Spoofing happens when someone sends emails making it look like it they were sent from your account. In reality, the emails are sent through a spoofer's non-AOL server. They show your address in the "From" field to trick people into opening them and potentially infecting their accounts and computers.

Differences between hacked and spoofed

A compromised (hacked) account means someone else accessed your account by obtaining your password. Spoofed email occurs when the "From" field of a message is altered to show your address, which doesn't necessarily mean someone else accessed your account. You can identify whether your account is hacked or spoofed with the help of your Sent folder.

• Your account has most likely been spoofed if you DO NOT find any strange email in your Sent Folder.
• Your account has been compromised when you find email in your Sent folder that you did NOT send.

Signs of a spoofed account

If you experience any of the signs below, it's likely your account is being spoofed. Please be aware that unrecognized emails in your sent folder is not a sign of a spoofed account and is an indicator that your account was hacked.

• Your contacts are receiving emails that you didn't send.
• You receive spam emails from your own email address.
• You're getting MAILER-DAEMON messages that don't match any messages you sent.

If you received a spoofed email, be sure to report the email as spam.

Keep your account secure

While there isn't an industry-wide way to stop people from spoofing, you can take some steps to make sure your account remains secure.

Ensure you have antivirus software installed and updated.
Visit our Safety and Security page to learn more about protecting your account and yourself online.
Change your password regularly and make sure your password is strong and not the same one you use on other sites.

If you think your account might have been compromised, review our help article for ways to secure your account.

What is AOL doing to prevent spoofing?

AOL takes your security very seriously, and as such, we stay ahead of this problem by updating our DMARC policy to tell other compliant providers like Yahoo, Gmail, and Outlook to reject mail from AOL address sent from non-AOL servers.

While some legitimate emails come through this way via mailing lists and bulk senders, it also provides the means for spammers to take advantage. By switching AOL Mail's policy to reject these, we significantly impact spammers' attempts to scam our customers.