What is email spoofing?

Spoofing is when a spammer sends out emails using your email address in the From: field. The idea is to make it seem like the message is from you – in order to trick people into opening it.

These emails do not originate from AOL and do not have any contact with the AOL Mail system – their addresses are just edited to make them appear that way.

The message actually originates from the spammer's email account and is sent from the spammer's email server.

How can I tell if I'm being spoofed?

1. You see mailer-daemon error messages (returned emails) in your inbox that do NOT match any messages you sent out (as if someone sent a letter to another person and wrote your return address on the envelope instead of their own.)

2. You get messages from people who received email from you that you did NOT send.

What's the difference between hacked and spoofed?

Your Sent folder may offer the best clue to whether you have been hacked or spoofed.

  • If you DO find email in your Sent folder that you did NOT send: Your account has been compromised (hacked).
  • If you DO NOT find any strange email in your Sent Folder: Your account has most likely been spoofed.

What should I do?

While there isn't a way to stop whoever is spoofing your account right now, changing your password can help secure your account from being compromised in the future.

Change it at i.aol.com. Make the new password something you haven't used before and something you don't use for your other online accounts. For tips on creating a strong password, please visit our help article Account Management: Managing your AOL Password article.

In addition to creating a strong password, the best way to secure your account is to know how to spot phishing and email scams as soon as they hit your Inbox. Check out the AOL Mail Security site to see clues you should look for when you get a suspicious email, what you should do if your account gets compromised, and how to keep your account secure.

What is AOL Mail doing to prevent spoofing?

We updated our DMARC policy to tell DMARC-compliant email providers like Gmail, Yahoo! Mail, Outlook.com and others (including AOL Mail itself) to reject mail from AOL addresses that is sent from non-AOL servers.

Sending mail on behalf of AOL Mail users from non-AOL servers had been a common and legitimate practice for services like mailing lists and bulk senders. But it also provided the means for spammers to spoof addresses as described above. By switching AOL Mail's policy to "reject," we significantly thwart spammers' ability to spoof AOL addresses. You can read more about AOL Mail's move here.