Emails are transfered between servers or between your email client and servers by means of the SMTP protocol. This is the only standard protocol used for email transmission and therefore it must be used if one wants to send and receive email from other people. SMTP does not provide any functionality to verify if the person sending the email corresponds to the "from" address specified in the email. In other words, the "from" address which appears in your email client is something that can be specified by the user sending the email and it does not have to be the same as that user's email address since SMTP does not provide a mechanism for confirming the "from" address.

Sending SPAM is illegal and therefore servers which send SPAM often exploit this weakness in the SMTP protocol in order to disguise themselves. There is also a smaller probability that a spam filter will reject a message to a user on your domain if the "from" address is also on your domain, so this presents another advantage to spammers.

Receiving an email from an unauthorized sender that appears to be from your domain does not mean that anybody has access to your domain or email accounts.

100,00% of 1 voters found this FAQ useful,  I found this FAQ   useful   not useful