A reader Martin wrote in after receiving spam that seemed to be from him, to him. He wanted to know how this could happen. It's a common question, so I thought I'd share the answer.
The sad fact is that your email address is valuable to spammers and virus writers, because it's trivially easy for them to fake, or 'spoof,' an email that looks like it comes from you. And people are more likely to open an email that looks as if it comes from someone in the same company, for instance.
The slimeball spammers have a number of ways they can harvest email addresses for these spoofed emails. For one, you probably already know that some malware will try to spread itself by reading Windows users contact list and mailing itself out to your unsuspecting friends.
That's the worst case scenario, and one PC users can protect against by using good antivirus, keeping your programs and OS up-to-date, and being careful about the sites you surf and the email you open.
But there plenty of other methods. Spammers will scour forums, blogs and other sites for places where people post their email address. They'll also try to break into valid sites and online services to steal their lists of user's emails, along with other potentially valuable user information.
Disposable email addresses can help protect against some of these spammer tricks. I wrote about some free and paid disposable email services in a Privacy Watch column.
These scumbag scammer practices are why you should always be extremely suspicious of any unsolicited email, even if it seems to come from someone you know. I can't tell you how many emails we get here at PC World that seem to come from a co-worker, but instead carry a virus payload as an attachment.