Mail-inbox shows a mail sent from its own mail-address without having sent it


I just signed up for a seminar on a website I usually can trust. I filled out some information for this, also containing my iCloud-mailadress. I did that on a MBP running OS 10.11 in Safari.

After sending the web-form, I soon got a confirmation-mail, looking all normal, repeating the information I typed in and giving me some additional information. The problem about this is, that the mail came from my mail-address, which I previously stated on the website.

But I can't see how this worked, my MB didn't send a mail, I would've heard that, the mail isn't in the sent-folder of my mail-app and no-one logged into my account from the web, iCloud would then sent a mail to another mail-address, which has another password.

It definitely is my mail-address and not the mail of a mail-distributor stating my mail, because my mail-app recognizes the address as the contact-information "Me" with acc-image and phone-information.

I use the built-in mail-app of OS X.

  • = my mail
  • = mail-ending of the organisator

I also changed ip-addresses to "ip-address"


Original-Recipient: rfc822;

Return-Path: <>
X-Rzg-Script: :P28WfFC8JrA0JY4UkyfhUWv+YuCloWhyOLk77zZraDNPI4MwvW14TNOVD9u9KlfscrQnwjdCiCZfq/sYHJCd1kbC3n3GZk2VHVNf3455pP+v6BpXUM7Kiuv/IqFV3pWP11oL
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2015-10-19_13:,, signatures=0
Mime-Version: 1.0
X-Icloud-Spam-Score: 30002230;;is=yes;ir=no;pp=ham;spf=?;dkim=?;dmarc=?;wl=absent;pwl=absent;clxs=ham;clxl=absent
Authentication-Results:; spf=none ( does not designate permitted sender hosts);
Authentication-Results:; dkim=none reason="no signature"; dkim-adsp=none
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=3 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1510090000 definitions=main-1510190252
X-Priority: 3
X-Clx-Spam: false
X-Mailer: PHPMailer 5.2.7 (
Content-Transfer-Encoding: 8BIT
Message-Id: <>
X-Clx-Score: 169
X-Clx-Shades: None
Content-Type: text/html; charset=UTF-8
X-Dmarc-Info: pass=?; dmarc-policy=(noPolicy); s=; d=
Received-Spf: none ( does not designate permitted sender hosts); client-ip=ip-address;;;
X-Rzg-Class-Id: cg00
Received: from ([ip-address]) by (Oracle Communications Messaging Server 64bit (built Sep  8 2015)) with ESMTP id <> for; Mon, 19 Oct 2015 14:44:28 +0000 (GMT)
Received: from ( [ip-address]) by (Oracle Communications Messaging Server 64bit (built Mar 31 2015)) with ESMTPS id <> for (ORCPT; Mon, 19 Oct 2015 14:44:28 +0000 (GMT)
Received: from ([ip-address])    by (RZmta 37.14 OK) with ESMTP id 10510fr9JEiLI3G   for (<)>; Mon, 19 Oct 2015 16:44:21 +0200 (CEST)
Received: (from Unknown UID 59868@localhost) by (8.13.7/8.13.7) id t9JEiLQN028822;    Mon, 19 Oct 2015 14:44:21 GMT
Anmeldung zum Wochenendseminar *** vom 05.-06.12.2015

Best Answer

I received an email that appeared to be from my own mail-address

The "From:" email address is not reliable and is easily spoofed.

In the case of your email there is no reliable header that shows the actual (real) from address, but the return path is

The Message-Id <> shows that the email was sent by via

How can I analyze the email headers?

First of all you need to get the full email headers. See How do I display and send the full headers of an email message? for instruction for some common email clients.

Why do we need the full email headers?

  • In email messages, headers contain the addresses of all the computer systems that have relayed a message in between you and the message's sender. Each computer that forwards the message along its route adds a line of information to the headers.

  • Usually you do not see these full headers, as they can be fairly long and thus are not displayed along with the common "From:", "To:", "Subject:", and "Date:" headers.

  • The information provided in the full headers allows you to determine where a message actually came from, and how it got to your computer.

  • This is sometimes necessary because the address you see on the "From:" line can be spoofed, or faked.

Source In email, what are full headers?

There are many tools to analyze email headers, some of which can show if any of the ip addresses in the chain are on spam blacklists.

These tools can also tell if any of the "Received:" headers in the chain are forged.

MxToolbox Email Header Analyzer

Feeding your email headers into this tool produces the following output:

enter image description here

enter image description here

Further reading