My contacts are telling me they received spam emails from my email address. I didn't send them. Has my account been hacked?
There are two possibilities: either your account was actually hacked and someone is using it to send spam, or your email address is being spoofed (faked) without access to your account. To determine which: check your Sent folder. If you see emails you did not send, your account is compromised — change your password immediately and enable two-factor authentication. Also check your email's login activity (in Gmail: click your profile picture, Manage Your Google Account, Security, Recent Security Activity. In Outlook: account.microsoft.com, Security, Sign-in Activity). If you see logins from unfamiliar locations, your account was accessed. After changing your password, revoke access from all devices (in Gmail: Security, Your Devices, Sign Out of All Devices), review connected third-party apps and remove any you do not recognize, and check if any email forwarding rules were set up (Settings, Forwarding). If your Sent folder is clean and login activity looks normal, your address is being spoofed — someone is sending emails that appear to come from your address but are not actually from your account. You cannot prevent spoofing entirely, but you can reduce it by ensuring your domain has SPF, DKIM, and DMARC records set up if you use a custom domain.
Need personalized advice? Chat with an expert for $3.
Our verified experts will provide personalized advice for your specific situation.
Average response time: under 2 minutes · Money-back guarantee
Chat with an Expert — $3 →
