wraith, I knew it was spoofing and that I can't prevent that but I'd been able to get people to blacklist my old address, at least those people wouldn't be seeing that particular spam anymore. Unless the spammer followed me to the new email address, which didn't seem to happen.
From what you wrote, rather than spoofing, it rather sounds as though someone has hacked your email account
(i.e., figured out what your password is) and is logging into it and then sending actual email from it, to people in your email contacts list. That is, they are not sending out email from another
account and merely spoofing your email address - the email probably really is (or could be) coming from your
The simplest thing to do, once you realise that this could be happening (and the sign is that spam is going out to your email contacts, addressed from your email account), is to logon to your email account and change the password to something more complex, then logoff, and then test it by logging back in with the new/changed password.
If your email account is in Gmail, then this could be a useful tip:
Following the recent hacking and publishing of Gawker Media customers' (commenters') email IDs and passwords (yes, passwords - how dumb can that be?), I had been checking my Gmail account security - and I had a surprise when I did it (for details, read on).
SUGGEST YOU DO THIS WEEKLY: (if you do not already do it.)
Start up Gmail in your browser.
Near the bottom of the main Gmail page, it says something like:
Last account activity: 57 minutes ago on this computer. Details
When you click on "Details", you get taken to a page "Activity on this account". A table gives details of the 10 latest accesses, the 1st being your current session..
If you have any open sessions (e.g., if you left sessions open from another PC connected to the account, or if someone has open sessions from unauthorised access to your account), there will be a button that says to close them. Click on that button. The button will go away and you will get something like:
"This account does not seem to be open in any other location."
Now only you are looking at the account.
EDIT 2010-12-29 1112hrs: You have momentarily shut out any other users accessing your account. The objective is to move quickly and prevent any other account users doing anything before signing in again, by which time they will not be able to sign in, because by then you should have changed the account password and security question.Scan the table for any Browser or POP3 accesses from IP addresses that were not yours from some other location or device.
Take a screen shot of it before doing anything further, because anything you do may scroll the oldest accesses off the table.
You can check the IP addresses here: http://projecthoneypot.org/search_ip.php
It will tell you which country it is in, and whether anything suspect has been reported for that IP address recently (i.e., it is still a "bad" IP address"). If they have the IP address, but no recent reports, then it means that they have had reports in the past, but it's probably OK now.
In any event, if there are any IP addresses that were not yours (either for browser or POP3 access), then:
* change your password immediately (make it a "strong" one);
* change the security question;
* SAVE all changes;
* whilst you are at it, get a second email address in the event you need to restore access to your account, having been locked out from it.
* whilst you are at it, set up the SMS alert.
I did all this, because, to my great surprise I had POP3 (reading current inbox messages) accesses from some US-based IP addresses. I have no idea what they were up to, but they can't do any more POP3 accesses now.
EDIT 2010-12-29 1112hrs: Because my IP address is in New Zealand, a U.S. access was categorically something unwanted or potentially malign.
Hope this is useful/helpful to someone.