If you start receiving bounce back messages from email that you never sent, it’s very likely that your email address has been spoofed. It’s common for spammers to forge the ‘From’ sender on the phishing emails they send, as it makes it harder for them to be identified. When the email is rejected by the recipient’s mail server, a bounce back message goes to whoever is named in the outgoing mail rather than to the spammer themselves.
There’s little you can do to avoid becoming a target of spoofing – short of obtaining a new email address. Simply delete the bounce back messages. Rather than do this individually, you can create a filter or rule so that these messages are deleted automatically. As other web mail servers quickly start to designate the message as spam, you’ll probably find that after just a little time, the bounce back message will stop arriving completely.
While you can try to identify the person who has spoofed your webmail address by looking at the email’s header information, it’s a lengthy and difficult process and may still not reveal the actual spammer.
Being spoofed doesn’t mean that your email account has been compromised but check your email security settings are in place and change your password. A good password is a least six characters long and consists of a mix of letters and numbers.