If you receive bounce messages for mail that appears to originate from your account, you find messages in Spam from 'me,' or you receive a reply to a message you never sent, you may be the victim of a 'spoofing' attack. Spoofing means faking the return address on outgoing mail to hide the true origin of the message.
When you send a letter through the post, you generally write a return address on the envelope so the recipient can identify the sender, and so the post office can return the mail to the sender in the event of a problem. But nothing prevents you from writing a different return address than your own; in fact, someone else could send a letter and put your return address on the envelope. Email works the same way. When a server sends an email message, it specifies the sender, but this sender field can be forged. If there is a problem with delivery and someone forged your address on the message, then the message will be returned to you, even if you weren't the actual sender.
If you've received a reply to a message that wasn't sent from your address, there are two possibilities:
- The message was spoofed, forging your address as the sender.
- The original sender used your address as a reply-to address so that responses would be sent to you.
Neither of these possibilities indicates that your account was compromised, but if you're concerned that your account may have been compromised, you can check recent access to your account.