The short answer is yes. Anyone can forge the sender (From) field of an email and have it claim to be coming from pretty much any address they want.
At first glance you might think “That’s horrible, why do we allow that to happen?” The truth is that it’s rather common, and you might even do this yourself, though for entirely innocent reasons.
Here’s an example. Lets say you’re an OnlyMyEmail personal account subscriber, you are set up to use our SMTP server to send your outgoing mail, but you don’t want to send mail from email@example.com; You want to send it from another address, say firstname.lastname@example.org. So you set up an identity within your email client software for email@example.com.
That’s a perfectly acceptable solution, but now you are sending mail using a server from one domain (OnlyMyEmail.com) but using an address that belongs to another domain (example.com).
It is a common situation, and one reason why ISP’s and Email providers cannot “lock down” their servers to only send mail from valid addresses at their domain; the backlash from users would be too great. And lets face it, there’s nothing wrong with the above usage.
There are exceptions of course. For instance: within our Webmail interface we don’t allow user to claim a sending address other than their actual OnlyMyEmail.com address, but such restrictions are not very common.
The problem however, is that spammers use sender forging (spoofing) as a tactic to defeat spam filters that are set to allow emails from people in your address book or those you’ve added to your “White List.”
There’s nothing you can do to prevent this. All you can do is be careful about globally “allowing” sender addresses in whatever spam filter you use. Remember, that each time you add an address as an exception within your filter, you poke another hole that might let spam slip through.
This also explains, in case you’ve ever wondered, why so many spammers spoof your own email address when they send messages to you. They do this because they figure that if there’s one address in your own address book or that you’ve specifically “allowed” it’s likely to be your own!
OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.
Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."
OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.