DMARC. However, by late 2017, only 39 of the Fortune 500 companies had implemented the validation service.

不幸的是，即使有Microsoft，Facebook和Google的支持，DMARC仍未得到广泛使用。 如果您拥有Outlook.com或Gmail.com地址，则可能会受益于DMARC。 但是，到2017年末，《财富》 500强公司中只有39家实施了验证服务。

您可以对垃圾邮件进行自我处理 (What You Can Do About Self-Addressed Spam)

The email at the top appeared to come from our personal email address; thankfully, it went straight to Junk.

顶部的电子邮件似乎来自我们的个人电子邮件地址； 值得庆幸的是，它直接进入了垃圾邮件。

Unfortunately, there’s no way to prevent spammers from spoofing your address. Hopefully, the email system you use implements both SPF and DMARC, and you won’t see these targeted emails. They should go straight to spam. If your email account gives you control of its spam options, you can make them more strict. Just be aware you might lose some legitimate messages, too, so be sure to check your spam box often.

不幸的是，无法阻止垃圾邮件发送者欺骗您的地址。 希望您使用的电子邮件系统同时实现SPF和DMARC，并且您不会看到这些目标电子邮件。 他们应该直接垃圾邮件。 如果您的电子邮件帐户允许您控制其垃圾邮件选项，则可以使其更加严格。 请注意，您也可能会丢失一些合法邮件，因此请务必经常检查垃圾邮件框。

If you do get a spoofed message from yourself, ignore it. Don’t click any attachments or links and don’t pay any demanded ransoms. Just mark it as spam or phishing, or delete it. If you’re afraid your accounts have been compromised, lock them down for safety. If you reuse passwords, reset them on every service that shares the current one, and give each a new, unique password. If you don’t trust your memory with so many passwords, we recommend using a password manager.

如果您确实收到欺骗邮件，请忽略它。 不要单击任何附件或链接，也不要支付任何要求的赎金。 只需将其标记为垃圾邮件或网络钓鱼，或将其删除即可。 如果您担心自己的帐户遭到入侵，请出于安全考虑将其锁定。 如果您重复使用密码，请在共享当前密码的每项服务上将其重置，并为每一项提供一个新的唯一密码。 如果您不信任这么多密码，建议您使用密码管理器。

If you’re worried about receiving spoofed emails from your contacts, it might also be worth your time to learn how to read email headers.

如果您担心收到来自联系人的欺骗性电子邮件，可能也值得您花时间学习如何阅读电子邮件标题。

翻译自: https://www.howtogeek.com/427152/why-can-you-get-spam-from-your-own-email-address/

收到电子邮件说我中了rat