Spam: Email not from Princeton but is forged to appear so

The email message you received claims to originate at Princeton but in fact did not, nor was it handled by Princeton University's mail servers. The person who generated and sent the email forged header information to make it appear that Princeton was involved.

It is highly unlikely that someone actually used a username and password to authenticate with a Princeton email server in order to send mass mailings. It is a simple matter to specify any email address as the "sender," and a quick inspection of the full headers would likely reveal that the message was sent neither by you nor from your account. Unfortunately, this is an increasingly common activity. Spammers are using the addresses that they "harvest" not only to target message recipients, but also to forge header information. This appears to be an effort to confuse recipients and avoid filtering routines.

For example, an automated routine could be used so that unsolicited email sent to addresses would appear to come from other people in the domain. The messages could in fact originate from anywhere.

Your own email service provider may be able to help you research the "IP addresses" (the addresses consisting of numbers separated by periods) shown in the mail headers to identify the actual domain within which the mail was created and through which it was sent. That will allow you to complain to the appropriate authorities.

Email address harvesting is common on the Internet, and is, unfortunately, happening more frequently than ever before. The annoyance of spam email is one we all share. The easiest course of action is to use your delete button. For more information on the University's stance on spam, and how you can best protect yourself, please the following articles: